Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

want to remove a Keylogger


  • This topic is locked This topic is locked
11 replies to this topic

#1 briffdogg

briffdogg

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 24 March 2012 - 05:09 PM

hello id like to delete a keylogger called allinonekeylogger please, any help is much appreciated, thanks. Here is my DDS log. And also delete any non usable things that are running on my system like i guess logmein i dont use at all, etc? And my computer seems to be very slow, please help.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:34 PM

Posted 24 March 2012 - 05:49 PM

Hello,

The aforementioned DDS log is missing.

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:34 PM

Posted 24 March 2012 - 06:16 PM

Good evening. :)

Will you also post what makes you think that you have the keylogger in question on your system.

So long, and thanks for all the fish.

 

 


#4 briffdogg

briffdogg
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 25 March 2012 - 05:47 PM

hi the keylogger was called allinonekeylogger, and here was another one i forgot the name sorry.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.1.0
Run by Derick Briffa at 18:42:03 on 2012-03-25
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.220 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\XYNTService.exe
C:\WINDOWS\System32\VService.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vbuzzer.com/home/
uSearch Page = hxxp://search.live.com
mStart Page = hxxp://ca.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesca.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\derick briffa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?2b05682e091e4caaa143a29d65871429
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?2b05682e091e4caaa143a29d65871429
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesca.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: magicJack.com\my
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: talk4free.com\reg
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176788386328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176788377046
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6DCD1B22-963E-4ABA-8F8F-DD19EBC5D13E} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\derick briffa\application data\mozilla\firefox\profiles\eg1ldapj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?type=dns&tbn=vbuzzer1_0dn&q=
FF - plugin: c:\documents and settings\derick briffa\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\derick briffa\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\derick briffa\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\derick briffa\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-29 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-29 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-29 707152]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-10 237984]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-31 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-14 652360]
R2 VAgnt Helper Service;VAgnt Helper Service;c:\windows\system32\XYNTService.exe [2010-4-8 49152]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2006-4-4 33792]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-10 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-14 20464]
S1 xhiydlek;xhiydlek;\??\c:\windows\system32\drivers\xhiydlek.sys --> c:\windows\system32\drivers\xhiydlek.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2006-8-10 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2006-8-16 27961]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2006-8-16 20953]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [2009-5-28 231040]
S3 UniCamDr.Samsung;Samsung Miniket USB-D07 Capture Device; [x]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys [2006-12-20 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys [2006-12-20 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys [2006-12-20 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys [2006-12-20 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys [2006-12-20 85952]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-25 06:06:19 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{bc5695d5-2c3a-4913-a966-1ff946035716}\offreg.dll
2012-03-24 22:48:02 709968 ----a-w- c:\windows\isRS-000.tmp
2012-03-24 22:09:31 -------- d-----w- C:\ComboFix
2012-03-24 05:33:45 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{bc5695d5-2c3a-4913-a966-1ff946035716}\mpengine.dll
2012-03-19 18:37:46 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 18:37:46 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-03-24 22:09:31 332 ----a-w- C:\Start_.cmd
2012-03-10 17:16:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-01-13 18:45:08 81920 ----a-w- c:\program files\common files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 09:54:32 626688 ----a-w- c:\program files\common files\MSVCR80.dll
.
============= FINISH: 18:44:35.31 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/22/2005 1:49:26 PM
System Uptime: 3/24/2012 6:49:19 PM (24 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon™ XP 2800+ | Socket A | 2083/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 3.605 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 0.345 GiB free.
F: is CDROM ()
G: is Removable
H: is FIXED (FAT32) - 5 GiB total, 4.779 GiB free.
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1499: 3/10/2012 12:57:07 PM - System Checkpoint
RP1500: 3/10/2012 5:15:57 PM - System Checkpoint
RP1501: 3/16/2012 7:16:22 PM - System Checkpoint
RP1502: 3/18/2012 5:50:44 AM - System Checkpoint
RP1503: 3/19/2012 4:05:55 PM - System Checkpoint
RP1504: 3/20/2012 4:23:29 PM - System Checkpoint
RP1505: 3/21/2012 1:32:51 AM - Software Distribution Service 3.0
RP1506: 3/22/2012 2:20:44 AM - System Checkpoint
RP1507: 3/23/2012 1:32:53 AM - Software Distribution Service 3.0
RP1508: 3/24/2012 1:33:27 AM - Software Distribution Service 3.0
RP1509: 3/25/2012 3:04:51 AM - System Checkpoint
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Agere Systems PCI Soft Modem
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Audio Editor Gold v8.4.8
AutoUpdate
Avanquest update
BitPim 1.0.3
Bonjour
BUM
Business Card Designer Plus 9.5.0.1
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.9
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon PIXMA iP1500
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CCScore
CL-Eye Driver
COMODO Internet Security
Digital Photo Navigator 1.5
Digital Photo Resizer
DivX ;-) Audio Compressor 4.02
DivX Codec
DivX Converter
DivX Player
DivX Plus Web Player
EASEUS Data Recovery Wizard Professional 4.3.6
Easy-WebPrint
Easy DVD Shrink
Elecard MPEG2 Player 2.0
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EVGA Display Driver
Facebook Plug-In
Flash Slideshow Maker Pro 4.00
Form Fill (Windows Live Toolbar)
Fourelle Venturi Personal Client 2.1.1
Full Tilt Poker
Fun Morph 3.0
GameSpy Arcade
Google Chrome
Google Earth
Google Earth Pro
Google Earth Pro version 3.0.XXXX (beta) Patch Files
Google Talk Plugin
Google Update Helper
Google Updater
Hewlett-Packard Multimedia Keyboard/Mouse Solution
HijackThis 2.0.2
honestech Video Editor
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB979306)
Hotspot Shield 2.06
HP DVD Writer
ImageMixer
Inkjet Printer/Scanner Extended Survey Program
Internet Check-Up
iTunes
Java Auto Updater
Java™ 7 Update 1
Junk Mail filter update
kgcbase
KODAK EASYSHARE Gallery Easy Upload, v2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
LG PC Suite
LG USB Modem driver
LimeWire 4.18.8
LogMeIn
LS_HSI
Macromedia Shockwave Player
magicJack
Malwarebytes Anti-Malware version 1.60.1.1000
Manual CanoScan LiDE 25
Map Button (Windows Live Toolbar)
Matroska Pack (remove only)
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
Microsoft Works 7.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MicroStaff WINASPI
Monopoly by Parker Brothers
Motorola Driver Installation 3.2.0
Motorola Phone Tools
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MovieEdit Task
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Native Instruments Traktor DJ Studio 3 Demo
Nero 8 Demo
neroxml
netbrdg
OfotoNow
OfotoXMI
OmniPage SE 2.0
On2 VP7 Codec
OneCare Advisor (Windows Live Toolbar)
ParetoLogic Data Recovery
PC Camera (602a VGA)
PC Connectivity Solution
Personal License Update Wizard for Windows Media Player
Pocket Voice Recorder 3.4
Popup Blocker (Windows Live Toolbar)
PowerCinema NE for Everio
PowerDirector Express
PowerISO
PowerProducer
PowerZip 7.05
QuickTime
RAW Image Task
Real Alternative 1.37
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Registry Mechanic 7.0
RemoteCapture Task 1.1
S3GSetup
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Driver
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
ScanSoft OmniPage SE 4.0
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 4.2
Smart Menus (Windows Live Toolbar)
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson PC Suite
staticcr
Steinberg Cubase SX v3.1.1.944
SUPERAntiSpyware
Switch
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Tabbed Browsing (Windows Live Toolbar)
Talking Time Keeper
TBS WMP Plug-in
tooltips
TuneUp Companion 1.5.9
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
URGE
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Veetle TV 0.9.18
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.2
VirtualCom driver
VPRINTOL
Vuze
Warcraft III: All Products
WebCam for MSN Messenger
WebFldrs XP
Windows Defender
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Easy Transfer
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series TweakMP PowerToy
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinSCP 4.0.4
WinZip
WIRELESS
WIZ1x0_105SR Configtool
XviD MPEG-4 Video Codec
Yahoo! extras
Yahoo! Install Manager
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/19/2012 2:19:51 PM, error: RemoteAccess [20106] - Unable to add the interface {6A4203B2-A829-48DB-AC1B-CE3BAD4C23EC} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
3/19/2012 2:19:33 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/19/2012 2:19:33 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/19/2012 2:19:32 PM, error: Service Control Manager [7001] - The Net Logon service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/19/2012 2:13:32 PM, error: Service Control Manager [7034] - The Venturi2 Client service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#5 briffdogg

briffdogg
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 25 March 2012 - 06:39 PM

hi when i ran the gmer exe, my windows crashed and gave this page, then when i restarted it was frozen, so i kept restarting 3 times until it would let me press anything again?

Attached File  562465_10150620205830458_589020457_9529779_1362417468_n.jpg   137.13KB   3 downloads

i tried a second time and got another crash with this screen, when i try gmer

Attached File  551434_10150620359610458_589020457_9530351_1712630053_n.jpg   167.35KB   2 downloads

Edited by briffdogg, 26 March 2012 - 01:23 AM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:34 PM

Posted 26 March 2012 - 02:29 PM

Good evening. :)

hi the keylogger was called allinonekeylogger, and here was another one i forgot the name sorry.

What makes you think that you have two keyloggers and that one if them is called allinonekeylogger? If you have some pertinent information then i'd like to have it before I start looking for things that may not be there.

So long, and thanks for all the fish.

 

 


#7 briffdogg

briffdogg
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 26 March 2012 - 07:55 PM

hi well i used allinonekeylogger then when it exprired i downloaded another one, id like to remove all its components fully from the system, thanks, what do you suggest about my gmer problem?

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:34 PM

Posted 27 March 2012 - 02:42 PM

Good evening. :)

As far as GMER is concerned, I would hazard a guess that the driver is incompatible with your system for some reason - not all PCs play nicely with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The issue of commercial keyloggers is an interesting one, at least from my point of view. Some people consider that they are legitimately used by parents, teachers and employers to monitor what children and employees do on the machines in question and as long as all are informed that they are present, then their use is acceptable, and it is a view that I subscribe to. The problem is that, for me to help you to remove such software, I need to be certain that you are neither a child nor an employee and unfortunately, such is the nature of the internet, I am unable to do so.

If, as you claim, you installed two keyloggers you should be able to name them, which you cannot, and also be able to uninstall them, which again you cannot. This leads me believe that I should not offer help in removing this software as you may not be doing so legitimately, as far as the system owners are concerned.

I accept that you may own the PC in question and so as far as allinonekeylogger is concerned, which I have installed to play with, you open Notepad and type your password and then click the Uninstall link in the window that appears. I don't know if this option is disabled when the trial period runs out, but I would have thought that unlikely, although I can't obviously rule it out.

If you let me have the name of the other I will look into how it is uninstalled, but obviously I can only post information that will allow you to remove it if you are the one that installed it in the first place. If you don't know/can't remember the password(s) then you are unfortunately stuck with them, i'm afraid.

So long, and thanks for all the fish.

 

 


#9 briffdogg

briffdogg
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 27 March 2012 - 09:39 PM

i am the admin and only sole owner of this computer, the other one was big brother keylogger, over time ive tried and downloaded numerous of them to play around, the trial periods have long ran out, gmer i have used many times in the past as i have used this site many times, and it worked fine, i was in process of taking these out in dec but left to asia for the past 3 months so the topic was closed as you see, i would just like to remove all components to all these programs and also clean my system so it runs faster without crashes please

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:34 PM

Posted 28 March 2012 - 02:33 PM

Good evening. :)

gmer i have used many times in the past

It is possible that Windows updates have changed the way that GMER interacts with your system, you may have used an older version of GMER previously or perhaps some software that you have recently installed is conflicting with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I am afraid that your assertion that you own the PC is insufficient for me to offer much help with this matter because I cannot say for certain that you "allowed" to remove this sort of software from the system.

So long, and thanks for all the fish.

 

 


#11 briffdogg

briffdogg
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 28 March 2012 - 10:05 PM

what is your problem i just named the other keylogger as if i wouldve in the beginning you would not be putting me through these headaches my god

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:34 PM

Posted 30 March 2012 - 02:28 PM

Good evening.

The issue is not the fact that you didn't name both keyloggers, although that didn't help matters. The problem is that you are asking me to help you remove commercial keyloggers that may have been installed by either employees or parents and I am unable to ascertain whether you are "allowed" to remove them.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users