Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

African people hacking my computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 babas87

babas87

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 17 May 2012 - 01:45 AM

Hello, I have those 3 roommate who happened to be from africa. I really suspect that those guys are spying on my computer. I am terrified with what they can do with my infos. I know it may sound racist but I am truly scared of them. I have no proof of that so that's why I am putting my logs here so that someone could look at it. I know that good hackers can spy even though they don't put anything on the host's computer. We are using the same wifi network, we are all students. Please check if my computer is clean before I leave this place. Thanks.


DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by HP at 3:12:13 on 2012-05-17
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.1910.981 [GMT -3:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [ISW]
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}\2454C4C414C49414E445632323 : DhcpNameServer = 192.168.2.1 142.166.145.137
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}\2454C4C414C49414E445731373 : DhcpNameServer = 192.168.2.1 142.166.145.137
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}\57D636D6D26796379647565727 : DhcpNameServer = 139.103.8.130 139.103.8.133
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-10 242240]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-2-25 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-9 176128]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-2-25 13336]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-25 95200]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-9 6380544]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-9 222208]
R3 clwvd;HP Webcam Splitter;c:\windows\system32\drivers\clwvd.sys [2010-7-14 29168]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-11-3 36744]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2010-7-19 9018368]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-5-5 173880]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-2-25 279656]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2012-05-17 03:13:49 -------- d-----w- c:\users\hp\appdata\local\{4EF7F466-0D78-4861-B753-45DC245B00D2}
2012-05-17 03:13:11 -------- d-----w- c:\users\hp\appdata\local\{8F084D16-869A-4F24-9FFB-B1C3E027C319}
2012-05-16 22:52:44 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb2e7173-0073-4808-a078-da47f1a7375a}\offreg.dll
2012-05-16 22:30:13 413696 ----a-r- c:\users\hp\appdata\roaming\microsoft\installer\{40cf56a5-52be-4c84-8b82-bf620981669f}\BlackBerry.exe
2012-05-16 22:09:42 -------- d-----w- c:\users\hp\appdata\roaming\Research In Motion
2012-05-16 15:12:41 -------- d-----w- c:\users\hp\appdata\local\{48355C69-990A-46C2-ADB0-FF9C5CBD22BF}
2012-05-16 15:12:31 -------- d-----w- c:\users\hp\appdata\local\{10E9D144-A5E9-4EEA-A412-AD2FC7D3DC04}
2012-05-16 11:43:56 -------- d-----w- c:\programdata\Research In Motion
2012-05-16 11:42:57 -------- d-----w- c:\program files\Research In Motion
2012-05-16 02:55:36 -------- d-----w- c:\users\hp\appdata\local\{794A1510-3AD1-42E0-8556-3FE2968598E5}
2012-05-16 02:55:34 -------- d-----w- c:\users\hp\appdata\local\{2F5FC8F1-6E49-4A86-AC79-DD53FD429975}
2012-05-16 01:06:57 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb2e7173-0073-4808-a078-da47f1a7375a}\mpengine.dll
2012-05-15 14:55:18 -------- d-----w- c:\users\hp\appdata\local\{861791CA-176C-4265-A2C8-26458C63F3C2}
2012-05-15 14:55:17 -------- d-----w- c:\users\hp\appdata\local\{6B9A07D2-A25E-4EE6-B0F6-0230BA60528D}
2012-05-15 06:16:33 -------- d-----w- c:\users\hp\Doctor Web
2012-05-15 03:45:30 -------- d-----w- c:\program files\Captain Morgane
2012-05-15 03:45:28 -------- d-----w- c:\programdata\JustAdventure
2012-05-15 02:54:48 -------- d-----w- c:\users\hp\appdata\local\{6AF71E1B-D2A6-4D7F-B57A-C8A3411455C5}
2012-05-15 02:54:25 -------- d-----w- c:\users\hp\appdata\local\{DA5B3AD2-B9E9-4012-BA5E-FC13F526B9B3}
2012-05-14 14:53:58 -------- d-----w- c:\users\hp\appdata\local\{5C7DDD5B-B16F-44EF-92CC-FF9A1EADAED1}
2012-05-14 14:53:36 -------- d-----w- c:\users\hp\appdata\local\{D4C2CDB2-7323-4B60-BEBF-26AB541E7C33}
2012-05-14 08:27:31 -------- d-----w- c:\program files\PC Tune-Up
2012-05-14 08:22:47 -------- d-----w- c:\users\hp\appdata\roaming\#ISW.FS#
2012-05-14 02:53:09 -------- d-----w- c:\users\hp\appdata\local\{FAF48984-A69F-4399-8D96-BB678DED18C2}
2012-05-14 02:52:48 -------- d-----w- c:\users\hp\appdata\local\{4A8CE7F6-DEFB-49AF-BA81-DCD33B2B0E85}
2012-05-13 23:58:44 -------- d-----w- c:\users\hp\appdata\roaming\MailFrontier
2012-05-13 23:53:04 -------- d-----w- c:\program files\CheckPoint
2012-05-13 14:52:23 -------- d-----w- c:\users\hp\appdata\local\{62B2EB4B-52FE-4D4A-8560-8BA6A9329B8C}
2012-05-13 14:52:02 -------- d-----w- c:\users\hp\appdata\local\{FEAFCF83-8A0D-419F-AA3F-0A951A1974A8}
2012-05-13 02:51:34 -------- d-----w- c:\users\hp\appdata\local\{AB155D3B-6988-467E-84E8-08F9AC9988FF}
2012-05-13 02:51:13 -------- d-----w- c:\users\hp\appdata\local\{FECE0843-28F0-4CB2-9BD4-638F385A469C}
2012-05-12 14:50:52 -------- d-----w- c:\users\hp\appdata\local\{706BB018-6969-4C5B-89B6-0DD9CF71AE78}
2012-05-12 14:50:51 -------- d-----w- c:\users\hp\appdata\local\{5CC036F1-B2AB-4F92-9B08-96173B298F8A}
2012-05-12 01:42:48 -------- d-----w- c:\users\hp\appdata\local\{DA25134A-2C0E-4DB8-B0DE-E8F5A2FB4051}
2012-05-11 13:42:33 -------- d-----w- c:\users\hp\appdata\local\{CB825ED9-D422-40D5-96FD-1E9B610CD61C}
2012-05-11 13:42:32 -------- d-----w- c:\users\hp\appdata\local\{6147CE60-7BF0-4EF5-8F86-35382A503750}
2012-05-11 05:30:27 -------- d-----r- c:\users\hp\Dropbox
2012-05-11 05:21:53 -------- d-----w- c:\users\hp\appdata\roaming\Dropbox
2012-05-11 04:47:18 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-10 21:04:00 -------- d-----w- c:\users\hp\appdata\local\{E998D7F6-DE73-4FB3-8F54-79A56814A431}
2012-05-10 21:03:59 -------- d-----w- c:\users\hp\appdata\local\{9D4167B1-D49A-4AE1-9042-6DE778820CFF}
2012-05-10 04:19:10 -------- d-----w- c:\users\hp\appdata\local\{B9F69841-F4B2-48E7-A1D6-DA7164912022}
2012-05-10 04:19:09 -------- d-----w- c:\users\hp\appdata\local\{41BDB813-DBE4-46DA-B1FB-A24A7156A565}
2012-05-10 03:06:32 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2012-05-10 03:04:23 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-10 03:04:18 -------- d-----w- c:\users\hp\appdata\roaming\DAEMON Tools Pro
2012-05-10 03:04:02 -------- d-----w- c:\program files\DAEMON Tools Pro
2012-05-10 03:02:53 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-05-10 01:04:01 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 01:03:59 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 01:03:54 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 01:03:53 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 01:03:53 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 01:03:48 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 01:03:47 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 15:56:26 -------- d-----w- c:\users\hp\appdata\local\{B9715567-8C98-437C-92F4-F87F84F4FD0A}
2012-05-09 15:56:25 -------- d-----w- c:\users\hp\appdata\local\{D760FB94-2E3E-499F-A3BD-313DF8255C60}
2012-05-09 03:56:10 -------- d-----w- c:\users\hp\appdata\local\{F44D44CC-DD53-4749-BD06-899CC57B3CBD}
2012-05-09 03:56:08 -------- d-----w- c:\users\hp\appdata\local\{600C712F-5326-43DD-9DE2-5E3F403FE738}
2012-05-08 08:21:18 -------- d-----w- c:\users\hp\appdata\local\{F8C5AE37-3663-4C3E-B087-9E78AF5EC599}
2012-05-08 08:21:12 -------- d-----w- c:\users\hp\appdata\local\{D4760F34-E426-40E9-B207-3C20C5360F5C}
2012-05-07 16:07:57 -------- d-----w- c:\users\hp\appdata\local\{72D98168-2CE4-4902-8E58-1D1BA4B282C5}
2012-05-07 16:07:56 -------- d-----w- c:\users\hp\appdata\local\{277B6A3A-43DE-49A6-97B1-5E01A16795FD}
2012-05-06 19:11:50 -------- d-----w- c:\users\hp\appdata\local\{8688B1A6-97E5-43AC-B39C-47B165E87167}
2012-05-06 19:11:48 -------- d-----w- c:\users\hp\appdata\local\{8CCBAD58-116D-4D18-A758-010BAA6FF0B4}
2012-05-06 07:11:30 -------- d-----w- c:\users\hp\appdata\local\{36159055-B407-43ED-9667-294CD9438C01}
2012-05-06 07:11:29 -------- d-----w- c:\users\hp\appdata\local\{4B3CC2C3-56E6-42D9-B6BC-5B0461B89396}
2012-05-05 14:59:31 -------- d-----w- c:\users\hp\appdata\local\{2C884DF4-E06C-4700-8161-EF0CF44A3BBA}
2012-05-05 14:59:19 -------- d-----w- c:\users\hp\appdata\local\{97C355F9-D6B7-4B82-9F4F-A1A6275FA4BE}
2012-05-05 04:17:56 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-05-05 04:17:54 -------- d-----w- c:\program files\KeyScrambler
2012-05-04 18:08:03 -------- d-----w- c:\users\hp\appdata\local\{C6537B97-F8CA-41FD-A0C7-8313641BEEEA}
2012-05-04 18:07:53 -------- d-----w- c:\users\hp\appdata\local\{A1088615-95D3-4276-A0D0-01373113BEDF}
2012-05-04 16:14:28 -------- d-----w- c:\users\hp\appdata\local\{EF13E4D2-6A6D-40F9-9BC5-AAB06F5CC55F}
2012-05-04 04:14:03 -------- d-----w- c:\users\hp\appdata\local\{8FC36772-1EFE-4A10-8A16-D71A20F824AE}
2012-05-04 04:13:41 -------- d-----w- c:\users\hp\appdata\local\{29976415-72F4-448E-8315-753BF99E8565}
2012-05-03 16:13:09 -------- d-----w- c:\users\hp\appdata\local\{63602783-FB96-453B-B234-9868FE38DF85}
2012-05-03 16:12:58 -------- d-----w- c:\users\hp\appdata\local\{CB0CD032-A76C-4D31-A341-3610C86DE95E}
2012-05-03 03:53:46 -------- d-----w- c:\users\hp\appdata\local\{B4573DE5-7F74-42AF-95A6-B335E2F05179}
2012-05-03 03:53:34 -------- d-----w- c:\users\hp\appdata\local\{307CAF0B-571D-4522-946F-A4C49EC4B2B6}
2012-05-03 00:23:59 -------- d-----w- C:\FRST
2012-05-02 17:16:43 -------- d-----w- c:\users\hp\appdata\roaming\TeamViewer
2012-05-02 16:53:56 -------- d-----w- c:\program files\TeamViewer
2012-05-02 07:04:42 -------- d-----w- c:\users\hp\appdata\local\{8BECD664-64E4-483B-BF8C-4EDD7C3DD225}
2012-05-02 07:04:32 -------- d-----w- c:\users\hp\appdata\local\{048F9F2B-BC0A-4FF4-908C-7D8A2838C693}
2012-05-02 01:23:32 413696 ----a-r- c:\users\hp\appdata\roaming\microsoft\installer\{7906b3d2-1a3d-4ba9-b7dd-89407cd54905}\BlackBerry.exe
2012-05-02 01:22:57 -------- d-----w- c:\program files\common files\Research In Motion
2012-05-01 19:10:53 -------- d-----w- c:\program files\BBSAK
2012-05-01 14:45:24 -------- d-----w- c:\users\hp\appdata\local\{2D93A252-566B-408B-89E7-4D19F8AD25A2}
2012-05-01 14:45:13 -------- d-----w- c:\users\hp\appdata\local\{122BABB6-A48E-4D69-BA0A-52F7A0EA0E41}
2012-04-30 17:43:31 -------- d-----w- c:\users\hp\appdata\local\{5F834F41-2CAA-4A04-A9F7-FBF61A67D9B9}
2012-04-30 17:43:08 -------- d-----w- c:\users\hp\appdata\local\{85D43061-C93B-415C-A062-A9C157F585E4}
2012-04-30 05:42:42 -------- d-----w- c:\users\hp\appdata\local\{FCA8A6A9-A329-49C3-9127-D59A57475562}
2012-04-30 05:42:15 -------- d-----w- c:\users\hp\appdata\local\{B6DB6981-D7FE-4779-BB69-BFF06F5D77F1}
2012-04-29 17:41:46 -------- d-----w- c:\users\hp\appdata\local\{E001CF9F-8459-4941-A93E-EA702B1D553E}
2012-04-29 17:41:23 -------- d-----w- c:\users\hp\appdata\local\{9B8B392F-CFE9-47EF-B295-08A1C3F34930}
2012-04-29 04:26:24 -------- d-----w- c:\users\hp\appdata\local\{EA2A4DBC-6035-4663-ABA7-8D5563279E1F}
2012-04-29 04:26:14 -------- d-----w- c:\users\hp\appdata\local\{89233C75-39BF-4E2C-A051-2EC27FDA90EA}
2012-04-28 16:01:34 -------- d-----w- c:\users\hp\appdata\local\{9E866169-E615-4C44-840D-B89BF1F467E1}
2012-04-28 16:01:12 -------- d-----w- c:\users\hp\appdata\local\{3ADD35A3-9A58-42C3-9B85-D2C80F81678E}
2012-04-28 04:00:47 -------- d-----w- c:\users\hp\appdata\local\{CCC10226-5D36-480F-B0A2-0511A13B0A2E}
2012-04-28 04:00:26 -------- d-----w- c:\users\hp\appdata\local\{7D3F8B82-A2F5-42CF-9C92-EC112E402D49}
2012-04-27 16:00:01 -------- d-----w- c:\users\hp\appdata\local\{ABCB80F3-52EE-4FBC-B506-C35AF11F1D95}
2012-04-27 15:59:39 -------- d-----w- c:\users\hp\appdata\local\{BB117696-6DB2-48ED-B472-597E000552A6}
2012-04-27 03:59:14 -------- d-----w- c:\users\hp\appdata\local\{BCF70487-12EC-42E8-9039-2DFFC0B1040C}
2012-04-27 03:58:52 -------- d-----w- c:\users\hp\appdata\local\{0DF120D4-CBF6-4C0B-8873-728AEAC8664E}
2012-04-26 14:24:10 -------- d-----w- c:\users\hp\appdata\local\{47BF5625-194A-428B-BE95-BA222BD9F0F4}
2012-04-26 14:23:48 -------- d-----w- c:\users\hp\appdata\local\{84B7D968-3671-44BD-A489-CE25098D2E01}
2012-04-26 02:23:19 -------- d-----w- c:\users\hp\appdata\local\{092096BE-7418-464B-965C-D9B52185C527}
2012-04-26 02:22:52 -------- d-----w- c:\users\hp\appdata\local\{B3B4D4F4-782E-4AF6-963F-A3A2E0E4C2A9}
2012-04-25 17:11:50 -------- d-----w- c:\program files\Jewel Quest The Sleepless Star
2012-04-25 11:27:27 -------- d-----w- c:\users\hp\appdata\local\{40F4D8A2-71D1-4F5D-A155-1E2EF5FE4E69}
2012-04-25 11:27:16 -------- d-----w- c:\users\hp\appdata\local\{42139F8F-483F-4067-8593-CC68B6433CF8}
2012-04-24 09:41:24 -------- d-----w- c:\users\hp\appdata\local\{023F021A-2190-47CF-BC26-443878CA5E16}
2012-04-24 09:41:07 -------- d-----w- c:\users\hp\appdata\local\{C95C26ED-5076-4524-8789-DE673D56C373}
2012-04-23 07:52:17 -------- d-----w- c:\users\hp\appdata\local\{D9481471-B272-49FD-BDD9-C99FC4E7CF05}
2012-04-23 07:52:06 -------- d-----w- c:\users\hp\appdata\local\{8ABB1521-4368-4718-BBC4-CD4B7F124D3D}
2012-04-23 05:59:27 -------- d-----w- c:\programdata\SpinTop Games
2012-04-23 05:32:56 -------- d-----w- C:\Downloads
2012-04-22 16:44:31 -------- d-----w- c:\users\hp\appdata\local\{63D67C05-FCC1-44B9-B5FE-C3A0E14FE14E}
2012-04-22 16:44:09 -------- d-----w- c:\users\hp\appdata\local\{1670063E-614A-4835-AB34-A7AE21AA4AE3}
2012-04-22 04:43:44 -------- d-----w- c:\users\hp\appdata\local\{E8C2DC76-B6C7-40BF-8FA6-3CAD507F5527}
2012-04-22 04:43:22 -------- d-----w- c:\users\hp\appdata\local\{6BC314EE-486C-4BC7-A0B8-2E3DC1592E70}
2012-04-21 16:42:56 -------- d-----w- c:\users\hp\appdata\local\{469022BE-DAA7-49E7-B83B-EB35234EC72B}
2012-04-21 16:42:33 -------- d-----w- c:\users\hp\appdata\local\{1C3F5C1F-175E-4EC5-9F61-4F91ABCB0940}
2012-04-21 04:42:00 -------- d-----w- c:\users\hp\appdata\local\{7ABD2A39-E116-40B0-99CF-03F89525642F}
2012-04-21 04:41:32 -------- d-----w- c:\users\hp\appdata\local\{97E09292-13D2-45DD-B08D-6C7C59AEC660}
2012-04-20 16:41:05 -------- d-----w- c:\users\hp\appdata\local\{FBD76A3F-1BC3-41A9-9341-22D822A2CED1}
2012-04-20 16:40:55 -------- d-----w- c:\users\hp\appdata\local\{DF4592BD-8D1C-4A1C-BEA9-9A4BCBB10777}
2012-04-20 04:01:03 -------- d-----w- c:\users\hp\appdata\local\{26D4C03F-F331-456F-849A-6B33B41E34A5}
2012-04-20 04:00:50 -------- d-----w- c:\users\hp\appdata\local\{E55CD26B-6F68-4C57-B35B-6A81E55CBFE8}
2012-04-20 01:49:46 -------- d-----w- c:\users\hp\appdata\roaming\DikobrazGames
2012-04-20 01:46:19 -------- d-----w- c:\program files\Tiger Games
2012-04-19 13:16:10 -------- d-----w- c:\users\hp\appdata\local\{ABA23552-171C-4B14-908A-DF152432C3EE}
2012-04-19 13:16:00 -------- d-----w- c:\users\hp\appdata\local\{09D8A606-85F5-4C92-A551-01151A2DA04A}
2012-04-19 00:03:31 -------- d-----w- c:\users\hp\appdata\local\{059476F3-C611-4621-B635-5499735175A4}
2012-04-19 00:03:14 -------- d-----w- c:\users\hp\appdata\local\{03FC349F-5BC2-44AD-997A-A179FBFB8AE8}
2012-04-18 11:44:43 -------- d-----w- c:\users\hp\appdata\local\{7B2FE130-0CC3-4083-928B-4C69CAA356BA}
2012-04-18 11:44:31 -------- d-----w- c:\users\hp\appdata\local\{EB1D7B26-69C5-453D-8BF5-D83C5BBF7279}
2012-04-18 11:18:41 -------- d-----w- c:\users\hp\appdata\local\temp
2012-04-17 13:29:54 -------- d-----w- c:\users\hp\appdata\local\{4695B306-559D-4067-ADEE-DB30821F2CBC}
2012-04-17 13:29:39 -------- d-----w- c:\users\hp\appdata\local\{664ED3E4-AB55-4992-95FE-95C47D62168F}
.
==================== Find3M ====================
.
2012-04-04 18:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 21:42:32 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-08 21:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 05:05:06 113464 ----a-w- c:\windows\system32\KeyScramblerLogon.dll
2012-03-01 13:49:18 202112 ----a-w- c:\windows\system32\PPTVLauncher.exe
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-26 01:42:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-26 01:42:43 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-02-25 19:07:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-25 19:07:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 17:40:59 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 3:13:18.67 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 20 May 2012 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Is this proxy setting required by your institution?
uInternet Settings,ProxyServer = 127.0.0.1:9666
===

Nothing else was suspicious on your DDS log. Lets check further.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 babas87

babas87
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 21 May 2012 - 11:04 PM

Hello, thanks for helping me. I did the scan with combofix and security check. But before posting I would like to ask a question. If you share a wireless network with someone can that person with some technique spy on everything you do even without putting some kind a spyware on your computer?

Combofix logs:

ComboFix 12-05-20.10 - HP 05/22/2012 0:46.3.4 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.1910.1121 [GMT -3:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 03:52 . 2012-05-22 03:53 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-05-22 03:52 . 2012-05-22 03:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-22 03:52 . 2012-05-22 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 02:25 . 2012-05-21 08:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1F145CC-4B39-4DEF-B6D6-7DB8312822DB}\offreg.dll
2012-05-21 02:24 . 2012-05-21 02:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-21 02:16 . 2012-05-21 02:54 -------- d-----w- c:\program files\Tomb Raider - Legend
2012-05-21 01:54 . 2012-05-21 01:54 -------- d-----w- c:\users\HP\AppData\Roaming\PowerISO
2012-05-21 01:50 . 2012-05-21 01:50 -------- d--h--w- c:\programdata\Common Files
2012-05-21 01:50 . 2012-05-21 01:51 -------- d-----w- c:\program files\PowerISO
2012-05-20 18:55 . 2012-05-20 18:55 -------- d-----w- c:\users\HP\AppData\Roaming\Rovio
2012-05-20 18:54 . 2012-05-20 18:54 -------- d-----w- c:\program files\Foxy Games
2012-05-18 08:10 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1F145CC-4B39-4DEF-B6D6-7DB8312822DB}\mpengine.dll
2012-05-18 01:32 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-18 01:32 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-18 01:32 . 2012-03-06 23:04 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-05-18 01:31 . 2012-03-06 23:03 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-05-18 01:31 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-18 01:31 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-18 01:31 . 2012-03-06 23:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-18 01:31 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-18 01:31 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-18 01:31 . 2012-03-06 22:44 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-05-18 01:31 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-18 01:31 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-18 01:18 . 2012-05-18 01:18 -------- d-----w- c:\users\HP\AppData\Local\Mozilla
2012-05-18 00:55 . 2012-05-18 00:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-16 22:30 . 2012-05-16 22:30 413696 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{40CF56A5-52BE-4C84-8B82-BF620981669F}\BlackBerry.exe
2012-05-16 22:09 . 2012-05-16 22:33 -------- d-----w- c:\users\HP\AppData\Roaming\Research In Motion
2012-05-16 11:43 . 2012-05-16 11:43 -------- d-----w- c:\programdata\Research In Motion
2012-05-16 11:42 . 2012-05-16 11:42 -------- d-----w- c:\program files\Research In Motion
2012-05-15 06:16 . 2012-05-15 06:16 -------- d-----w- c:\users\HP\Doctor Web
2012-05-15 03:45 . 2012-05-16 03:43 -------- d-----w- c:\program files\Captain Morgane
2012-05-15 03:45 . 2012-05-15 03:45 -------- d-----w- c:\programdata\JustAdventure
2012-05-13 23:58 . 2012-05-13 23:58 -------- d-----w- c:\users\HP\AppData\Roaming\MailFrontier
2012-05-13 23:53 . 2012-05-18 01:28 -------- d-----w- c:\program files\CheckPoint
2012-05-12 22:09 . 2012-05-13 23:48 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-11 05:30 . 2012-05-11 05:48 -------- d-----r- c:\users\HP\Dropbox
2012-05-11 05:21 . 2012-05-12 14:48 -------- d-----w- c:\users\HP\AppData\Roaming\Dropbox
2012-05-10 03:06 . 2007-03-12 19:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2012-05-10 03:04 . 2012-05-10 03:05 -------- d-----w- c:\users\HP\AppData\Roaming\DAEMON Tools Pro
2012-05-10 03:02 . 2012-05-10 03:05 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-05-10 01:04 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 01:03 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 01:03 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 01:03 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 01:03 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 01:03 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 01:03 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-05 04:17 . 2011-12-15 00:41 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-05-05 04:17 . 2012-05-05 04:33 -------- d-----w- c:\program files\KeyScrambler
2012-05-03 00:23 . 2012-05-03 00:25 -------- d-----w- C:\FRST
2012-05-02 17:16 . 2012-05-02 17:16 -------- d-----w- c:\users\HP\AppData\Roaming\TeamViewer
2012-05-02 16:53 . 2012-05-02 17:15 -------- d-----w- c:\program files\TeamViewer
2012-05-02 01:23 . 2012-05-02 01:23 413696 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{7906B3D2-1A3D-4BA9-B7DD-89407CD54905}\BlackBerry.exe
2012-05-02 01:22 . 2012-05-16 11:42 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-05-01 19:10 . 2012-05-01 19:10 -------- d-----w- c:\program files\BBSAK
2012-04-25 17:11 . 2012-04-25 17:12 -------- d-----w- c:\program files\Jewel Quest The Sleepless Star
2012-04-23 05:59 . 2012-04-23 05:59 -------- d-----w- c:\programdata\SpinTop Games
2012-04-23 05:32 . 2012-05-20 18:54 -------- d-----w- C:\Downloads
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 03:57 . 2012-04-19 03:57 113072 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-04 18:56 . 2012-03-02 18:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 21:42 . 2012-03-10 21:42 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-08 21:50 . 2012-03-08 21:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 05:05 . 2012-03-08 05:05 113464 ----a-w- c:\windows\system32\KeyScramblerLogon.dll
2012-03-01 13:49 . 2012-03-01 13:49 202112 ----a-w- c:\windows\system32\PPTVLauncher.exe
2012-03-01 05:46 . 2012-04-11 11:50 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 11:50 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 11:50 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 11:50 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-11 11:54 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 11:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 11:54 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 11:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-26 01:42 . 2012-02-26 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-26 01:42 . 2012-02-26 01:42 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-02-25 23:54 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-25 19:07 . 2012-02-25 19:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-25 19:07 . 2012-02-25 19:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 17:44 . 2012-02-25 17:44 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-25 17:44 . 2012-02-25 17:44 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-25 17:44 . 2012-02-25 17:44 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-25 17:44 . 2012-02-25 17:44 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-25 17:44 . 2012-02-25 17:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-25 17:44 . 2012-02-25 17:44 367104 ----a-w- c:\windows\system32\html.iec
2012-02-25 17:44 . 2012-02-25 17:44 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-25 17:44 . 2012-02-25 17:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-25 17:44 . 2012-02-25 17:44 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-25 17:44 . 2012-02-25 17:44 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-25 17:44 . 2012-02-25 17:44 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-25 17:44 . 2012-02-25 17:44 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-25 17:44 . 2012-02-25 17:44 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-25 17:44 . 2012-02-25 17:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-25 17:44 . 2012-02-25 17:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-25 17:44 . 2012-02-25 17:44 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-25 17:44 . 2012-02-25 17:44 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 13:18 . 2012-02-25 17:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-21 01:19 . 2012-05-18 00:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-20 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-20 170520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2012-03-08 432952]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 95200]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-08-25 279656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 6380544]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 222208]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 29168]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-07-20 9018368]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 173880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2468066099-2050458068-376550370-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:38]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2468066099-2050458068-376550370-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:38]
.
2012-05-19 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\firefox\profiles\5ep7a85w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6d11f8ec-c25c-4cf3-a796-e9305a0e8735%7D&mid=98b5c1e294fa47d0bcb35771455c9af3-11da50faf8cfd5ccb95489d861c111c933003456&ds=st011&v=11.1.0.7&lang=en&pr=sa&d=2012-05-20%2022%3A50%3A47&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2468066099-2050458068-376550370-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2468066099-2050458068-376550370-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-22 00:54:26
ComboFix-quarantined-files.txt 2012-05-22 03:54
.
Pre-Run: 198,555,414,528 bytes free
Post-Run: 198,638,100,480 bytes free
.
- - End Of File - - 6A68EA7B2A8DF46E54612291EDE90FC7


Security check log:
Results of screen317's Security Check version 0.99.33
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
ZoneAlarm LTD Toolbar
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
McAfee SiteAdvisor
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.1.102.62
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

windows defender MpCmdRun.exe
Funshion Online Funshion FunshionService.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 22 May 2012 - 08:21 AM

I do see the following on your log.
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Read about it.
http://localsystemnetworkrestricted.svchost-exe.net/distributed-link-tracking-client

It may just be that this is required by your School. Not sure if the other on your lan can look at your files...

I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html
Some expert may be able to test or give you advice on this issue.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

#5 babas87

babas87
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 23 May 2012 - 03:58 PM

Hello, I updated java and will start a new topic on the networking forum. Is there anything else???

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 24 May 2012 - 09:13 AM

Not from me at the moment.

I will keep this topic open for 5 days should you need to return.

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 30 May 2012 - 08:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users