Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus And Keylogger Problem


  • Please log in to reply
8 replies to this topic

#1 NEEDHELPBADLY

NEEDHELPBADLY

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 30 May 2006 - 06:48 PM

i think i am infected with virus and keylogger
pls help me find it and delete it

BC AdBot (Login to Remove)

 


m

#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:36 PM

Posted 30 May 2006 - 07:28 PM

The best way to do this is to run a little program called HiJackThis. This program creates a log. Then you paste the log into the HiJackThis forum here at Bleeping Computer. An expert will help you get rid of the malware on your computer. It takes a little time, and it takes a little patience, but it almost always works!

Oh, and you must be good at following instructions, as there will be some to follow. The following instructions will walk you through the process of creating a log:

FIRST
Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

NEXT
Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

FINALLY
If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 NEEDHELPBADLY

NEEDHELPBADLY
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 30 May 2006 - 08:00 PM

here is a log from spyware doctor


Spyware Doctor Activity Report
Generated on 5/30/2006 5:04:15 PM
Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 5/30/2006 5:05:20 PM
scan stop: 5/30/2006 5:29:21 PM
scanned items: 139027
found items: 330
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
Virtumonde c:\windows\wininit.ini##c:\windows\system32\ddcyw.dll Elevated
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR## High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR##Type High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR##Start High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR##ErrorControl High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR##ImagePath High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR##DisplayName High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security## High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security##Security High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum## High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum##0 High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum##Count High
Backdoor.GrayBird.K HKLM\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum##NextInstance High
Common Components for KMiNT21 software HKLM\SOFTWARE\KMiNT21 High
Common Components for KMiNT21 software HKLM\SOFTWARE\KMiNT21## High
Golden Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Golden Keylogger High
Golden Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Golden Keylogger## High
Golden Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Golden Keylogger##Order High
Golden Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Golden Keylogger\Links High
Golden Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Golden Keylogger\Links## High
Golden Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Golden Keylogger\Links##Order High
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864} Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}## Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\ProxyStubClsid Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\ProxyStubClsid## Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\ProxyStubClsid32 Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\ProxyStubClsid32## Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\TypeLib Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\TypeLib## Elevated
LinkMaker Hijacker HKCR\Interface\{34344F98-861B-45FA-B1F5-9F3BC0315864}\TypeLib##Version Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter## Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter\CLSID Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter\CLSID## Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter.1 Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter.1## Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter.1\CLSID Elevated
LinkMaker Hijacker HKCR\QLink.QLFilter.1\CLSID## Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper## Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper\CLSID Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper\CLSID## Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper.1 Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper.1## Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper.1\CLSID Elevated
LinkMaker Hijacker HKCR\QLink.QLHelper.1\CLSID## Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser QLHelper Objects Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser QLHelper Objects## Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser QLHelper Objects\{AA3C0FFE-758E-4c41-B1B9-2D711915A938} Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser QLHelper Objects\{AA3C0FFE-758E-4c41-B1B9-2D711915A938}## Elevated
MediaMotor HKCR\IEMonitor.cBrowsers High
MediaMotor HKCR\IEMonitor.cBrowsers## High
MediaMotor HKCR\IEMonitor.cBrowsers\Clsid High
MediaMotor HKCR\IEMonitor.cBrowsers\Clsid## High
MediaMotor HKCR\IEMonitor.IEEvents High
MediaMotor HKCR\IEMonitor.IEEvents## High
MediaMotor HKCR\IEMonitor.IEEvents\Clsid High
MediaMotor HKCR\IEMonitor.IEEvents\Clsid## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6} High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib##Version High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B} High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib##Version High
MediaMotor HKCR\Interface\{7F9E4594-FCD3-48E5-A53E-D554B2AD303A} High
MediaMotor HKCR\Interface\{7F9E4594-FCD3-48E5-A53E-D554B2AD303A}## High
MediaMotor HKCR\Interface\{7F9E4594-FCD3-48E5-A53E-D554B2AD303A}\ProxyStubClsid High
MediaMotor HKCR\Interface\{7F9E4594-FCD3-48E5-A53E-D554B2AD303A}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{7F9E4594-FCD3-48E5-A53E-D554B2AD303A}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{7F9E4594-FCD3-48E5-A53E-D554B2AD303A}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{A6A98ECF-0080-4F46-B716-0CFEF2DB6320} High
MediaMotor HKCR\Interface\{A6A98ECF-0080-4F46-B716-0CFEF2DB6320}## High
MediaMotor HKCR\Interface\{A6A98ECF-0080-4F46-B716-0CFEF2DB6320}\ProxyStubClsid High
MediaMotor HKCR\Interface\{A6A98ECF-0080-4F46-B716-0CFEF2DB6320}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{A6A98ECF-0080-4F46-B716-0CFEF2DB6320}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{A6A98ECF-0080-4F46-B716-0CFEF2DB6320}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707} High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib##Version High
MediaPass HKLM\SOFTWARE\Media Pass High
MediaPass HKLM\SOFTWARE\Media Pass## High
MediaPass HKLM\SOFTWARE\Media Pass##param High
MediaPass HKLM\SOFTWARE\Media Pass##track High
MediaPass HKCR\MediaPassX.Installer High
MediaPass HKCR\MediaPassX.Installer## High
Pc Acme Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PC Acme High
Pc Acme Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PC Acme## High
Pc Acme Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PC Acme##Order High
Trojan.Downloader.CashDeluxe HKCU\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} Elevated
Trojan.Downloader.CashDeluxe HKCU\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}## Elevated
WinFixer HKCR\Interface\{FC0FE3C3-3359-4CF5-A72D-7F361FA0ECEB} Elevated
WinFixer HKCR\Interface\{FC0FE3C3-3359-4CF5-A72D-7F361FA0ECEB}## Elevated
WinFixer HKCR\Interface\{FC0FE3C3-3359-4CF5-A72D-7F361FA0ECEB}\ProxyStubClsid Elevated
WinFixer HKCR\Interface\{FC0FE3C3-3359-4CF5-A72D-7F361FA0ECEB}\ProxyStubClsid## Elevated
WinFixer HKCR\Interface\{FC0FE3C3-3359-4CF5-A72D-7F361FA0ECEB}\ProxyStubClsid32 Elevated
WinFixer HKCR\Interface\{FC0FE3C3-3359-4CF5-A72D-7F361FA0ECEB}\ProxyStubClsid32## Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD## Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD##NextInstance Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000 Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000## Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##Service Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##Legacy Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##ConfigFlags Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##Class Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##ClassGUID Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##DeviceDesc Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000##Capabilities Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000\LogConf Elevated
WinFixer HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_KMD\0000\LogConf## Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD## Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD##NextInstance Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000 Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000## Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##Service Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##Legacy Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##ConfigFlags Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##Class Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##ClassGUID Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##DeviceDesc Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000##Capabilities Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000\LogConf Elevated
WinFixer HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_DF_KMD\0000\LogConf## Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD## Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD##NextInstance Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000 Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000## Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##Service Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##Legacy Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##ConfigFlags Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##Class Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##ClassGUID Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##DeviceDesc Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000##Capabilities Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000\LogConf Elevated
WinFixer HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DF_KMD\0000\LogConf## Elevated
Tracking Cookie(s) C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt Low
DelfinProject C:\keys.ini High
7AdPower C:\WINDOWS\Downloaded Program Files\internazionale_ver4.INF High
WinFixer C:\WINDOWS\system32\drivers\dfd.sys Elevated
Backdoor.GrayBird.K C:\WINDOWS\system32\drivers\Oreans.sys High
DealHelper C:\WINDOWS\system32\Iqfqthk2.xml Elevated
DealHelper C:\WINDOWS\system32\Iqfqthk1.xml Elevated
DealHelper C:\WINDOWS\system32\Iqfqthk.xml Elevated
SystemSleuth Keylogger C:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}\_42353374.exe High
SystemSleuth Keylogger C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}\_42353374.exe High
TargetSavers C:\Program Files\Common Files\mwoz\mwozd\class-barrel High
TargetSavers C:\Program Files\Common Files\mwoz\mwozd\vocabulary High
Advanced Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP200\A0114083.dll Elevated
LinkMaker Hijacker C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP200\A0114140.exe Elevated
MediaMotor C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP201\A0114201.ocx High
Perfect Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP201\A0115204.exe High
Perfect Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP206\A0115365.dll High
Perfect Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP206\A0115367.exe High
Perfect Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP214\A0116221.exe High
Perfect Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP218\A0118589.exe High
Perfect Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP233\A0124260.exe High
Family Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP233\A0124261.exe High
Golden Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP236\A0124633.exe High
Golden Keylogger C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP236\A0124634.dll High
Common Components for KMiNT21 software C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP236\A0124635.dll High
180search Assistant C:\WINDOWS\180ax_gdf.dat Elevated
WinFixer C:\WINDOWS\is-8U1QA.exe Elevated
MediaMotor C:\WINDOWS\mm62.ocx High
My Daily Horoscope C:\WINDOWS\setup_silent_17304.exe.tcf Low
MediaMotor C:\WINDOWS\system32\objsafe.tlb High
Perfect Keylogger C:\WINDOWS\system32\rinst.exe High
Perfect Keylogger C:\WINDOWS\system32\window.dll.exe High
Perfect Keylogger C:\WINDOWS\system32\window.dllhk.dll High
Perfect Keylogger C:\WINDOWS\system32\window.dllwb.dll High
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62} Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}## Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore## Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore##Type Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore##Count Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore##Time Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore##Blocked Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850} Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}## Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories## Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}## Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\InprocServer32 Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\InprocServer32## Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\InprocServer32##ThreadingModel Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\ProgID Elevated
Advanced Keylogger HKCR\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\ProgID## Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850} Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}## Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories## Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}## Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\InprocServer32 Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\InprocServer32## Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\InprocServer32##ThreadingModel Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\ProgID Elevated
Advanced Keylogger HKLM\Software\Classes\CLSID\{DEE6806C-FB33-D04C-E1C6-8DA9B2204850}\ProgID## Elevated
LinkMaker Hijacker HKCR\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938} Elevated
LinkMaker Hijacker HKCR\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}## Elevated
LinkMaker Hijacker HKCR\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\ProgID Elevated
LinkMaker Hijacker HKCR\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\ProgID## Elevated
LinkMaker Hijacker HKCR\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\VersionIndependentProgID Elevated
LinkMaker Hijacker HKCR\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\VersionIndependentProgID## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938} Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\ProgID Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\ProgID## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\VersionIndependentProgID Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{AA3C0FFE-758E-4C41-B1B9-2D711915A938}\VersionIndependentProgID## Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB} Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}## Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\ProgID Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\ProgID## Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\resource Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\resource## Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\VersionIndependentProgID Elevated
LinkMaker Hijacker HKCR\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\VersionIndependentProgID## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB} Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\ProgID Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\ProgID## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\resource Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\resource## Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\VersionIndependentProgID Elevated
LinkMaker Hijacker HKLM\Software\Classes\CLSID\{E225AB73-4D7E-45F7-9425-47D2F7C7A8AB}\VersionIndependentProgID## Elevated
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1 High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32 High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32## High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1 High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32 High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32## High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION## High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83} High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}## High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories## High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}## High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID## High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Programmable High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Programmable## High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION## High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83} High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}## High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories## High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}## High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID## High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Programmable High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Programmable## High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION## High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}## High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\iexplore High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\iexplore## High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\iexplore##Type High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\iexplore##Count High
Perfect Keylogger HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\iexplore##Time High


Other Sections:

Copyright 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice
sigs
Click to go back

#4 NEEDHELPBADLY

NEEDHELPBADLY
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 30 May 2006 - 08:01 PM

heres a hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 5:58:43 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e.my.yahoo.com/config/my_init?.intl...tner=my&.from=i
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.112.155.130:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISS_SIP] C:\Program Files\Anti Keylogger Elite\AKE.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129848467718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137879759578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#5 NEEDHELPBADLY

NEEDHELPBADLY
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 30 May 2006 - 08:02 PM

is there anyway to delete all that malware from the spyware doctor log
because i did not have the full version so i could not delete the infections

#6 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:36 PM

Posted 30 May 2006 - 08:11 PM

You've posted you're HJT log in the wrong location, let me get an admin to move it. In the mean time, sit tight and relax. A HJT Team member will get to you ASAP.
Stanford '14
B.S. Candidate | Computer Science

#7 NEEDHELPBADLY

NEEDHELPBADLY
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 30 May 2006 - 08:12 PM

ok thank you

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 PM

Posted 30 May 2006 - 08:24 PM

NEEDHELPBADLY, please start a new topic and repost your log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

I'd rather you do this because there have been several replies to this thread. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. Since there are replies here, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and may not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 PM

Posted 30 May 2006 - 08:31 PM

NEEDHELPBADLY has posted the log here

Edited by quietman7, 30 May 2006 - 08:33 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users