Jump to content

Danewby

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, I was hoping someone can look over my DDS logs for a potential keylogger. Thank you so much for your time. DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521Run by dnewby at 10:49:47 on 2014-04-16Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1644.231 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exec:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exec:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Xobni\XobniService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEc:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exeC:\UPS\WSTD\WSTDMessaging.exeC:\Users\Ana\AppData\Roaming\Dropbox\bin\Dropbox.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\UPS\WSTD\WorldShipTD.exeC:\Windows\system32\mstsc.exeC:\ups\wstd\upslnkmg.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\splwow64.exeC:\Windows\system32\taskhost.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ana\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dlluRun: [Google Update] "C:\Users\Ana\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exeStartupFolder: C:\Users\Ana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ana\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPSWOR~2.LNK - C:\UPS\WSTD\WSTDMessaging.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPSWOR~1.LNK - C:\UPS\WSTD\wstdPldReminder.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeTCP: NameServer = 192.168.0.10TCP: Interfaces\{A23F69BF-EAAB-4F66-BB8F-7C4493C55EE8} : DHCPNameServer = 192.168.0.10Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dllx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Updatex64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-10-7 75904]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-10-7 38016]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-7 203776]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-7 412264]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-7 44672]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232].=============== Created Last 30 ================.2014-04-15 11:13:00 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD1A6899-9C2D-4EBB-9682-EC6335B0DBC4}\mpengine.dll2014-04-14 10:45:51 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-04-07 10:41:08 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E47DDAA2-7988-433F-9CF5-455BB76B7FBC}\gapaengine.dll.==================== Find3M ====================.2014-03-31 01:13:47 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-03-31 00:13:30 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-03-12 11:44:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 11:44:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-07 20:34:07 0 ----a-w- C:\Windows\SysWow64\sho1C6F.tmp2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll2014-01-25 05:19:42 268512 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 10:51:43.69 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.