|
| |||||||
 |
 |
| | Thread Tools |
|
#31
2nd Oct 2009, 15:21
| |||
| |||
| Is This Anything to Do with a Key Logger or Not? qq |
|
#32
2nd Oct 2009, 15:21
| |||
| |||
| Is This Anything to Do with a Key Logger or Not? I pressed F8 as my son’s computer was rebooting. It brought up a black screen with white text on which just flashed up for a second. I didn’t really have enough time to read it as such but it said things like “Master Disk Capability Disabled” etc. Then the usual Microsoft XP page came up, with the blue dots moving across. This led automatically to the log in page. There are two icons on it, one for me which is password protected (so I can’t just press Enter) and one for my son which has no password. Looking at both these accounts it says that they are both an administrator account. As the black screen with white text only stays for a second, it’s impossible to click on any options – not that I actually saw any (though I DID when I followed your instructions but using my laptop instead). So I’m puzzled as to the difference between starting my son’s computer in Safe or Normal mode. There doesn’t seem to be a choice. Also my son’s computer has recently started to reboot itself, for no obvious reason. Do you have any idea why it would do that? He’s sometimes in the middle of a game and it just switches off, then on again…. Do you think I might have messed up my son’s computer? Please help me. I’m not very good with computers at all. |
|
#33
2nd Oct 2009, 15:23
| |||
| |||
| Is This Anything to Do with a Key Logger or Not? Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.
__________________  |
|
#34
3rd Oct 2009, 15:15
| |||
| |||
| Is This Anything to Do with a Key Logger or Not? Thank you so much for this advice. I've got the 2 logs from my son's computer saved to the desktop. DDS (Ver_09-09-29.01) - NTFSx86 Run by Catherine at 22:59:39.59 on 03/10/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.153 [GMT 1:00] AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Catherine\Desktop\dds.scr ============== Pseudo HJT Report =============== mSearchAssistant = hxxp://www.google.com/ie BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\s wg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe" mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.18.18/ttinst.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progr a~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasp er~1\kasper~1\kloehk.dll ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808] R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-18 226832] R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r [?] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592] S3 cmudax;C-Media Azalia Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-2-16 1385664] S3 GAGPDrv;GAGPDrv; [x] =============== Created Last 30 ================ ==================== Find3M ==================== 2009-10-02 23:56 3,304,480 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-10-02 23:56 630,816 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2009-10-02 23:56 29,924 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-10-02 23:56 12,788 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2009-09-22 15:46 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-09-22 15:46 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 10:01 204,800 -------- c:\windows\system32\mswebdvd.dll 2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-12 12:21 233,472 -------- c:\windows\system32\wmpdxm.dll 2005-07-09 10:12 774,144 a------- c:\program files\RngInterstitial.dll 2008-12-20 20:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122020081 221\index.dat ============= FINISH: 23:00:38.25 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 16/02/2005 13:12:34 System Uptime: 10/03/2009 22:49:05 (4969 hours ago) Motherboard: Gigabyte Technology Co., Ltd. | | 8I915P-G Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2813/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 77 GiB total, 18.516 GiB free. D: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP557: 05/07/2009 18:16:54 - System Checkpoint RP558: 09/07/2009 15:33:30 - System Checkpoint RP559: 10/07/2009 22:49:17 - System Checkpoint RP560: 12/07/2009 23:31:06 - System Checkpoint RP561: 15/07/2009 21:28:51 - Software Distribution Service 3.0 RP562: 17/07/2009 12:59:36 - System Checkpoint RP563: 21/07/2009 11:27:25 - System Checkpoint RP564: 24/07/2009 09:31:34 - System Checkpoint RP565: 26/07/2009 23:18:40 - System Checkpoint RP566: 28/07/2009 08:31:02 - System Checkpoint RP567: 29/07/2009 20:38:32 - System Checkpoint RP568: 29/07/2009 21:36:52 - Software Distribution Service 3.0 RP569: 01/08/2009 20:19:39 - System Checkpoint RP570: 05/08/2009 18:52:04 - System Checkpoint RP571: 09/08/2009 09:39:25 - System Checkpoint RP572: 12/08/2009 21:45:08 - Software Distribution Service 3.0 RP573: 13/08/2009 08:49:15 - Software Distribution Service 3.0 RP574: 13/08/2009 08:53:35 - Software Distribution Service 3.0 RP575: 14/08/2009 08:59:40 - System Checkpoint RP576: 21/08/2009 11:20:13 - System Checkpoint RP577: 23/08/2009 11:03:45 - System Checkpoint RP578: 24/08/2009 21:48:08 - System Checkpoint RP579: 27/08/2009 11:45:49 - Software Distribution Service 3.0 RP580: 28/08/2009 12:41:07 - System Checkpoint RP581: 02/09/2009 13:26:43 - System Checkpoint RP582: 09/09/2009 16:58:45 - Software Distribution Service 3.0 RP583: 11/09/2009 15:21:19 - Software Distribution Service 3.0 RP584: 11/09/2009 21:14:50 - Software Distribution Service 3.0 RP585: 16/09/2009 10:24:32 - System Checkpoint RP586: 18/09/2009 10:47:36 - System Checkpoint RP587: 20/09/2009 13:56:36 - System Checkpoint RP588: 25/09/2009 18:36:00 - System Checkpoint RP589: 28/09/2009 09:19:00 - System Checkpoint RP590: 01/10/2009 10:14:04 - System Checkpoint RP591: 02/10/2009 15:07:50 - System Checkpoint ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 9 ActiveX Adobe Reader 6.0.1 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver Bob the Builder - Bob's Castle Adventure Bob the Builder - Bob Builds a Park C-Media Azalia Audio Driver Canon i450 Canon Utilities Easy-PhotoPrint Disney's Toontown Online DriverCD Enable S3 for USB Device Google Toolbar for Internet Explorer Granny in Paradise (remove only) High Definition Audio Driver Package - KB835221 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Indeo® software J2SE Runtime Environment 5.0 Update 11 Jurassic Park Operation Genesis Kaspersky Internet Security 2009 Marvell Miniport Driver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Monsters Jr Psychonauts QuickTime RealArcade Roller Coaster Factory 3 RollerCoaster Tycoon® 3 Sandlot Games Client Services Sandlot Games Client Services 1.2.2 Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SimCity 4 Deluxe The Mobile Agent v5 Demo Theme Park World Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool Windows Internet Explorer 7 Windows Live installer Windows XP Service Pack 3 WinZip Wizard101 World of Warcraft Zoo Tycoon - Dinosaur Digs Zoo Tycoon 2 ==== Event Viewer Messages From Past Week ======== 26/09/2009 17:19:10, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CATJA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{15F6511D-E588-45D9-A0D. The master browser is stopping or an election is being forced. 02/10/2009 22:32:28, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 02/10/2009 22:25:05, error: Service Control Manager [7000] - The BDRSDRV service failed to start due to the following error: The system cannot find the path specified. ==== End Of File =========================== |
|
#35
3rd Oct 2009, 18:33
| |||
| |||
| Is This Anything to Do with a Key Logger or Not? OK. I don't see anything like a keylogger or even a virus but there is a lot to take care of. Just read this all carefully and do it at your own pace. If you have any questions just ask. First, you have two security suites installed. BitDefender and Kaspersky. This is never advised and could be lending to whatever issues you are having. I don't see BitDefender installed so you probably need to keep Kaspersky and remove BitDefender. Please do this.
Now update some software that is very outdated and leaving you vulnerable to a malware attack. Go to Add or Remove Programs and uninstall both of these.
Adobe Reader - http://get.adobe.com/reader/ Version 6 Update 16 - http://www.java.com/en/download/index.jsp ---------- Click the Start button on the Windows taskbar. (lower left) Click Run. In the Run window type the following (note the space after ipconfig) and then click OK. Code: ipconfig /release Code: ipconfig /renew ---------- Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix
__________________ |
|
#36
4th Oct 2009, 05:41
| |||
| |||
| Is This Anything to Do with a Key Logger or Not? Thanks for this help. I will try it later! I do appreciate you taking the time to do this! :-) |
