Jump to content

Do i have a KEYLOGGER OR VIRUS?


Recommended Posts

Here is my malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5445

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

3/01/2011 10:42:36 AM

mbam-log-2011-01-03 (10-42-32).txt

Scan type: Quick scan

Objects scanned: 241218

Time elapsed: 16 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 18

Registry Values Infected: 1

Registry Data Items Infected: 6

Folders Infected: 5

Files Infected: 19

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa (PUP.Wpakill) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54018E98-10E3-46C6-9673-2999253F9C65} (Trojan.Vundo) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msdvdDrv (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msdvdr (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2 Find MP3_is1 (Adware.180Solutions) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

c:\program files\2 find mp3 (Adware.180Solutions) -> No action taken.

c:\program files\2 find mp3\Data (Adware.180Solutions) -> No action taken.

c:\program files\relevantknowledge (Spyware.MarketScore) -> No action taken.

c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

c:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Files Infected:

c:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.

c:\documents and settings\clare\local settings\Temp\nsnC.tmp\wansis.dll (Adware.AdRotator) -> No action taken.

c:\documents and settings\clare\local settings\Temp\nsp9.tmp\wansis.dll (Adware.AdRotator) -> No action taken.

c:\documents and settings\tullyadmin\application data\avdrn.dat (Malware.Trace) -> No action taken.

c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.

c:\WINDOWS\bm3bb64636.txt (Trojan.Vundo) -> No action taken.

c:\WINDOWS\bm3bb64636.xml (Trojan.Vundo) -> No action taken.

c:\program files\2 find mp3\2 find mp3 quick start.url (Adware.180Solutions) -> No action taken.

c:\program files\2 find mp3\2FindMP3.exe (Adware.180Solutions) -> No action taken.

c:\program files\2 find mp3\unins000.dat (Adware.180Solutions) -> No action taken.

c:\program files\2 find mp3\unins000.exe (Adware.180Solutions) -> No action taken.

c:\program files\2 find mp3\Data\2FindMP3.dat (Adware.180Solutions) -> No action taken.

c:\program files\2 find mp3\Data\Engines.dat (Adware.180Solutions) -> No action taken.

c:\program files\relevantknowledge\MSVCP71.DLL (Spyware.MarketScore) -> No action taken.

c:\program files\relevantknowledge\MSVCR71.DLL (Spyware.MarketScore) -> No action taken.

c:\program files\relevantknowledge\rlservice.exe (Spyware.MarketScore) -> No action taken.

c:\program files\relevantknowledge\rlvknlg.exe (Spyware.MarketScore) -> No action taken.

c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.

Please help!

Link to post
Share on other sites

:welcome:

Did you remove the objects malwarebytes detected?

We need to see some additional information about what is happening in your machine.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your next reply.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.