Hi,
Recently I was notified by my bank that my MasterCard had been accessed twice overnight, and it leads me to suspect that I have some kind of virus that was able to log my details, as I typed them in recently for an online purchase. So I ran Malwarebytes’ Anti-Malware, OTL and aswMBR.
Edit: perhaps I should mention that I ran the Kaspersky TDSSKiller scan with no threats, and a full scan with Kaspersky Internet Security also with no threats.
MBAM:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.29.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tim_2 :: TIM-PC [limited]
30/03/2012 9:56:33 AM
mbam-log-2012-03-30 (09-56-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168370
Time elapsed: 1 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\users\tim\local settings\tempdir\betterinstaller.exe (PUP.BundleInstaller.Somoto) → Quarantined and deleted successfully.
(end)
aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 09:36:38
09:36:38.699 OS Version: Windows x64 6.1.7601 Service Pack 1
09:36:38.699 Number of processors: 4 586 0x2A07
09:36:38.700 ComputerName: TIM-PC UserName: Tim
09:36:57.406 Initialize success
09:38:10.098 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
09:38:10.098 Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 3
09:38:10.098 Disk 0 MBR read successfully
09:38:10.098 Disk 0 MBR scan
09:38:10.098 Disk 0 Windows 7 default MBR code
09:38:10.108 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:38:10.118 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
09:38:10.128 Disk 0 scanning C:\Windows\system32\drivers
09:38:13.455 Service scanning
09:38:16.429 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys LOCKED 5
09:38:16.429 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys LOCKED 5
09:38:16.476 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys LOCKED 5
09:38:16.510 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys LOCKED 5
09:38:20.679 Modules scanning
09:38:20.679 Disk 0 trace - called modules:
09:38:20.695 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:38:20.695 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8009d8a790]
09:38:20.695 3 CLASSPNP.SYS[fffff88001e1743f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8007585050]
09:38:20.695 Scan finished successfully
09:39:50.757 Disk 0 MBR has been saved successfully to “C:\Users\Tim\Documents\MBR.dat”
09:39:50.760 The log file has been saved successfully to “C:\Users\Tim\Documents\aswMBR.txt”
The OTL log is attached.
Thanks a lot in advance!