Thread: Trojan / Keylogger
View Single Post
Old 11-22-2008, 04:17 PM   #1 (permalink)
mfxmm
Registered User
 
Join Date: Nov 2008
Posts: 2
OS: XP


Trojan / Keylogger
One of my online game accounts has been compromised multiple times and I am fairly sure it is a keylogger, although I have no way of telling for sure.

here are my reports:


DDS (Version 1.0) - NTFSx86
Run by PJohnson at 17:54:28.23 on Sat 11/22/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1585 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PJohnson\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://shoptoshiba.ca/welcome
uInternet Connection Wizard,ShellNext = hxxp://shoptoshiba.ca/welcome
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CurseClient] "c:\program files\curse\CurseClient.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [AGRSMMSG] "c:\windows\AGRSMMSG.exe"
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] "c:\windows\system32\rundll32.exe" c:\windows\system32\nvsysrot.dll,Enable
mRun: [TPSMain] "c:\windows\system32\TPSMain.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys

=============== Created Last 30 ================

2008-11-22 17:31 250 a------- c:\windows\gmer.ini
2008-11-22 16:38 <DIR> --d----- c:\program files\X-NetStat
2008-11-22 15:24 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-11-22 15:24 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-11-22 15:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-22 14:51 <DIR> --d----- C:\Binaries
2008-11-22 14:50 164 a------- C:\install.dat
2008-11-22 14:18 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-22 14:18 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-22 14:18 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-22 14:18 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-22 14:18 <DIR> --d----- c:\program files\AVG
2008-11-22 14:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-22 14:15 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-22 14:15 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-22 14:15 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-22 14:15 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-22 14:15 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-22 14:15 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-22 14:15 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-22 14:15 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-22 14:15 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-21 10:32 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2008-11-21 10:32 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-21 10:31 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2008-11-21 10:31 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-11-21 10:31 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-11-21 10:31 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-11-20 09:42 <DIR> --d----- c:\documents and settings\pjohnson\Contacts
2008-11-20 08:11 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-11-19 22:43 270,880 a------- c:\windows\system32\mucltui.dll
2008-11-19 22:43 29,728 a------- c:\windows\system32\mucltui.dll.mui
2008-11-19 21:31 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-11-19 21:30 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-11-19 21:30 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-19 21:28 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-19 21:27 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-19 21:27 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-19 21:27 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-19 21:27 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-19 21:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-11-19 21:22 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-19 21:22 2,330,624 -c------ c:\windows\system32\dllcache\wmvcore.dll
2008-11-19 21:22 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-11-19 21:21 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-19 21:21 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-11-19 21:21 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-19 20:59 <DIR> --d----- c:\windows\system32\scripting
2008-11-19 20:59 <DIR> --d----- c:\windows\system32\en
2008-11-19 20:59 <DIR> --d----- c:\windows\system32\bits
2008-11-19 20:59 <DIR> --d----- c:\windows\l2schemas
2008-11-19 20:57 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-19 20:55 <DIR> --d----- c:\windows\network diagnostic
2008-11-19 20:43 <DIR> --d----- c:\program files\Curse
2008-11-19 20:40 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2008-11-19 20:30 <DIR> --d----- c:\program files\World of Warcraft
2008-11-19 20:23 <DIR> --d----- c:\windows\system32\PreInstall
2008-11-19 20:15 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-11-19 20:15 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-11-19 20:15 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-11-19 20:15 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-11-19 20:15 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-11-19 20:14 <DIR> --ds---- c:\documents and settings\pjohnson\UserData
2008-11-19 19:43 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-19 19:43 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-11-19 19:43 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-11-19 19:43 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-11-19 19:35 1,257,472 a------- c:\windows\system32\TPwrSave.cpl
2008-11-19 19:35 282,624 a------- c:\windows\system32\TPSMain.exe
2008-11-19 19:35 90,112 a------- c:\windows\system32\CpuPerf.dll
2008-11-19 19:35 81,920 a------- c:\windows\system32\TPwrReg.dll
2008-11-19 19:35 53,248 a------- c:\windows\system32\TPwrCfg.dll
2008-11-19 19:35 53,248 a------- c:\windows\system32\TPSTrace.dll
2008-11-19 19:35 53,248 a------- c:\windows\system32\TPSDel.dll
2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSMainCtl.dll
2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSBattM.exe
2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSAddin.dll
2008-11-19 19:34 <DIR> --d----- c:\documents and settings\pjohnson\WINDOWS
2008-11-19 19:31 0 a--shr-- c:\windows\system32\drivers\TOSHIBA_Satellite A100_S3A4031D502_PSAA9C-TA902C.MRK
2008-11-19 19:31 <DIR> --d----- C:\ConnectKOL
2008-11-19 19:31 <DIR> --d----- C:\Connect
2008-11-19 19:30 <DIR> --d----- c:\documents and settings\PJohnson
2008-11-19 19:29 45,378 a------- c:\windows\system32\nvapps.xml
2008-11-19 19:29 180,224 a------- c:\windows\system32\nvudisp.exe
2008-11-19 19:29 16,683 a------- c:\windows\system32\nvdisp.nvu
2008-11-19 19:29 <DIR> --d----- c:\windows\nview
2008-11-19 19:29 180,224 a------- c:\windows\system32\NVUNINST.EXE
2008-11-19 19:28 <DIR> --d----- c:\program files\Synaptics
2008-11-19 19:24 <DIR> --d----- c:\windows\iehome
2008-11-19 19:23 <DIR> --d----- c:\program files\Datalode
2008-11-19 19:23 101,048,320 a------- c:\windows\MEMORY.DMP

==================== Find3M ====================

2008-11-20 21:08 <DIR> --d----- c:\program files\Messenger
2008-11-19 21:04 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-19 20:57 <DIR> --d----- c:\program files\Windows NT
2008-11-19 19:50 <DIR> --d----- c:\program files\Toshiba
2008-11-19 19:43 <DIR> --d----- c:\program files\InterVideo
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-26 02:24 826,368 a------- c:\windows\system32\wininet.dll
2006-01-29 18:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 17:54:38.81 ===============
Attached Files
File Type: txt Attach.txt (6.0 KB, 1 views)
File Type: txt Gmer.txt (1.5 KB, 0 views)
mfxmm is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here