Thread: Possible Keylogger/Malware/Spyware Problem
View Single Post
Old 06-29-2009, 03:37 AM   #1 (permalink)
Antonio09
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: XP


Possible Keylogger/Malware/Spyware Problem
Hi There,

Firstly thank you for offering your services to the people of the world for free especially myself. It's a huge gesture which I really appreicate & admire.

Im a Forum Administrator on music forum which uses Invision Power Board. My account on this forum was hacked by an IP address in the UK somehow by stealing my password .They accessed the admin Control Panel & sent a mass email/PM asking members to sign up to another forum.

So I think I have a keylogger and/or trojan/spyware hiding about in my PC, which could be taking any other og my username/password details.

I am very careful about what I download, but think it came from a free premium rapidshare (Account details can be given if required) a forum member gave me.(owners advised this is the member who hacked my account) who has since been deleted from the forum.

I've ran Ad-Aware & done a full scan using my McAfee which didn't really pick up anything but am still skeptical as to whether or not the trojan/keylogger has been removed.

Appreicate your expertise & knowldge which is a great asset to us all how need it. Keep up the great & generous work!

King regards,

Antonio

As requested:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Antonio at 13:49:43.28 on Sun 28/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1465 [GMT 10:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optusnet.com.au/
uSearch Page = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uSearch Bar = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uDefault_Page_URL = http://www.google.com.au/ig/dell?hl=...au&ibd=2070723
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2070723
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol70t~1.lnk - c:\program files\aol 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-7-24 214024]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-7-24 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-7-24 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-7-24 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-7-24 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 34216]

=============== Created Last 30 ================

2009-06-27 16:21 268 a---h--- C:\sqmdata14.sqm
2009-06-27 16:21 244 a---h--- C:\sqmnoopt14.sqm
2009-06-13 10:55 244 a---h--- C:\sqmnoopt13.sqm
2009-06-13 10:55 232 a---h--- C:\sqmdata13.sqm
2009-06-13 10:54 244 a---h--- C:\sqmnoopt12.sqm
2009-06-13 10:54 232 a---h--- C:\sqmdata12.sqm

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-08 01:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 14:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 14:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 14:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 14:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 14:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 14:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 14:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 14:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 14:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 14:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 14:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 19:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 19:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 15:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 15:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 22:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 22:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-16 00:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-16 00:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-09-23 20:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 13:50:12.68 ===============

Attached Logs:
Last edited by TheBruce1; 07-01-2009 at 09:02 AM.
Antonio09 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here