|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
11-22-2008, 03:17 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 2
OS: XP
|
Trojan / Keylogger
One of my online game accounts has been compromised multiple times and I am fairly sure it is a keylogger, although I have no way of telling for sure.
here are my reports: DDS (Version 1.0) - NTFSx86 Run by PJohnson at 17:54:28.23 on Sat 11/22/2008 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1585 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\RAMASST.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\PJohnson\Desktop\dds.scr ============== Psuedo HJT Report =============== uStart Page = hxxp://shoptoshiba.ca/welcome uInternet Connection Wizard,ShellNext = hxxp://shoptoshiba.ca/welcome BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [CurseClient] "c:\program files\curse\CurseClient.exe" -silent uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background mRun: [ehTray] "c:\windows\ehome\ehtray.exe" mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE" mRun: [Alcmtr] "c:\windows\ALCMTR.EXE" mRun: [AGRSMMSG] "c:\windows\AGRSMMSG.exe" mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe" mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe" mRun: [TFncKy] TFncKy.exe mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet /keeploaded /nodetect mRun: [NVRotateSysTray] "c:\windows\system32\rundll32.exe" c:\windows\system32\nvsysrot.dll,Enable mRun: [TPSMain] "c:\windows\system32\TPSMain.exe" mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys =============== Created Last 30 ================ 2008-11-22 17:31 250 a------- c:\windows\gmer.ini 2008-11-22 16:38 <DIR> --d----- c:\program files\X-NetStat 2008-11-22 15:24 50,968 a------- c:\windows\system32\avgfwdx.dll 2008-11-22 15:24 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys 2008-11-22 15:01 <DIR> --d-h--- C:\$AVG8.VAULT$ 2008-11-22 14:51 <DIR> --d----- C:\Binaries 2008-11-22 14:50 164 a------- C:\install.dat 2008-11-22 14:18 98,440 a------- c:\windows\system32\drivers\avgldx86.sys 2008-11-22 14:18 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-11-22 14:18 <DIR> --d----- c:\windows\system32\drivers\Avg 2008-11-22 14:18 90,632 a------- c:\windows\system32\drivers\avgtdix.sys 2008-11-22 14:18 <DIR> --d----- c:\program files\AVG 2008-11-22 14:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2008-11-22 14:15 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-22 14:15 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll 2008-11-22 14:15 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll 2008-11-22 14:15 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-22 14:15 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe 2008-11-22 14:15 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll 2008-11-22 14:15 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat 2008-11-22 14:15 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll 2008-11-22 14:15 63,488 -c------ c:\windows\system32\dllcache\icardie.dll 2008-11-21 10:32 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll 2008-11-21 10:32 21,504 a------- c:\windows\system32\hidserv.dll 2008-11-21 10:31 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys 2008-11-21 10:31 14,592 a------- c:\windows\system32\drivers\kbdhid.sys 2008-11-21 10:31 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2008-11-21 10:31 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2008-11-20 09:42 <DIR> --d----- c:\documents and settings\pjohnson\Contacts 2008-11-20 08:11 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller 2008-11-19 22:43 270,880 a------- c:\windows\system32\mucltui.dll 2008-11-19 22:43 29,728 a------- c:\windows\system32\mucltui.dll.mui 2008-11-19 21:31 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2008-11-19 21:30 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2008-11-19 21:30 333,824 -c------ c:\windows\system32\dllcache\srv.sys 2008-11-19 21:28 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys 2008-11-19 21:27 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-19 21:27 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-19 21:27 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-19 21:27 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-19 21:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2008-11-19 21:22 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-19 21:22 2,330,624 -c------ c:\windows\system32\dllcache\wmvcore.dll 2008-11-19 21:22 331,776 -c------ c:\windows\system32\dllcache\msadce.dll 2008-11-19 21:21 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2008-11-19 21:21 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2008-11-19 21:21 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2008-11-19 20:59 <DIR> --d----- c:\windows\system32\scripting 2008-11-19 20:59 <DIR> --d----- c:\windows\system32\en 2008-11-19 20:59 <DIR> --d----- c:\windows\system32\bits 2008-11-19 20:59 <DIR> --d----- c:\windows\l2schemas 2008-11-19 20:57 <DIR> --d----- c:\windows\ServicePackFiles 2008-11-19 20:55 <DIR> --d----- c:\windows\network diagnostic 2008-11-19 20:43 <DIR> --d----- c:\program files\Curse 2008-11-19 20:40 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys 2008-11-19 20:30 <DIR> --d----- c:\program files\World of Warcraft 2008-11-19 20:23 <DIR> --d----- c:\windows\system32\PreInstall 2008-11-19 20:15 31,768 a------- c:\windows\system32\wucltui.dll.mui 2008-11-19 20:15 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui 2008-11-19 20:15 18,456 a------- c:\windows\system32\wuaueng.dll.mui 2008-11-19 20:15 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2008-11-19 20:15 23,576 a------- c:\windows\system32\wuapi.dll.mui 2008-11-19 20:14 <DIR> --ds---- c:\documents and settings\pjohnson\UserData 2008-11-19 19:43 <DIR> --d----- c:\windows\system32\appmgmt 2008-11-19 19:43 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys 2008-11-19 19:43 12,160 a------- c:\windows\system32\drivers\mouhid.sys 2008-11-19 19:43 10,368 a------- c:\windows\system32\drivers\hidusb.sys 2008-11-19 19:35 1,257,472 a------- c:\windows\system32\TPwrSave.cpl 2008-11-19 19:35 282,624 a------- c:\windows\system32\TPSMain.exe 2008-11-19 19:35 90,112 a------- c:\windows\system32\CpuPerf.dll 2008-11-19 19:35 81,920 a------- c:\windows\system32\TPwrReg.dll 2008-11-19 19:35 53,248 a------- c:\windows\system32\TPwrCfg.dll 2008-11-19 19:35 53,248 a------- c:\windows\system32\TPSTrace.dll 2008-11-19 19:35 53,248 a------- c:\windows\system32\TPSDel.dll 2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSMainCtl.dll 2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSBattM.exe 2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSAddin.dll 2008-11-19 19:34 <DIR> --d----- c:\documents and settings\pjohnson\WINDOWS 2008-11-19 19:31 0 a--shr-- c:\windows\system32\drivers\TOSHIBA_Satellite A100_S3A4031D502_PSAA9C-TA902C.MRK 2008-11-19 19:31 <DIR> --d----- C:\ConnectKOL 2008-11-19 19:31 <DIR> --d----- C:\Connect 2008-11-19 19:30 <DIR> --d----- c:\documents and settings\PJohnson 2008-11-19 19:29 45,378 a------- c:\windows\system32\nvapps.xml 2008-11-19 19:29 180,224 a------- c:\windows\system32\nvudisp.exe 2008-11-19 19:29 16,683 a------- c:\windows\system32\nvdisp.nvu 2008-11-19 19:29 <DIR> --d----- c:\windows\nview 2008-11-19 19:29 180,224 a------- c:\windows\system32\NVUNINST.EXE 2008-11-19 19:28 <DIR> --d----- c:\program files\Synaptics 2008-11-19 19:24 <DIR> --d----- c:\windows\iehome 2008-11-19 19:23 <DIR> --d----- c:\program files\Datalode 2008-11-19 19:23 101,048,320 a------- c:\windows\MEMORY.DMP ==================== Find3M ==================== 2008-11-20 21:08 <DIR> --d----- c:\program files\Messenger 2008-11-19 21:04 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-11-19 20:57 <DIR> --d----- c:\program files\Windows NT 2008-11-19 19:50 <DIR> --d----- c:\program files\Toshiba 2008-11-19 19:43 <DIR> --d----- c:\program files\InterVideo 2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll 2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll 2008-08-26 02:24 826,368 a------- c:\windows\system32\wininet.dll 2006-01-29 18:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI ============= FINISH: 17:54:38.81 =============== |
|
     |
| Sponsored Links |
| Thread Tools | |
|
|
