mfxmm

One of my online game accounts has been compromised multiple times and I am fairly sure it is a keylogger, although I have no way of telling for sure.

here are my reports:


DDS (Version 1.0) - NTFSx86
Run by PJohnson at 17:54:28.23 on Sat 11/22/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1585 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PJohnson\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://shoptoshiba.ca/welcome
uInternet Connection Wizard,ShellNext = hxxp://shoptoshiba.ca/welcome
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CurseClient] "c:\program files\curse\CurseClient.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [AGRSMMSG] "c:\windows\AGRSMMSG.exe"
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] "c:\windows\system32\rundll32.exe" c:\windows\system32\nvsysrot.dll,Enable
mRun: [TPSMain] "c:\windows\system32\TPSMain.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys

=============== Created Last 30 ================

2008-11-22 17:31 250 a------- c:\windows\gmer.ini
2008-11-22 16:38 <DIR> --d----- c:\program files\X-NetStat
2008-11-22 15:24 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-11-22 15:24 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-11-22 15:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-22 14:51 <DIR> --d----- C:\Binaries
2008-11-22 14:50 164 a------- C:\install.dat
2008-11-22 14:18 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-22 14:18 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-22 14:18 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-22 14:18 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-22 14:18 <DIR> --d----- c:\program files\AVG
2008-11-22 14:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-22 14:15 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-22 14:15 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-22 14:15 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-22 14:15 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-22 14:15 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-22 14:15 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-22 14:15 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-22 14:15 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-22 14:15 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-21 10:32 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2008-11-21 10:32 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-21 10:31 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2008-11-21 10:31 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-11-21 10:31 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-11-21 10:31 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-11-20 09:42 <DIR> --d----- c:\documents and settings\pjohnson\Contacts
2008-11-20 08:11 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-11-19 22:43 270,880 a------- c:\windows\system32\mucltui.dll
2008-11-19 22:43 29,728 a------- c:\windows\system32\mucltui.dll.mui
2008-11-19 21:31 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-11-19 21:30 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-11-19 21:30 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-19 21:28 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-19 21:27 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-19 21:27 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-19 21:27 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-19 21:27 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-19 21:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-11-19 21:22 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-19 21:22 2,330,624 -c------ c:\windows\system32\dllcache\wmvcore.dll
2008-11-19 21:22 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-11-19 21:21 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-19 21:21 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-11-19 21:21 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-19 20:59 <DIR> --d----- c:\windows\system32\scripting
2008-11-19 20:59 <DIR> --d----- c:\windows\system32\en
2008-11-19 20:59 <DIR> --d----- c:\windows\system32\bits
2008-11-19 20:59 <DIR> --d----- c:\windows\l2schemas
2008-11-19 20:57 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-19 20:55 <DIR> --d----- c:\windows\network diagnostic
2008-11-19 20:43 <DIR> --d----- c:\program files\Curse
2008-11-19 20:40 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2008-11-19 20:30 <DIR> --d----- c:\program files\World of Warcraft
2008-11-19 20:23 <DIR> --d----- c:\windows\system32\PreInstall
2008-11-19 20:15 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-11-19 20:15 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-11-19 20:15 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-11-19 20:15 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-11-19 20:15 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-11-19 20:14 <DIR> --ds---- c:\documents and settings\pjohnson\UserData
2008-11-19 19:43 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-19 19:43 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-11-19 19:43 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-11-19 19:43 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-11-19 19:35 1,257,472 a------- c:\windows\system32\TPwrSave.cpl
2008-11-19 19:35 282,624 a------- c:\windows\system32\TPSMain.exe
2008-11-19 19:35 90,112 a------- c:\windows\system32\CpuPerf.dll
2008-11-19 19:35 81,920 a------- c:\windows\system32\TPwrReg.dll
2008-11-19 19:35 53,248 a------- c:\windows\system32\TPwrCfg.dll
2008-11-19 19:35 53,248 a------- c:\windows\system32\TPSTrace.dll
2008-11-19 19:35 53,248 a------- c:\windows\system32\TPSDel.dll
2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSMainCtl.dll
2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSBattM.exe
2008-11-19 19:35 45,056 a------- c:\windows\system32\TPSAddin.dll
2008-11-19 19:34 <DIR> --d----- c:\documents and settings\pjohnson\WINDOWS
2008-11-19 19:31 0 a--shr-- c:\windows\system32\drivers\TOSHIBA_Satellite A100_S3A4031D502_PSAA9C-TA902C.MRK
2008-11-19 19:31 <DIR> --d----- C:\ConnectKOL
2008-11-19 19:31 <DIR> --d----- C:\Connect
2008-11-19 19:30 <DIR> --d----- c:\documents and settings\PJohnson
2008-11-19 19:29 45,378 a------- c:\windows\system32\nvapps.xml
2008-11-19 19:29 180,224 a------- c:\windows\system32\nvudisp.exe
2008-11-19 19:29 16,683 a------- c:\windows\system32\nvdisp.nvu
2008-11-19 19:29 <DIR> --d----- c:\windows\nview
2008-11-19 19:29 180,224 a------- c:\windows\system32\NVUNINST.EXE
2008-11-19 19:28 <DIR> --d----- c:\program files\Synaptics
2008-11-19 19:24 <DIR> --d----- c:\windows\iehome
2008-11-19 19:23 <DIR> --d----- c:\program files\Datalode
2008-11-19 19:23 101,048,320 a------- c:\windows\MEMORY.DMP

==================== Find3M ====================

2008-11-20 21:08 <DIR> --d----- c:\program files\Messenger
2008-11-19 21:04 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-19 20:57 <DIR> --d----- c:\program files\Windows NT
2008-11-19 19:50 <DIR> --d----- c:\program files\Toshiba
2008-11-19 19:43 <DIR> --d----- c:\program files\InterVideo
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-26 02:24 826,368 a------- c:\windows\system32\wininet.dll
2006-01-29 18:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 17:54:38.81 ===============

Attached Files

	Attach.txt (6.0 KB, 1 views)
	Gmer.txt (1.5 KB, 0 views)

mfxmm

Bumped,

Any help would be very appreciated.

Thanks