« previous next »
Pages: [1]

Author Topic: Possibly Keylogged  (Read 266 times)

Offline Shibbiness

  • Hero Member
  • *****
  • Posts: 662
  • Karma: +0/-0
    • View Profile
    • http://
Possibly Keylogged
« on: November 17, 2008, 11:16:00 PM »
Well i downloaded something i wish i didnt. However, i didnt even run the exe. As a matter of fact, it wouldnt let me extract from the zip file. Anyhow heres the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:42 PM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE135C0F-F77C-45E6-A45B-CEEB8E884BE4}: NameServer = 192.168.0.1,64.71.255.198
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8350 bytes


Any help appreciated thanks
Logged


TROOP FOR CASH! Get Free Cash For doing almost Nothing! Click here for my guide!





[color=\"#00ffff\"]Transacti[/color][color=\"#00ffff\"]ons

[/color]

[color=\"#000080\"]Bought Ranger from GOD OF WAR,  Everlasting Death mmed[/color] - [color=\"#00ff00\"]SUCCESSFUL! [/color]

[color=\"#00ff00\"][color=\"#000080\"]Bought Staker from Gikes, he went first - [/color][/color][color=\"#00ff00\"]SUCCESSFUL! ... so far[/color]

[color=\"#00ff00\"][color=\"#000080\"]Sold Pker to Cooney - [color=\"#00ff00\"]SUCCESSFUL!... [color=\"#9932cc\"]until he started being a fag and accused me and Kirk..[/color][/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"]F2p Pker was Trained by  X Trainer X 100k for 35-45 str... [color=\"#00ff00\"]- SUCCESSFULL! [/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]Sold lvl 75 to blizcrew14, Everlasting Death mmed - [color=\"#00ff00\"]SUCCESSFULL[/color][/color][/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]Mesmerized10 Gave me guide for f[/color][/color][/color][/color][/color][/color][color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]ree - [color=\"#00ff00\"]SUCCESSFULL[/color][/color][/color][/color][/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]Bought PbP Pin from B Lakes, Tyler mmed - [color=\"#00ff00\"]SUCCESSFULL[/color][/color][/color][/color][/color]

[color=\"#000080\"]Bought Guide off of Fluid[/color] - [color=\"#00ff00\"]SUCCESFULL[/color]

[color=\"#000080\"]Lent Fluid 2.5m, supposed to return me 8m[/color] - [color=\"#9932cc\"]scammed... what a hoe[/color]

[color=\"#000080\"]Bought Pin from DestroyGeek, Yded mmed[/color] - [color=\"#00ff00\"]SUCCESSFULL[/color]

[color=\"#00bfff\"][color=\"#000080\"]Bought Name off of Forsaken, i went first[/color] - [color=\"#00ff00\"]SUCCESSFULL[/color]

[color=\"#000080\"]Gave Pyrokitty free lvl 49 - [color=\"#00ff00\"]SUCCESSFULL[/color][/color]

[/color][color=\"#00bfff\"]RL ITEMS[/color]

[color=\"#00bfff\"][color=\"#000080\"]Bought an ipod off of Solaris, 11m, Jb Lee mmed - [/color][/color][color=\"#00bfff\"] [color=\"#00ff00\"]SUCCESSFULL[/color][/color]

[color=\"#000080\"]Bought Call of Duty 4 and 1 for a lvl 97, Pyrokitty went first[/color] - [color=\"#00ff00\"]SUCCESSFUL <-- great guy

[/color][color=\"#00bfff\"]

MM's/ Xfers! [/color]

[color=\"#000080\"]Xfered Around 750k for AE m[/color] - [color=\"#00ff00\"]SUCCESSFULL[/color]

 [color=\"#00bfff\"]Reccomendations[/color]

[color=\"#00ff00\"][color=\"#000080\"]Everlasting Death - Great mmer! [/color][/color]

[color=\"#00ff00\"][color=\"#000080\"]Kirk Hammett - Great mmer! [/color][/color]

[color=\"#00ff00\"][color=\"#000080\"]X Trainer X - Great Trainer[/color][/color]

[color=\"#000080\"]AE m - Great MMer[/color]

[color=\"#000080\"]Yded - Great MMer



[/color]





 

EMAIL: Rs.Shibby@hotmail.com



 

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possibly Keylogged
« Reply #1 on: November 17, 2008, 11:38:38 PM »
Log looks OK, you may want to run an updated scan with AVG
Did you disable AVG traybar in taskmanager?

I see it's run key, but it's not in your processes
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Shibbiness

  • Hero Member
  • *****
  • Posts: 662
  • Karma: +0/-0
    • View Profile
    • http://
Possibly Keylogged
« Reply #2 on: November 18, 2008, 07:37:55 AM »
Trial was up. Ill redownload and do a scan thanks.
Logged


TROOP FOR CASH! Get Free Cash For doing almost Nothing! Click here for my guide!





[color=\"#00ffff\"]Transacti[/color][color=\"#00ffff\"]ons

[/color]

[color=\"#000080\"]Bought Ranger from GOD OF WAR,  Everlasting Death mmed[/color] - [color=\"#00ff00\"]SUCCESSFUL! [/color]

[color=\"#00ff00\"][color=\"#000080\"]Bought Staker from Gikes, he went first - [/color][/color][color=\"#00ff00\"]SUCCESSFUL! ... so far[/color]

[color=\"#00ff00\"][color=\"#000080\"]Sold Pker to Cooney - [color=\"#00ff00\"]SUCCESSFUL!... [color=\"#9932cc\"]until he started being a fag and accused me and Kirk..[/color][/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"]F2p Pker was Trained by  X Trainer X 100k for 35-45 str... [color=\"#00ff00\"]- SUCCESSFULL! [/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]Sold lvl 75 to blizcrew14, Everlasting Death mmed - [color=\"#00ff00\"]SUCCESSFULL[/color][/color][/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]Mesmerized10 Gave me guide for f[/color][/color][/color][/color][/color][/color][color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]ree - [color=\"#00ff00\"]SUCCESSFULL[/color][/color][/color][/color][/color][/color][/color]

[color=\"#00ff00\"][color=\"#000080\"][color=\"#00ff00\"][color=\"#000080\"]Bought PbP Pin from B Lakes, Tyler mmed - [color=\"#00ff00\"]SUCCESSFULL[/color][/color][/color][/color][/color]

[color=\"#000080\"]Bought Guide off of Fluid[/color] - [color=\"#00ff00\"]SUCCESFULL[/color]

[color=\"#000080\"]Lent Fluid 2.5m, supposed to return me 8m[/color] - [color=\"#9932cc\"]scammed... what a hoe[/color]

[color=\"#000080\"]Bought Pin from DestroyGeek, Yded mmed[/color] - [color=\"#00ff00\"]SUCCESSFULL[/color]

[color=\"#00bfff\"][color=\"#000080\"]Bought Name off of Forsaken, i went first[/color] - [color=\"#00ff00\"]SUCCESSFULL[/color]

[color=\"#000080\"]Gave Pyrokitty free lvl 49 - [color=\"#00ff00\"]SUCCESSFULL[/color][/color]

[/color][color=\"#00bfff\"]RL ITEMS[/color]

[color=\"#00bfff\"][color=\"#000080\"]Bought an ipod off of Solaris, 11m, Jb Lee mmed - [/color][/color][color=\"#00bfff\"] [color=\"#00ff00\"]SUCCESSFULL[/color][/color]

[color=\"#000080\"]Bought Call of Duty 4 and 1 for a lvl 97, Pyrokitty went first[/color] - [color=\"#00ff00\"]SUCCESSFUL <-- great guy

[/color][color=\"#00bfff\"]

MM's/ Xfers! [/color]

[color=\"#000080\"]Xfered Around 750k for AE m[/color] - [color=\"#00ff00\"]SUCCESSFULL[/color]

 [color=\"#00bfff\"]Reccomendations[/color]

[color=\"#00ff00\"][color=\"#000080\"]Everlasting Death - Great mmer! [/color][/color]

[color=\"#00ff00\"][color=\"#000080\"]Kirk Hammett - Great mmer! [/color][/color]

[color=\"#00ff00\"][color=\"#000080\"]X Trainer X - Great Trainer[/color][/color]

[color=\"#000080\"]AE m - Great MMer[/color]

[color=\"#000080\"]Yded - Great MMer



[/color]





 

EMAIL: Rs.Shibby@hotmail.com



 

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possibly Keylogged
« Reply #3 on: November 18, 2008, 09:25:12 AM »
Just uninstall the Trial and install the Free version
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »