Your Ad Here

Monday, March 9, 2009

I may have a keylogger

Hi. I accidentally clicked a keylogger link in WoW forums. i immediately closed the browser but im not sure if i got the keylogger or no. Could you guys check for me? i already scanned with Spybot, AVG, and Nod32. Below is the log of my HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:55 PM, on 3/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesAcerAcer Bio ProtectionPdtWzd.exe
C:WindowsPLFSetI.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe
C:Program FilesAcer Arcade DeluxePlayMoviePMVService.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesCyberlinkPowerDVD8PDVD8Serv.exe
C:Program FilesCyberlinkShared filesbrs.exe
C:Program FilesScanSoftOmniPageSE4OpWareSE4.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesSlySoftCloneCDCloneCDTray.exe
C:WindowsSystem32rundll32.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesCommon FilesACD SystemsENDevDetect.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesNokiaNokia PC Suite 6PcSync2.exe
C:Program FilesDAPDAP.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesAcerAcer Bio ProtectionPwdBank.exe
C:UsersMarkAppDataLocalTempRtkBtMnt.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesCommon FilesNokiaMPAPIMPAPI3s.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Windowssystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://en.ph.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://en.ph.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://en.ph.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 138.238.250.155:3124
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:Program FilesWinamp Toolbarwinamptb.dll
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn1yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [BkupTray] "C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe"
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 - HKLM..Run: [ZPdtWzdVitaKey MC3000] "C:Program FilesAcerAcer Bio ProtectionPdtWzd.exe" show
O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ArcadeDeluxeAgent] "C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe"
O4 - HKLM..Run: [CLMLServer] "C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [PlayMovie] "C:Program FilesAcer Arcade DeluxePlayMoviePMVService.exe"
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [RemoteControl8] "C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe"
O4 - HKLM..Run: [PDVD8LanguageShortcut] "C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe"
O4 - HKLM..Run: [BDRegion] C:Program FilesCyberlinkShared Filesbrs.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [OpwareSE4] "C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [egui] "C:Program FilesESETESET Smart Securityegui.exe" /hide /waitservice
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -startup
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [EPSON Stylus T10 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATIEBS.EXE /FU "C:WindowsTEMPE_S1481.tmp" /EF "HKCU"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 - HKCU..Run: [DownloadAccelerator] "C:Program FilesDAPDAP.EXE" /STARTUP
O4 - HKCU..Run: [NVIDIA nTune] "C:Program FilesNVIDIA CorporationnTunenTuneCmd.exe" clear
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User LOCAL SERVICE)
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User LOCAL SERVICE)
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User NETWORK SERVICE)
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:Program FilesDAPPrivacy Packagedapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:Program FilesDAPdapextie.htm
O8 - Extra context menu item: &Winamp Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Download &all with DAP - C:Program FilesDAPdapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:Program FilesAcerAcer Bio ProtectionPwdBank.exe
O9 - Extra Tools menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:Program FilesAcerAcer Bio ProtectionPwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra Tools menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra Tools menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://support.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:Program FilesAcerAcer Bio ProtectionWinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:Program FilesESETESET Smart Securityekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Intel Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: MySQL - Unknown owner - C:MySQLMySQL.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:Program FilesNVIDIA CorporationnTunenTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:Windowssystem32vfsFPService.exe

--
End of file - 16104 bytes

Read More...
Your Ad Here
Posted by Kishore Vengala at 9:18 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)