Possible logger?

[Pink]

I think I might have gotten a key logger from something I recently downloaded. So, I read up on key loggers, I read somewhere that it's nearly impossible to detect one once it's on the computer.

So I was wondering if anyone could find out if the link below had a key logger.

http://sourcefortsmod.com/boards/attachment.php?attachmentid=125&d=1190472259

 

[ceewi1]

All I see in there is a text file of an IM conversation. No keyloggers there. If you're concerned that you might be infected with malware you can post a HijackThis log. To do so, download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place an shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.

 

[Pink]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:14 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Setup Initialization] Microsoft Setup Initialization
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] Microsoft Setup Initialization
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Microsoft Setup Initialization] Microsoft Setup Initialization
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188150213796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9339 bytes

 

[ceewi1]

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[Pink]

That link doesn't work BTW.


ComboFix 07-09-28.6 - User 2007-09-27 18:09:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.455 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.

2007-09-27 18:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-27 16:48 <DIR> d-------- C:\Program Files\iPod
2007-09-26 20:22 <DIR> d-------- C:\Program Files\Opera
2007-09-26 20:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Opera
2007-09-26 19:50 <DIR> d-------- C:\Program Files\Winamp
2007-09-26 15:13 <DIR> d-------- C:\Program Files\iTunes
2007-09-24 23:43 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-24 23:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-24 23:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-24 23:36 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2007-09-24 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-23 21:44 164 --a------ C:\install.dat
2007-09-23 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-23 20:56 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-19 18:17 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-19 18:17 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-19 18:17 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-09-19 18:17 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-19 18:17 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-09-19 18:17 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-09-17 21:16 23 --a------ C:\WINDOWS\popcinfot.dat
2007-09-16 04:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-15 10:40 <DIR> d-------- C:\Documents and Settings\User\Application Data\Ahead
2007-09-15 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-15 10:36 <DIR> d-------- C:\Program Files\Nero
2007-09-15 10:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-15 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-14 23:03 <DIR> d-------- C:\Program Files\Elecard MPEG2 Decoder Package 2.0
2007-09-14 22:59 <DIR> d-------- C:\Program Files\AC3Filter
2007-09-14 22:58 <DIR> d-------- C:\Program Files\ffdshow
2007-09-14 20:58 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-09-14 20:58 638,976 --a------ C:\WINDOWS\system32\divx.dll
2007-09-14 20:58 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-14 20:58 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-09-14 20:58 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-09-14 20:58 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-09-14 20:58 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-14 20:58 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-14 20:58 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-09-14 20:58 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-09-14 20:58 <DIR> d-------- C:\Program Files\AVSMedia
2007-09-14 19:49 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2007-09-14 18:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Comodo
2007-09-14 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-09-14 18:10 <DIR> d-------- C:\Program Files\PandoBar
2007-09-14 18:09 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-14 18:09 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-09-14 17:51 <DIR> d-------- C:\Program Files\Comodo
2007-09-11 17:23 <DIR> d-------- C:\WINDOWS\LANG
2007-09-11 17:13 6,656 --a--c--- C:\WINDOWS\system32\dllcache\c_is2022.dll
2007-09-11 17:13 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-09-11 17:13 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2007-09-11 17:13 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe
2007-09-11 17:13 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2007-09-09 20:33 36,104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-09-09 20:33 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-09-09 20:33 <DIR> d-------- C:\Program Files\Illustrate
2007-09-08 13:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-09-08 10:27 <DIR> d-------- C:\Program Files\Bonjour
2007-09-08 10:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-08 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-07 21:52 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sony
2007-09-07 19:30 <DIR> d-------- C:\Program Files\Sony Setup
2007-09-07 06:32 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-09-07 06:32 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-06 22:57 <DIR> d-------- C:\Program Files\uTorrent
2007-09-06 22:57 <DIR> d-------- C:\Program Files\Foxit Software
2007-09-06 22:57 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2007-09-06 22:22 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 21:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\My Games
2007-09-06 21:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Apple Computer
2007-09-06 21:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-06 21:21 <DIR> d-------- C:\Program Files\QuickTime
2007-09-06 21:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-06 21:21 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-06 20:37 <DIR> d-------- C:\Program Files\Firaxis Games
2007-09-06 20:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-06 19:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-06 19:11 299,392 --a------ C:\WINDOWS\system32\imon.dll
2007-09-06 19:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-06 19:00 <DIR> d-------- C:\Documents and Settings\User\Application Data\WinRAR
2007-09-06 18:47 <DIR> d-------- C:\Program Files\Steam
2007-09-06 18:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-06 18:23 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-05 19:59 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-09-05 19:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-05 19:58 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-05 19:58 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 21:41 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-26 13:27 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-26 13:10 --------- d-------- C:\Program Files\MSBuild
2007-08-26 13:06 --------- d-------- C:\Program Files\Reference Assemblies
2007-08-26 13:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-26 12:40 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-26 12:39 --------- d-------- C:\Program Files\CA
2007-08-24 18:38 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-20 00:48 77160 --a------ C:\DSETUP.dll
2007-07-20 00:48 503144 --a------ C:\DXSETUP.exe
2007-07-20 00:48 1673576 --a------ C:\dsetup32.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-09-14 18:10 266240]

[HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-14 22:01 C:\WINDOWS\SOUNDMAN.EXE]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-06 19:10]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Microsoft Setup Initialization"="Microsoft Setup Initialization" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe" [2007-05-11 02:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 17:22]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-09-06 18:48]
"Microsoft Setup Initialization"="Microsoft Setup Initialization" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Setup Initialization"=Microsoft Setup Initialization

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=acaptuser32.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - IPOD_SERVICE
*Newly Created Service* - UPNPHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 19:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-27 21:17:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 18:11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = acaptuser32.dll??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-28 18:12:57
.
--- E O F ---

 

[ceewi1]

Sorry about the link. I'm not seeing any signs of a keylogger, although there are a couple of entries that can be removed.

Please run Hijack This and choose Do a System Scan Only.

Place a check next to the following entries:

• O3 - Toolbar: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
• O4 - HKLM\..\Run: [Microsoft Setup Initialization] Microsoft Setup Initialization
• O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] Microsoft Setup Initialization
• O4 - HKCU\..\Run: [Microsoft Setup Initialization] Microsoft Setup Initialization

Please close all open windows except for HijackThis and choose Fix checked

 

[sameer795]

try uniblue spyware eraser......it will detect any spyware activity on your machine....