Jump to content

Need help with keylogger! (with HJT log)

KronoS

By KronoS
in Tech and Computers

 Share

Recommended Posts

KronoS

KronoS

Posted
Posted

Well I recently got a keylogger on my comp. I think I got rid of it now tho, but I want to be absolutely sure.

 

 

 

 

 

 

 

Any advice on any good online scans? I tried the one in the sticky on the help & advice board (housecall) + i got norton antivirus myself now.

 

 

 

 

 

 

 

Both of them show nothing, so I want to know if its safe to get back to playing at home. (not playing anywhere else either tho, just using others comp to post here on the forums)

 

 

 

 

 

 

 

EDIT: posted the log further down

Link to comment
Share on other sites
zonda

zonda

Posted
Posted

Make sure you scanned with them both in safe mode, to get into safe mode restart your computer and repeatidy hit "f8" untill it prompts you on how you would like to boot up. Select 'safe mode with networking' using the up\down arrows and then hit enter.

 

 

 

 

 

 

 

Also, post a HiJackThis log here and we will check it for you. Make sure you post the ENTIRE log or it will be useless to us. Toget HiJackThis, read the stickies on this forum :wink:

...

Link to comment
Share on other sites
KronoS

KronoS

Posted
  • Author
Posted

Thanks :)

 

 

 

 

 

 

 

Here is the HJT log you asked for, hopefully someone of you might help me :)

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 13:04:07, on 2005-05-16

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\csrss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\ccProxy[Caution: ExecutableFile]

 

 

 

C:\Program\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\Program\Norton AntiVirus\AdvTools\NPROTECT[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\pctspk[Caution: ExecutableFile]

 

 

 

C:\Program\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

 

 

 

C:\Program\D-Tools\daemon[Caution: ExecutableFile]

 

 

 

C:\Program\Delade filer\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\alg[Caution: ExecutableFile]

 

 

 

C:\Program\MSN Messenger\MsnMsgr[Caution: ExecutableFile]

 

 

 

C:\Program\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\EXPLORER[Caution: ExecutableFile]

 

 

 

C:\Program\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program\WinRAR\WinRAR[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\KronoS\LOKALA~1\Temp\Rar$EX00.115\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LÃÆÃâÃâänkar

 

 

 

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

 

 

 

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon[Caution: ExecutableFile]" -lang 1033

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program\Delade filer\Symantec Shared\CfgWiz[Caution: ExecutableFile] /GUID NAV /CMDLINE "REBOOT"

 

 

 

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT[Caution: ExecutableFile]

 

 

 

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk[Caution: ExecutableFile]

 

 

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

 

 

 

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr[Caution: ExecutableFile] (file missing)

 

 

 

 

 

 

 

 

 

 

the missing file which got censored on the last line is w*fmgr, (its supposed to be a D instead of the "star") why is it missing? anything important?

 

 

 

 

 

 

 

Thanks :)

Link to comment
Share on other sites
Mercifull

Mercifull

Posted
Posted

Relatively clean log, a couple of unneccesaries tho so you can remove the following.

 

 

 

 

 

 

 

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

 

 

 

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr[Caution: ExecutableFile] (file missing)

 

 

 

 

 

 

 

Also, is there a reason why you have MSN Messenger AND Windows Messenger running? Theres no need to have both.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept