Possible keylogger?

[Cpt_Beard]

Long story short - I think I might have a keylogger from something.

I heard HijackThis was the best thing to run - I ran it and got the results, and I have no idea if I have one or not. I also ran my anti-virus program & Malware Bytes - both came up clean from a full scan.

 

 

Here are the results of the HijackThis scan ;

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:15:59 PM, on 3/26/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\Program Files\LogMeIn Hamachi\hamachi-2[Caution: Executable File]

C:\Program Files\Microsoft\BingBar\SeaPort[Caution: Executable File]

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32[Caution: Executable File]

C:\WINDOWS\LOGI_MWX[Caution: Executable File]

C:\WINDOWS\System32\hkcmd[Caution: Executable File]

C:\Program Files\Microsoft Security Client\msseces[Caution: Executable File]

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui[Caution: Executable File]

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

C:\Program Files\NETGEAR\WG111v2\WG111v2[Caution: Executable File]

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

C:\Program Files\Mozilla Firefox\plugin-container[Caution: Executable File]

C:\WINDOWS\System32\msiexec[Caution: Executable File]

C:\Program Files\Trend Micro\HiJackThis\HiJackThis[Caution: Executable File]

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX[Caution: Executable File]

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: Executable File]

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: Executable File]

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched[Caution: Executable File]"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces[Caution: Executable File]" -hide -runkey

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui[Caution: Executable File]" --auto-start

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui[Caution: Executable File] /install /silent

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20[Caution: Executable File]" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20[Caution: Executable File]" -t (User 'Default user')

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2[Caution: Executable File]

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2[Caution: Executable File]

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32[Caution: Executable File]

 

--

End of file - 4057 bytes

 

Can anyone please tell me if theres anything to worry about?

[The Observer]

Looks clean to me.

 

What makes you think you have a keylogger?

[Cpt_Beard]

Looks clean to me.

 

What makes you think you have a keylogger?

 

My brother tried downloading a bot thing for runescape (I know I'll probably get blamed for it, but I had no part in it - My main is something I wouldnt risk over a stupid bot), and I caught him right as he was downloading it (he ended up downloading it, but not opening it after it downloaded) and I'm really thinking there might be a keylogger on their. It was a .jar file if it matters at all.

[The Observer]

Looks clean to me.

 

What makes you think you have a keylogger?

 

My brother tried downloading a bot thing for runescape (I know I'll probably get blamed for it, but I had no part in it - My main is something I wouldnt risk over a stupid bot), and I caught him right as he was downloading it (he ended up downloading it, but not opening it after it downloaded) and I'm really thinking there might be a keylogger on their. It was a .jar file if it matters at all.

 

If you didn't open it then there shouldn't be any harm done. Scan the file to make sure.

 

P.S. Not trying to inject morals into this situation here, but even if it's a clean bot, I wouldn't use it anyway. The cons far outweigh the pros.

[Cpt_Beard]

Looks clean to me.

 

What makes you think you have a keylogger?

 

My brother tried downloading a bot thing for runescape (I know I'll probably get blamed for it, but I had no part in it - My main is something I wouldnt risk over a stupid bot), and I caught him right as he was downloading it (he ended up downloading it, but not opening it after it downloaded) and I'm really thinking there might be a keylogger on their. It was a .jar file if it matters at all.

 

If you didn't open it then there shouldn't be any harm done. Scan the file to make sure.

 

P.S. Not trying to inject morals into this situation here, but even if it's a clean bot, I wouldn't use it anyway. The cons far outweigh the pros.

Yeah, I wouldn't use a clean bot either.. I was just trying to make sure to point out that I don't bot and never will.

 

Is there a specific way to scan the file itself then?

Edit - Found that out - scanned the file itself on MW Bytes and nothing came up.

 

Would it be safe to go back to playing rs now?

[shasta_sms]

Yeah you should be safe now, just keep a close watch on your bro it looks like.

[The Observer]

Looks clean to me.

 

What makes you think you have a keylogger?

 

My brother tried downloading a bot thing for runescape (I know I'll probably get blamed for it, but I had no part in it - My main is something I wouldnt risk over a stupid bot), and I caught him right as he was downloading it (he ended up downloading it, but not opening it after it downloaded) and I'm really thinking there might be a keylogger on their. It was a .jar file if it matters at all.

 

If you didn't open it then there shouldn't be any harm done. Scan the file to make sure.

 

P.S. Not trying to inject morals into this situation here, but even if it's a clean bot, I wouldn't use it anyway. The cons far outweigh the pros.

Yeah, I wouldn't use a clean bot either.. I was just trying to make sure to point out that I don't bot and never will.

 

Is there a specific way to scan the file itself then?

Edit - Found that out - scanned the file itself on MW Bytes and nothing came up.

 

Would it be safe to go back to playing rs now?

 

It should be fine. As the above poster suggested, watch out for your brother.

 

Do you have shared computer accounts by any chance? Or do you have different accounts per person?

[Cpt_Beard]

Looks clean to me.

 

What makes you think you have a keylogger?

 

My brother tried downloading a bot thing for runescape (I know I'll probably get blamed for it, but I had no part in it - My main is something I wouldnt risk over a stupid bot), and I caught him right as he was downloading it (he ended up downloading it, but not opening it after it downloaded) and I'm really thinking there might be a keylogger on their. It was a .jar file if it matters at all.

 

If you didn't open it then there shouldn't be any harm done. Scan the file to make sure.

 

P.S. Not trying to inject morals into this situation here, but even if it's a clean bot, I wouldn't use it anyway. The cons far outweigh the pros.

Yeah, I wouldn't use a clean bot either.. I was just trying to make sure to point out that I don't bot and never will.

 

Is there a specific way to scan the file itself then?

Edit - Found that out - scanned the file itself on MW Bytes and nothing came up.

 

Would it be safe to go back to playing rs now?

 

It should be fine. As the above poster suggested, watch out for your brother.

 

Do you have shared computer accounts by any chance? Or do you have different accounts per person?

As of right now we have 1 shared account because I recently re-installed windows and everything.

[hounddog]

If it's your computer then I wouldn't let him use it again.

[The Observer]

snip

As of right now we have 1 shared account because I recently re-installed windows and everything.

 

Then create another account for him to use so yours won't be affected. Be sure to give him regular user so he doesn't install anything that can potentially harm the system.