Anyways, I have a keylogger that recently took over one of my gaming accounts. I need to find the little bugger and eliminate him, and I can't do it without your help.
I have so many things on my computer, so many treasured files and pictures that it would be such a shame to remove it all (re-format).
Anyways, here's my HyjackThis log, I hope I did it right.
Logfile of HijackThis v1.99.1
Scan saved at 5:47:21 PM, on 10/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\windows\daemon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE
C:\WINDOWS\System32\oodag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Winamp\Winampa.exe
C:\Noitacilppa\virtualdrive\vdtask.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUMENTS AND SETTINGS\RIVALUTION\MY DOCUMENTS\MY GAMES\FRAPS\FRAPS.EXE
C:\Program Files\HAWKING\Hawking Technologies HWP54G Wireless-G PCI Card\Installer\WINXP\ConfigUtility.exe
C:\Documents and Settings\Rivalution\My Documents\My Games\NetLimiter\DUSuperControler.exe
C:\Documents and Settings\Rivalution\My Documents\My Games\NetLimiter\DUSuperControler.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0323D39F-9542-4E44-99A3-CDEE1AAC60ED} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {423EE854-BCAA-48B0-8DD1-74A29DF17780} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C047831-BC4B-46A8-95D3-B22D683BEABC} - (no file)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: (no name) - {875C428E-7727-438D-927C-2505B76E2C83} - (no file)
O2 - BHO: (no name) - {87A49733-FA0E-46E8-B8B5-2D8C7B310059} - (no file)
O2 - BHO: (no name) - {8E13AD0A-6A34-479F-BC87-E100B4F245FD} - (no file)
O2 - BHO: (no name) - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C070B28D-C99C-43AB-AE42-C731693D38C7} - (no file)
O2 - BHO: (no name) - {C9B93FAF-7481-4C2B-B2BD-4B746B67E56C} - (no file)
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\windows\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [VirtualDrive] C:\Noitacilppa\virtualdrive\vdtask.exe /AutoRestore
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrayServer] C:\Documents and Settings\Rivalution\My Documents\My Videos\Movie Maker\TrayServer.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\mkvnxoew.dll",forkonce
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\noitacilppa\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\DOCUMENTS AND SETTINGS\RIVALUTION\MY DOCUMENTS\MY GAMES\FRAPS\FRAPS.EXE
O4 - Startup: Norton Disk Doctor.LNK = P:\programs\Norton Utilities 2006\Support\NDD32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ConfigUtility.lnk = C:\Program Files\HAWKING\Hawking Technologies HWP54G Wireless-G PCI Card\Installer\WINXP\ConfigUtility.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Documents and Settings\Rivalution\My Documents\My Games\NetLimiter\DUSuperControler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\noitacilppa\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {31E8A994-4C3D-4681-AC6C-EAB39C603F24} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.0_03) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.0_03) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O20 - Winlogon Notify: awtqo - C:\WINDOWS\System32\awtqo.dll (file missing)
O20 - Winlogon Notify: iiffged - iiffged.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Documents and Settings\Rivalution\My Documents\My Videos\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Unknown owner - C:\Program Files\UPHClean\uphclean.exe (file missing)