Am I infected with a keylogger?

[Frogshark40]

I believe I am personally, I play a game where alot of nerds attempt to hack you for personal gain and I think I may of got hit. I go to a site that has to do with glitches and stuff for the game, incase that may be a factor.

www.ezud.com <---Don't click, just saying thats the site.

Here is the HJT log.

I use a program called ProxyFirewall & Vadilia, but for nothing bad, just friends ban me from their ventrilo servers for a good laugh and I use it to somehow give myself a new identity and able to connect.

I also use a BNC service for a IRC server irc.swiftirc.net if that may be something, but I heard they are pretty reliable.

 

[xxdanielxx]

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [b] C:\Windows\system32\cssdll32.dll [/b]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

[Frogshark40]

DllUnregisterServer procedure not found in C:\Windows\system32\cssdll32.dll
C:\Windows\system32\cssdll32.dll NOT unregistered.
C:\Windows\system32\cssdll32.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08092008_164451

Sorry for the delay, had to do something. So what is a hook and how does it effect me?

 

[xxdanielxx]

can you post a fresh hijackthis, What we removed was a backdoor trojan

 

[Frogshark40]

So this trojan was able to record keystrokes/mouse strokes/clicks? (There is a PIN you can set in this game to access your bank and you have to click the numbers.

And was this trojan what screwed me over?

 

[xxdanielxx]

start HijackThis and then click on the Config button. Then click on the Misc Tools button and finally click on the ADS Spy button. Press the Scan button and the program will start to scan your Windows folder for any files that are Alternate Data Streams now click on the save log and attach it to your next reply

 

[Frogshark40]

Didn't know if thats supposed to happen, but those are my results.

 

[xxdanielxx]

do not check quick scan

 

[Frogshark40]

The 2 mp3 & WAV, I used Audacity to record a song and a ventrilo conversation, I don't know why there there.

 

[xxdanielxx]

nothing bad there can you run the tool below

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

 

[Frogshark40]

Alot of firewall popups. >_> Had to switch to installation mode.

/Edit, your DSS link is broken. Had to Google a download.

 

[xxdanielxx]

First you have 2 firewalls software installed you need to remove one either norton or comodo if you remove norton it will take out the AV and AS


FW: COMODO Firewall Pro v3.0 (COMODO)
FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated

 

[Frogshark40]

Norton wants me to buy the full version, which I'm not going to do, so I'll stick with COMODO. How do I remove the other one successfully?

Also, am I safe to change my passwords and stuff so this trojan can't log my keystrokes?

 

[xxdanielxx]

use the tool below then for anti virus install avira you can get it by clicking on my sig it is the last one

Norton Removal

• Download Norton Removal to your desktop
• Run the Uninstaller
• Reboot computer

 

[Frogshark40]

Ok, so after I remove Norton, I can still keep COMODO? And then I get Avira.

Now am I safe from this trojan?

 

[xxdanielxx]

You should be how is your computer running

 

[xxdanielxx]

please run this tool to make sure there are no trojans

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

[Frogshark40]

Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 6.0.6000

7:18:51 PM 8/11/2008
mbam-log-8-11-2008 (19-18-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 140799
Time elapsed: 45 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[xxdanielxx]

ok looks good I will post cleanup instructions later today

 

[Frogshark40]

So, I'm safe then hopefully...

 

[xxdanielxx]

looks like it do you notice anything wired or is it running fine I still need to post the clean up

 

[Frogshark40]

I mean its running fine, it always has been running fine its just I got hacked in this game, I havent noticed them log in it anymore, but that may be because they cleaned me out and didnt think twice about it.

 

[xxdanielxx]

how do you know you got hacked and which game