« previous next »
Pages: [1]

Author Topic: I think i have a keylogger.  (Read 670 times)

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« on: October 26, 2008, 02:58:20 PM »
im pretty sure i have a keylogger from someone on ttg because i came back on ttg like 3 days ago and since then every single password secure thing i have game accounts E-mails etc. has been hacked.

can you help me out here questolo?
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #1 on: October 26, 2008, 03:22:14 PM »
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #2 on: October 26, 2008, 04:49:19 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:32 AM, on 1/4/2080
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LEXBCES.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\LEXPPS.EXE
C:\Windows\System32\PackethSvc.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\lxdccoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\mqsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\system32\atiptaxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {0E0A4DC9-4BDF-474D-93FF-CE6C692EFA2A} - http://qwest.live.com (file missing) (HKCU)
O9 - Extra button: Advisor - {FB602155-A965-424E-98C0-DABE71C066FF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/co...ls/DigWebX2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?3471575220038
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
O23 - Service: lxdc_device -   - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\Windows\System32\PackethSvc.exe

--
End of file - 9091 bytes


there ya go
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #3 on: October 26, 2008, 07:03:09 PM »
I don't see a keylogger in that log
But some leftovers to remove

Can you do the following for now please
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Post both those logs please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #4 on: October 27, 2008, 01:35:11 AM »
Logfile of random's system information tool 1.04 (written by random/random)
Run by oscar at 2080-01-04 00:47:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (56%) free of 29 GB
Total RAM: 255 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:20 AM, on 1/4/2080
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LEXBCES.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\LEXPPS.EXE
C:\Windows\System32\PackethSvc.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\lxdccoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\mqsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\system32\atiptaxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\oscar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\oscar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {0E0A4DC9-4BDF-474D-93FF-CE6C692EFA2A} - http://qwest.live.com (file missing) (HKCU)
O9 - Extra button: Advisor - {FB602155-A965-424E-98C0-DABE71C066FF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/co...ls/DigWebX2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?3471575220038
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
O23 - Service: lxdc_device -   - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\Windows\System32\PackethSvc.exe

--
End of file - 9136 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\Registration reminder 1.job
C:\Windows\tasks\Registration reminder 2.job
C:\Windows\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"=C:\Program Files\Compaq\EAB\EabServr.exe /Start []
"Cpqset"=c:\compaq\cpqsetup\cpqset.exe [2002-04-30 163909]
"Ink Monitor"=C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [2001-12-07 258118]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"SprintModemUpdate"=javaw.exe -cp C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar com.motive.firmwareUpdater.client.SprintModemUpdate []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-04-30 20480]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-07-13 311350]
"AtiPTA"=C:\Windows\system32\atiptaxx.exe [2002-04-01 290816]
"ATIModeChange"=C:\Windows\system32\Ati2mdxx.exe [2002-04-01 28672]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\Windows\system32\ctfmon.exe [2008-04-13 15360]
"MoneyAgent"=c:\Program Files\Microsoft Money\System\Money Express.exe []
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\Windows\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\Windows\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\WINDOWS\system32\lxdccoms.exe"="C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 1300 Series\App4R.exe"="C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing"
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe"="C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Disabled:MSN Explorer"
"C:\Windows\Network Diagnostic\xpnetdiag.exe"="C:\Windows\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player"
"C:\Windows\system32\sessmgr.exe"="C:\Windows\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Embarq TotalAccess\TaskPanl.exe"="C:\Program Files\Embarq TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======List of files/folders created in the last 1 months======

65535-65535-31889 379:31889:443 ----A---- C:\Windows\system32\MPFServiceFailureCount.txt
2080-01-04 00:47:42 ----D---- C:\rsit
2080-01-04 00:26:54 ----HDC---- C:\Windows\$NtUninstallKB828741$
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxoci.dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxoci(2).dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxclu.dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxclu(3).dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\msdtcuiu.dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\comuid.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcss.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcss(3).dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcrt4.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcrt4(3).dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\ole32.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\ole32(3).dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\msdtctm.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\msdtcprx.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\txflog.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\es.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\es(3).dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\comsvcs.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\comsvcs(3).dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\colbact.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\colbact(3).dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\clbcatex.dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrvut.dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrvut(3).dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrv.dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrv(3).dll
2080-01-04 00:25:48 ----HDC---- C:\Windows\$NtUninstallKB835732$
2080-01-04 00:25:42 ----A---- C:\Windows\system32\mf3216.dll
2080-01-04 00:25:41 ----A---- C:\Windows\system32\h323msp.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\netapi32.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\netapi32(3).dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\ipnathlp.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\browser.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\browser(3).dll
2080-01-04 00:25:09 ----HDC---- C:\Windows\$NtUninstallKB823559$
2080-01-04 00:22:10 ----HDC---- C:\Windows\$NtUninstallKB834707-IE6-20040929.115007$
2080-01-04 00:21:34 ----HDC---- C:\Windows\$NtUninstallQ810577$
2080-01-04 00:18:59 ----HDC---- C:\Windows\$NtUninstallQ810833$
2080-01-04 00:16:49 ----A---- C:\Windows\setdebug.exe
2080-01-04 00:16:48 ----A---- C:\Windows\system32\jit.dll
2080-01-04 00:16:47 ----A---- C:\Windows\system32\javaee.dll
2080-01-04 00:16:46 ----A---- C:\Windows\system32\dx3j.dll
2080-01-04 00:16:34 ----A---- C:\Windows\system32\wjview.exe
2080-01-04 00:16:34 ----A---- C:\Windows\system32\vmhelper.dll
2080-01-04 00:16:33 ----A---- C:\Windows\system32\msjdbc10.dll
2080-01-04 00:16:32 ----A---- C:\Windows\system32\msjava.dll
2080-01-04 00:16:31 ----A---- C:\Windows\system32\msawt.dll
2080-01-04 00:16:30 ----A---- C:\Windows\system32\jview.exe
2080-01-04 00:16:29 ----A---- C:\Windows\system32\jdbgmgr.exe
2080-01-04 00:16:26 ----A---- C:\Windows\system32\javart.dll
2080-01-04 00:16:25 ----A---- C:\Windows\system32\javaprxy.dll
2080-01-04 00:16:24 ----A---- C:\Windows\system32\javacypt.dll
2080-01-04 00:16:23 ----A---- C:\Windows\system32\clspack.exe
2080-01-04 00:13:43 ----HDC---- C:\Windows\$NtUninstallQ815021$
2080-01-04 00:11:15 ----HDC---- C:\Windows\$NtUninstallQ329441$
2080-01-04 00:10:27 ----D---- C:\Windows\system32\SoftwareDistribution
2080-01-04 00:09:21 ----A---- C:\Windows\system32\srrstr.dll
2080-01-04 00:08:52 ----A---- C:\Windows\system32\MRT.exe
2080-01-04 00:08:06 ----D---- C:\Program Files\Common Files\Motive
2080-01-04 00:08:05 ----D---- C:\Program Files\mcci
2080-01-04 00:08:04 ----A---- C:\Program Files\EndProcess.exe
2080-01-04 00:08:00 ----HDC---- C:\Windows\$NtUninstallQ817606$
2080-01-04 00:07:42 ----D---- C:\Windows\SoftwareDistribution
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuweb.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wups.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wucltui.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuaueng1.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuauclt1.exe
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuapi.dll

======List of files/folders modified in the last 1 months======

65535-65535-31889 379:31889:443 ----A---- C:\Windows\SchedLgU.Txt
2080-01-04 00:47:55 ----D---- C:\Windows\Temp
2080-01-04 00:47:37 ----D---- C:\Windows\Prefetch
2080-01-04 00:26:46 ----HDC---- C:\Windows\$xpsp1hfm$
2080-01-04 00:04:50 ----D---- C:\Windows\system32\inetsrv

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2007-10-17 9072]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2007-10-17 9200]
R1 intelppm;Intel Processor Driver; C:\Windows\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 Cnxtdiag;Cnxtdiag; C:\Windows\System32\DRIVERS\cnxtdiag.sys [2001-10-03 17776]
R2 cpqdfw;Compaq Diagnostics Driver; \??\C:\Windows\System32\drivers\cpqdfw.sys []
R2 cq_mem;Compaq Diagnostics Memory Driver; \??\C:\Windows\System32\drivers\cq_mem.sys []
R2 cqcpu;Compaq Diagnostics CPU Driver; \??\C:\Windows\System32\drivers\cqcpu.sys []
R2 Fallback;Fallback; C:\Windows\System32\DRIVERS\fallback.sys [2001-10-03 308403]
R2 Fsks;Fsks; C:\Windows\System32\DRIVERS\fsksnt.sys [2001-10-03 124189]
R2 irda;IrDA Protocol; C:\Windows\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 K56;K56; C:\Windows\System32\DRIVERS\k56nt.sys [2001-10-03 427215]
R2 SoftFax;SoftFax; C:\Windows\System32\DRIVERS\faxnt.sys [2001-10-03 215195]
R2 Tones;Tones; C:\Windows\System32\DRIVERS\tonesnt.sys [2001-10-03 59375]
R2 V124;V124; C:\Windows\System32\DRIVERS\v124nt.sys [2001-10-03 539917]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\Windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2002-04-17 419200]
R3 basic2;basic2; C:\Windows\System32\DRIVERS\basic2.sys [2001-10-03 76610]
R3 BridgeMP;MAC Bridge Miniport; C:\Windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Adapter Driver; C:\Windows\System32\DRIVERS\e100b325.sys [2002-04-11 120320]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MQAC;Message Queuing access control; \??\C:\Windows\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\Windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\Windows\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 Rksample;Rksample; C:\Windows\System32\DRIVERS\rksample.sys [2001-10-03 67222]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\Windows\system32\drivers\RMCast.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\System32\DRIVERS\SynTP.sys [2002-04-25 253328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wandrv;WAN Network Driver; C:\Windows\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
R3 winachsf;winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [2001-10-03 585200]
S1 ClntMgmt.sys;ClntMgmt.sys; C:\Windows\System32\Drivers\ClntMgmt.sys []
S1 P3;Intel PentiumIII Processor Driver; C:\Windows\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 allegro;ESS Allegro Audio Driver (WDM); C:\Windows\system32\drivers\es198x.sys [2001-08-17 174464]
S3 atimpab;atimpab; C:\Windows\System32\DRIVERS\atimpab.sys [2001-08-17 289664]
S3 Bridge;MAC Bridge; C:\Windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\Windows\System32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\System32\DRIVERS\btwdndis.sys []
S3 EPUSBSTOR;EPSON USB Storage Driver; C:\Windows\System32\DRIVERS\epusbsto.sys [2001-09-09 17976]
S3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ltmodem5;LT Modem Driver; C:\Windows\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 mouhid;Mouse HID Driver; C:\Windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\Windows\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2001-12-17 414184]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\Windows\System32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [2002-04-01 110592]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-08-09 90112]
R2 IISADMIN;IIS Admin; C:\Windows\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Irmon;Infrared Monitor; C:\Windows\System32\svchost.exe [2008-04-13 14336]
R2 LexBceS;LexBce Server; C:\Windows\system32\LEXBCES.EXE [2006-04-17 311296]
R2 lxdc_device;lxdc_device; C:\Windows\system32\lxdccoms.exe [2007-05-25 537520]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSMQ;Message Queuing; C:\Windows\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\Windows\system32\mqtgsvc.exe [2008-04-13 117248]
R2 PackethSvc;Virtual NIC Service; C:\Windows\System32\PackethSvc.exe [2001-08-09 64512]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\Windows\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\Windows\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\Windows\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent; C:\Windows\Cpqdiag\Cpqdfwag.exe [2001-11-19 212992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Compaq_RBA;Compaq Advisor; C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe [2002-01-22 258048]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 SNMPTRAP;SNMP Trap Service; C:\Windows\System32\snmptrap.exe [2008-04-13 8704]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2080-01-04 00:48:34

======Uninstall list======

-->C:\Windows\IsUninst.exe -fC:\Windows\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AT&T WorldNet Setup 2.0-->C:\PROGRA~1\WorldNet\wnun20.exe C:\PROGRA~1\WorldNet
ATI Display Driver-->rundll32 C:\Windows\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL
Compaq Diagnostics for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\setup.exe"
Compaq Remote Diagnostics Enabling Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71A470E1-27E7-424E-803A-F9C0D41968D3}\SETUP.EXE" -l0x9
CompuServe 2000-->C:\Program Files\Common Files\csshare\csunins_us.exe
GTOneCare-->MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\Windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Ink Monitor-->C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(tm) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 1300 Series-->C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\Windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\Windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
NBA Live 99-->C:\Windows\UNINST.EXE -f"C:\Program Files\EA SPORTS\NBA Live 99\DeIsL1.isu" -c"C:\Program Files\EA SPORTS\NBA Live 99\eauninst.dll
Security Update for Step By Step Interactive Training (KB898458)-->"C:\Windows\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\Windows\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\Windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\Windows\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\Windows\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\Windows\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\Windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Setup Compaq Software-->C:\Windows\IsUninst.exe -f"C:\Program Files\COMPAQ\Setup Compaq Software\Uninst.isu" -c"C:\Program Files\COMPAQ\Setup Compaq Software\CPQUNST.DLL"
Synaptics TouchPad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Wal-Mart® Mini Movie-->C:\Program Files\InstallShield Installation Information\{15FE4D77-D717-4632-8EA8-B6BB258CFC7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Imaging Component-->"C:\Windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows XP Service Pack 3-->"C:\Windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #5 on: October 27, 2008, 01:37:40 AM »
also can you tell me if theres something im missing that could help my computer be less of a piece... http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: October 27, 2008, 01:38:42 AM by sheepmaster »
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #6 on: October 27, 2008, 01:30:02 PM »
bump
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #7 on: October 27, 2008, 06:24:18 PM »
Can you do the following

Your Java is outdated, we should install the latest which includes security fixes
Can you close down all browser windows
Access your Add and Remove Programs and remove Both

J2SE Runtime Environment 5.0 Update 6
Javaâ„¢ 6 Update 5


Don't reboot yet

Instead, come back here
Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.

  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
NOTE: Sun Java 6 update 10 has a new Service installed called
Java Quick Starter
That runs on startup
Supposedly it preloads portions of the JRE onto the system disk cache,  decreasing the startup time. It is turned on by default in Windows 2000 and XP systems
If you don't need the plugin/Service
You can open Java in the Windows Control Panel
Click the Advanced tab
Expand(+) on Miscellaneous
and Uncheck "Java Quick Starter"

If you would like to do a double check, which is not a bad idea, if your AntiVirus has missed anything
Temporarily disable McAfee Virus scan

Please do a scan with [color=\"#3333FF\"]Kaspersky Online Scanner[/color]

[color=\"green\"]Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.[/color]

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #8 on: October 27, 2008, 10:38:24 PM »
i can't click my computer i can only highlight the things in the "scan" section to the left and the first time i tried the scan thing on kaspersky it did the download thing or whatever and it finished the 36k download thing and then came up with an error saying:


 the update has failed. program has failed to start. close the kaspersky's online scanner 7.0 window and open it again to install the program. you must be online to update the kaspersky's online scanner 7 database. with the latest database updates, you can find new viruses and other threats. please go online to use kaspersky online scanner 7. [ERROR: key is expired]
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #9 on: October 27, 2008, 10:47:06 PM »
tried again, it said the same thing. :/
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #10 on: October 27, 2008, 11:32:46 PM »
I had no problem with Firefox, so I tried IE and realized I couldn't run the scan either

Can you do me a favor, I want to ensure it's not Java 6 update 10 problem

In IE, click on TOOLS>>Manage Addons>>Enable or Disable addons....
Can you ensure that anything related to Java under "Addons currently loaded in Internet Explorer"
From publisher>>> Sun Microsystems is enabled

If not enabled, enable them
Restart IE then try the scan again at Kaspersky's
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #11 on: October 28, 2008, 10:06:13 AM »
alright well, im in chem so i'll do it once i get home.
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #12 on: October 28, 2008, 06:25:50 PM »
everything was enabled already. and i tried the scan again and got the same error.
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #13 on: October 29, 2008, 07:57:50 AM »
Let's try a different scanner

run a free online scan with the [color=\"blue\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan[/i].[list=1]
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #14 on: October 29, 2008, 09:23:02 PM »
the first time i did the eset it worked fine and said it found 1 threat but then my comp crashed like 1k away from it being done. the second time it didn't find any threats...so i was like wtf...then when it was done it said i had to buy it or the scan info would not be available to me.
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #15 on: October 30, 2008, 08:26:07 PM »
I suggest, just to be on the safe side, you change your online passwords
Sounds as if everything else is ok
« Last Edit: October 30, 2008, 08:26:36 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #16 on: October 31, 2008, 12:56:16 AM »
mk, by the way i downloaded firefox last night and it's alot faster than explorer, by the way for some reason my explorer says internet explorer-provided by qwest i guess because i used to have qwest but now i have comcast, any idea how to get rid of that?
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I think i have a keylogger.
« Reply #17 on: October 31, 2008, 01:52:15 PM »
Quote
by the way for some reason my explorer says internet explorer-provided by qwest i guess because i used to have qwest but now i have comcast, any idea how to get rid of that?

It's just a registry change, but I suggest that you do the following
To help prevent spyware from being installed, this is a great tool that doesn't run in the background

add SpywareBlaster to your protection software
SpywareBlaster  by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Now we can also use SpywareBlaster to change the Windows Title in IE
Right now yours reads
Windows Internet Explorer provided by Qwest

Open SpywareBlaster, click on TOOLS>>Misc. IE SETTINGS
Under "Internet Explorer Customizations cut the following
provided by Qwest
Then apply it and close SpywareBlaster

You should probably do that with IE closed, or you will probably have to restart IE for the change to take effect
Let me know if that helps
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline sheepmaster

  • Sr. Member
  • ****
  • Posts: 463
  • Karma: +0/-0
    • View Profile
I think i have a keylogger.
« Reply #18 on: November 01, 2008, 03:59:51 PM »
alright thanks i'll go try it out
Logged
[color=\"#ffa500\"]TRADES

[/color]

-trade 2 pure accs for a lvl 93 to~f tickle squeez~[color=\"#ff0000\"]unsuccessful[/color], it got hacked back a few days later



-traded an 86 main for a skiller and a 20 def pure to slingshot911~[color=\"#008000\"]successful[/color]



[color=\"#00ff00\"]FREEBIES

[/color]

-got a lvl 31 str pure from~str killz you~SUCCESSFUL! =p



[color=\"pink\"]MM's[/color]

[color=\"red\"]SCAMMERS[/color]



-azn





-f tickle squeez





[color=\"#0000ff\"]TRUSTED

[/color]

-nobody.





-



[color=\"#9932cc\"]vouches[/color][/size]





-slingshot911



-

Offline Stop Reading My Name

  • Hero Member
  • *****
  • Posts: 1628
  • Karma: +0/-0
    • View Profile
    • http://www.revofm.com
I think i have a keylogger.
« Reply #19 on: November 01, 2008, 04:42:03 PM »
In the future, you might want to try a better anti-virus solution: Common Sense 2008.

I've had it (and the previous releases) for as long as I've had a computer and they've never failed me.

I highly recommend you give it a try, you won't be disappointed.
Logged
Before reading any of my posts, please read http://en.wikipedia.org/wiki/Internet_troll








In honor of RevoFM :(

Admin of RuneCore



if you want to talk to me, don't PM me, add me on msn:

[email protected]



Pages: [1]
« previous next »