Oct
21

do i have a keylogger?

By Sydney


Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32×86\3\E_FATICEA.EXE
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Juanita\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Juanita\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5620
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 – Hosts: ::1 localhost
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {089FD14D-132B-48FC-8861-0048AE113215} – C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 – BHO: McAntiPhishingBHO – {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} – C:\Program Files\McAfee\MSK\mcapbho.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: ALOT Toolbar – {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} – C:\Program Files\alot\bin\alot.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 – BHO: scriptproxy – {7DB2D5A0-7241-4E79-B68D-6309F01C5231} – C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: Windows Live Toolbar Helper – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\Windows Live Toolbar\msntb.dll
O2 – BHO: Browser Address Error Redirector – {CA6319C0-31B7-401E-A518-A07C3DB8F777} – c:\windows\system32\BAE.dll
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: Windows Live Toolbar – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\Windows Live Toolbar\msntb.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: McAfee SiteAdvisor – {0BF43445-2F28-4351-9252-17FE6E806AA0} – C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 – Toolbar: ALOT Toolbar – {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} – C:\Program Files\alot\bin\alot.dll
O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 – HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 – HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [Spare Backup] “C:\Program Files\Spare Backup\SpareBackup.exe” /silent
O4 – HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 – HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 – HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 – HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 – HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU “C:\Windows\TEMP\E_S36E7.tmp” /EF “HKCU”
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Google Update] “C:\Users\Juanita\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe” /lang en
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 – HKCU\..\Run: [Steam] “c:\program files\steam\steam.exe” -silent
O4 – Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 – Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 – Startup: YouTube Uploader.lnk = C:\Users\Juanita\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: &Windows Live Search – res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 – Extra context menu item: Add to Windows &Live Favorites – http://favorites.live.com/quickadd.aspx
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 – Options group: [INTERNATIONAL] International*
O13 – Gopher Prefix:
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 – DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) – http://www.acclaim.com/cabs/acclaim_v4.cab
O18 – Protocol: livecall – {828030A1-22C1-4009-854F-8E305202313F} – C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 – Protocol: ms-help – {314111C7-A502-11D2-BBCA-00C04F8EC294} – C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 – Protocol: siteadvisor – {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} – C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 – AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 – Winlogon Notify: igfxcui – C:\Windows\SYSTEM32\igfxdev.dll
O23 – Service: McAfee Application Installer Cleanup (0117381206203986) (0117381206203986mcinstcleanup) – McAfee, Inc. – C:\Windows\TEMP11738~1.EXE
O23 – Service: Agere Modem Call Progress Audio (AgereModemAudio) – Agere Systems – C:\Windows\system32\agrsmsvc.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: AVG E-mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 – Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) – Unknown owner – %windir%\system32\svchost.exe (file missing)
O23 – Service: GoogleDesktopManager – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: McAfee Services (mcmscsvc) – McAfee, Inc. – C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 – Service: McAfee Network Agent (McNASvc) – McAfee, Inc. – c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 – Service: McAfee Scanner (McODS) – McAfee, Inc. – C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 – Service: McAfee Proxy Service (McProxy) – McAfee, Inc. – c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 – Service: McAfee Real-time Scanner (McShield) – McAfee, Inc. – C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 – Service: McAfee SystemGuards (McSysmon) – McAfee, Inc. – C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee, Inc. – C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 – Service: McAfee SpamKiller Service (MSK80Service) – McAfee, Inc. – C:\Program Files\McAfee\MSK\MskSrver.exe
O23 – Service: PnkBstrA – Unknown owner – C:\Windows\system32\PnkBstrA.exe
O23 – Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) – Unknown owner – %windir%\system32\svchost.exe (file missing)
O23 – Service: SBSD Security Center Service (SBSDWSCService) – Safer Networking Ltd. – C:\Program Files\Spybot – Search & Destroy\SDWinSec.exe
O23 – Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) – Unknown owner – %windir%\system32\svchost.exe (file missing)
O23 – Service: SiteAdvisor Service – Unknown owner – C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 – Service: Steam Client Service – Valve Corporation – C:\Program Files\Common Files\Steam\SteamService.exe
O23 – Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) – Unknown owner – %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
i ran hijack this and that is my report kind of long i kno =/….

Share and Enjoy:
  • Print this article!
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
Categories : Potpourri

3 Comments

1
strategy
October 21st, 2009 at 8:57 pm

no u dont…
but y do u have 2 anti-virus..
thats not gud..
they will kill each other..
delete avg.
cuz mcafee is alot better
………………………..

but avast is the best

2
Jackal
October 21st, 2009 at 9:02 pm

Keyloggers.. maybe one or two, but you have a lot of threats in there.

3
Syed
October 21st, 2009 at 9:02 pm

It doesn’t look like you have a keylogger but I could see more than 1 antivirus and spam blocker which is never recommended. Keep only one. Good luck!

Leave a Comment

CommentLuv Enabled

This site uses KeywordLuv. Enter YourName@YourKeywords in the Name field to take advantage.

Recent Comments

Top Commentors

  • No commentators.

Similar Posts

Meta