Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had a keylogger. Found with superantispyware. After I wanted to do a c


  • Please log in to reply

#1
karonita

karonita

    Member

  • Member
  • PipPip
  • 50 posts
Will post the error. Went with sd fix, and it wont open either. Maybe the keylogger took important parts with it????? Heres my ht and the report of the sas and the errors and such.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:49 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Documents and Settings\karen\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: eng-alb - C:\Program Files\LingvoSoft\LingvoSoft Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: English<->Albanian - {AB50D19E-7674-0746-BAD6-9D829914B5D4} - C:\Program Files\LingvoSoft\LingvoSoft Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm
O9 - Extra 'Tools' menuitem: eng-alb - {AB50D19E-7674-0746-BAD6-9D829914B5D4} - C:\Program Files\LingvoSoft\LingvoSoft Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://smg.photobuck...e/ie_plugin.php
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201834518250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176779119890
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://www.atlantism...rld.com/AMC.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://bookmarks.yah...m/YbConvFav.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0051951206191948) (0051951206191948mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\005195~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 8893 bytes
  • 0

Advertisements


#2
karonita

karonita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/21/2008 at 07:20 PM

Application Version : 4.0.1154

Core Rules Database Version : 3422
Trace Rules Database Version: 1414

Scan type : Quick Scan
Total Scan Time : 00:11:17

Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 344
Registry threats detected : 8
File items scanned : 5183
File threats detected : 61

Keylogger.SPIE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB7CE223-955E-11d3-81AA-344203C10000}
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}\InprocServer32
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}\InprocServer32#ThreadingModel
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}\ProgID
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}\Programmable
HKCR\CLSID\{CB7CE223-955E-11D3-81AA-344203C10000}\VersionIndependentProgID
C:\WINDOWS\MSCACK.DLL

Adware.Tracking Cookie
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected]hg-chartercommunications.hitbox[1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][1].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
C:\Documents and Settings\karen\Cookies\[email protected][2].txt
  • 0

#3
karonita

karonita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
error mssg and sd fix.

Attached Thumbnails

  • Image1.jpg
  • Image3.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP