Danqazmlp Posted January 12, 2009 Share Posted January 12, 2009 Well i have a keylogger im sure, but mcafee is not picking it up, are there any free anti virus software out there to check against mcafee? I know i have a keylogger because lastnight i was hacked on rs, after doing a full scan with no results, i changed to a pass with random numbers and letters, but still this person knows my pass. Want to be my friend? Look under my name to the left<<< and click the 'Add as friend' button!Big thanks to Stevepole for the signature!^ Link to comment Share on other sites More sharing options...
Dracion1 Posted January 12, 2009 Share Posted January 12, 2009 There are many better AV's than McAffee. Try something like AVIRA (free) or NOD32 (Pay with 30 day free trial). A HijackThis log should also help if you have a keylogger, just paste it here and someone will be able to check it for you :) "In the beginning, the universe was created. This has made a lot of people very angry and been widely regarded as a bad move." Link to comment Share on other sites More sharing options...
Danqazmlp Posted January 12, 2009 Author Share Posted January 12, 2009 I did that hijack this thing, heres the log, any help on it? [hide=]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58:43, on 12/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: Executable File] C:\Program Files\Java\jre6\bin\jqs[Caution: Executable File] C:\Program Files\McAfee\SiteAdvisor\McSACore[Caution: Executable File] C:\PROGRA~1\McAfee\MSC\mcmscsvc[Caution: Executable File] c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc[Caution: Executable File] c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy[Caution: Executable File] C:\PROGRA~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File] C:\Program Files\McAfee\MPF\MPFSrv[Caution: Executable File] C:\Program Files\McAfee\MSK\MskSrver[Caution: Executable File] C:\WINDOWS\system32\nvsvc32[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\Program Files\Common Files\AOL\1226268977\ee\AOLSoftware[Caution: Executable File] C:\WINDOWS\system32\RunDll32[Caution: Executable File] C:\WINDOWS\system32\RUNDLL32[Caution: Executable File] C:\Program Files\Java\jre6\bin\jusched[Caution: Executable File] C:\Program Files\McAfee\MBK\McAfeeDataBackup[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Program Files\Windows Live\Messenger\MsnMsgr[Caution: Executable File] C:\Program Files\AOL 9.0 VR\waol[Caution: Executable File] C:\Program Files\AOL 9.0 VR\shellmon[Caution: Executable File] C:\Program Files\SwiftKit\SwiftKit[Caution: Executable File] C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3[Caution: Executable File] C:\Program Files\McAfee\MSC\mcshell[Caution: Executable File] C:\PROGRA~1\McAfee\VIRUSS~1\mcods[Caution: Executable File] c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld[Caution: Executable File] C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226268977\ee\AOLSoftware[Caution: Executable File] O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent[Caution: Executable File]" /runkey O4 - HKLM\..\Run: [uSB2Check] RUNDLL32[Caution: Executable File] "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2[Caution: Executable File] /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup[Caution: Executable File]" O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2[Caution: Executable File] O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam[Caution: Executable File] -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\System32\CTFMON[Caution: Executable File] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\System32\CTFMON[Caution: Executable File] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\System32\CTFMON[Caution: Executable File] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\System32\CTFMON[Caution: Executable File] (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: Executable File] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6269773723 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: Executable File] O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs[Caution: Executable File] O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor[Caution: Executable File] O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore[Caution: Executable File] O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc[Caution: Executable File] O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc[Caution: Executable File] O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods[Caution: Executable File] O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy[Caution: Executable File] O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File] O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File] O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv[Caution: Executable File] O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver[Caution: Executable File] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File] O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys -- End of file - 7222 bytes[/hide] Want to be my friend? Look under my name to the left<<< and click the 'Add as friend' button!Big thanks to Stevepole for the signature!^ Link to comment Share on other sites More sharing options...
thrash-boy Posted January 14, 2009 Share Posted January 14, 2009 im not very good at reading hjt logs, but i see your using swiftkit. did u download it from the proper site or somewhere else where someone may have infected it? also get avira Link to comment Share on other sites More sharing options...
Danqazmlp Posted January 14, 2009 Author Share Posted January 14, 2009 I got swiftkit months ago from the authorised site so it wasn't that. I downloaded avira and it had 4 detections that mcafee didn't, hopefully one of those was the keylogger, now to get my rs account back and see if im hacked again, if so i shall be back. Want to be my friend? Look under my name to the left<<< and click the 'Add as friend' button!Big thanks to Stevepole for the signature!^ Link to comment Share on other sites More sharing options...
Arixe Posted January 14, 2009 Share Posted January 14, 2009 You might also try http://housecall.trendmicro.com/ if you still have the keylogger. And ya, dump Mcafee. There are tons of better (and free) alternatives available. Link to comment Share on other sites More sharing options...
JoeDaStudd Posted January 14, 2009 Share Posted January 14, 2009 Nothing on that HJT log which looks iffy to me (I'm not the best at reading them though). You really should disable some of those programs from starting up. Try malware bytes anti-malware its one of the best ad/spy/mal ware scanners out. [hide=Drops]Dragon Axe x11Berserker Ring x9Warrior Ring x8SeercullDragon MedDragon Boots x4 - all less then 30 kcGodsword Shard (bandos)Granite Maul x 3Solo only - doesn't include barrows[/hide][hide=Stats][/hide] Link to comment Share on other sites More sharing options...
Sbrideau Posted January 14, 2009 Share Posted January 14, 2009 Lol McAfee has Tons of loopholes. And to me the log looks clean as well, although I'm not that good to read them either. Good antiviruses would be NOD32, Kaspersky or Avira antivir if you want a free one. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now