Jump to content


Photo
- - - - -

I have a feeling i'm keylogged


  • This topic is locked This topic is locked
7 replies to this topic

#1 jorge

jorge

    New Member

  • Members
  • Pip
  • 11 posts

Posted 11 January 2010 - 05:16 AM

Random maybe helpful information:
windows 7 home premium 64bit
2wire modem/router
wireless keyboard




Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:13:42 AM, on 1/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7827 bytes

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 23 January 2010 - 07:21 AM

Why do you think you're being keylogged?


Please update MBAM, run a Quick Scan, and post its log.


Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 jorge

jorge

    New Member

  • Members
  • Pip
  • 11 posts

Posted 24 January 2010 - 03:09 AM

Why do you think you're being keylogged?


Please update MBAM, run a Quick Scan, and post its log.


Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.


3 of my emails were hacked


DDS (Ver_09-12-01.01) - NTFSX64
Run by Jorge at 0:03:01.59 on Sun 01/24/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1304 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
c:\program files (x86)\warcraft iii\war3.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\explorer.exe
C:\Users\Jorge\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon

================= FIREFOX ===================

FF - ProfilePath - c:\users\jorge\appdata\roaming\mozilla\firefox\profiles\rieeaxx4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files (x86)\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\users\jorge\appdata\roaming\move networks\plugins\npqmp071503000010.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]
R2 AVP;Kaspersky Anti-Virus;c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]

=============== Created Last 30 ================

2010-01-21 22:57:41 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-01-21 20:17:53 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-21 20:17:53 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-21 20:17:52 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-21 20:17:52 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-21 20:17:52 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-21 20:17:52 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-21 20:17:52 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 05:01:50 0 d-----w- c:\programdata\LightScribe
2010-01-21 02:21:23 0 d-----w- c:\program files (x86)\Nero
2010-01-21 02:21:00 0 d-----w- c:\programdata\Nero
2010-01-21 01:39:27 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll
2010-01-20 00:17:41 2977792 ------w- c:\windows\UNNeroVision.exe
2010-01-20 00:17:41 158525 ------w- c:\windows\UNNeroVision.cfg
2010-01-20 00:17:40 24064 ------w- c:\windows\syswow64\msxml3a.dll
2010-01-20 00:16:10 0 d-----w- c:\programdata\Ahead
2010-01-20 00:16:06 38912 ------w- c:\windows\syswow64\picn20.dll
2010-01-20 00:16:06 106496 ----a-w- c:\windows\syswow64\TwnLib20.dll
2010-01-18 03:47:48 0 d-----w- c:\program files\DivX
2010-01-18 03:47:41 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-01-18 03:47:23 0 d-----w- c:\program files (x86)\DivX
2010-01-18 03:47:23 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-01-15 09:29:04 0 d-----w- c:\program files (x86)\QS
2010-01-15 09:28:53 0 d-----w- c:\users\jorge\appdata\roaming\TeamViewer
2010-01-15 09:28:37 0 d-----w- c:\users\jorge\temp
2010-01-13 11:42:14 0 d-----w- c:\programdata\Blizzard Entertainment
2010-01-13 07:37:19 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 07:37:19 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 07:37:19 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 07:37:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 22:58:54 704000 ----a-w- c:\windows\system32\cohelper.dll
2010-01-12 22:58:54 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-01-11 08:11:23 0 d-----w- c:\program files (x86)\uTorrent
2010-01-11 08:11:12 0 d-----w- c:\users\jorge\appdata\roaming\uTorrent
2010-01-10 00:57:22 0 d-----w- c:\program files (x86)\TrendMicro
2010-01-09 22:30:25 0 d-----w- c:\users\jorge\appdata\roaming\IrfanView
2010-01-09 22:30:25 0 d-----w- c:\program files (x86)\IrfanView
2010-01-08 04:59:08 455680 ----a-w- c:\windows\system32\deploytk.dll
2010-01-08 00:05:28 0 ----a-w- c:\users\jorge\appdata\roaming\wklnhst.dat
2010-01-07 23:14:54 0 d--h--w- c:\programdata\CanonIJSolutionMenu
2010-01-07 23:14:50 0 d--h--w- c:\programdata\CanonIJMyPrinter
2010-01-07 23:14:43 0 d-----w- c:\programdata\CanonIJPLM
2010-01-07 23:13:09 0 d-----w- c:\program files\common files\CANON
2010-01-07 23:11:52 0 d-----w- c:\program files\Canon
2010-01-07 23:11:02 0 d--h--w- c:\programdata\CanonBJ
2010-01-07 23:10:22 0 d--h--w- c:\program files\CanonBJ
2010-01-07 23:09:32 0 d-----w- c:\program files (x86)\Canon
2010-01-07 23:07:48 0 d-----w- c:\users\jorge\appdata\roaming\OpenOffice.org
2010-01-07 12:22:37 0 d-----w- c:\programdata\Blizzard
2010-01-07 11:03:58 0 d-----w- c:\program files (x86)\DotA Gaming Network
2010-01-07 06:36:04 143387 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-07 06:36:04 104987 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-07 06:35:26 0 d-----w- c:\programdata\Kaspersky Lab
2010-01-07 06:35:26 0 d-----w- c:\program files (x86)\Kaspersky Lab
2010-01-07 06:34:32 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-07 06:08:31 0 d-----w- c:\programdata\Martau
2010-01-07 06:08:27 0 d-----w- c:\program files (x86)\Total Uninstall 5
2010-01-07 05:16:19 65536 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TM.blf
2010-01-07 05:16:19 524288 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TMContainer00000000000000000002.regtrans-ms
2010-01-07 05:16:19 524288 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TMContainer00000000000000000001.regtrans-ms
2010-01-07 05:12:07 0 d-----w- c:\windows\$regcmp$
2010-01-07 05:02:03 102912 ----a-w- c:\windows\syswow64\VB6STKIT.DLL
2010-01-07 04:24:49 0 d-----w- c:\users\jorge\appdata\roaming\Malwarebytes
2010-01-07 04:24:44 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 04:24:44 0 d-----w- c:\programdata\Malwarebytes
2010-01-07 04:24:44 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-01-07 04:19:32 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL
2010-01-07 04:19:32 1071088 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX
2010-01-05 05:36:05 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-05 05:36:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-05 05:34:59 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-05 05:34:59 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-01-05 05:34:44 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-01-05 04:54:56 65536 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TM.blf
2010-01-05 04:54:56 524288 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TMContainer00000000000000000002.regtrans-ms
2010-01-05 04:54:56 524288 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TMContainer00000000000000000001.regtrans-ms
2010-01-05 04:49:49 0 d-----w- c:\program files (x86)\CleanMyPC
2010-01-05 00:23:49 0 d-----w- c:\users\jorge\appdata\roaming\HP Support Assistant
2010-01-05 00:23:44 0 d-----w- c:\users\jorge\appdata\roaming\HpUpdate
2010-01-05 00:00:38 0 d-----w- c:\program files (x86)\JRE
2010-01-05 00:00:34 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-01-05 00:00:03 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-01-04 09:52:28 0 d-----w- c:\users\jorge\Tracing
2010-01-04 09:28:55 0 d-----w- c:\program files (x86)\Microsoft
2010-01-04 09:28:34 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-01-04 09:28:01 0 d-----w- c:\windows\PCHEALTH
2010-01-04 09:08:15 0 d-----w- c:\program files (x86)\Pando Networks
2010-01-04 09:08:02 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-01-04 05:10:37 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
2010-01-04 03:42:49 20 ----a-w- c:\windows\syswow64\SYSTEM
2010-01-04 03:40:48 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-04 03:40:16 0 d-----w- c:\program files (x86)\AVG
2010-01-04 03:38:29 0 d-----w- c:\program files\WinRAR
2010-01-04 03:05:43 0 d-----w- c:\programdata\Recovery
2010-01-04 02:15:43 0 d-----w- c:\users\jorge\appdata\roaming\PictureMover
2010-01-04 02:12:37 0 d-----w- c:\users\jorge\appdata\roaming\HP TCS

==================== Find3M ====================

2010-01-04 02:12:21 1686 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NY540AA-ABA CQ5210F_YC_0Pres_QCNX942_E94NAv6PrA2_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.49_T090806_WUH0_L409_M2943_J500_7AMD_8Athlon II X2 215_92.7_#091130_N10DE03EF_Z11C10630_G10DE03D0.MRK
2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:04:31.20 ===============



Malwarebytes' Anti-Malware 1.43
Database version: 3506
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/24/2010 12:09:28 AM
mbam-log-2010-01-24 (00-09-28).txt

Scan type: Quick Scan
Objects scanned: 28073
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 jorge

jorge

    New Member

  • Members
  • Pip
  • 11 posts

Posted 24 January 2010 - 03:11 AM

when i had avg installed it said my csrss file had been compromised

sorry for double post, couldn't find the edit button.

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 26 January 2010 - 04:03 PM

Your version of MBAM is still out of date. We are currently on version 1.44 and you have 1.43; please update to the latest version before scanning again.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 jorge

jorge

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 January 2010 - 04:58 AM

Your version of MBAM is still out of date. We are currently on version 1.44 and you have 1.43; please update to the latest version before scanning again.



Malwarebytes' Anti-Malware 1.44
Database version: 3644
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/27/2010 1:57:39 AM
mbam-log-2010-01-27 (01-57-39).txt

Scan type: Quick Scan
Objects scanned: 28904
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 30 January 2010 - 04:05 AM

Hi jorge,

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the Posted Image icon on your Desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 12 February 2010 - 09:45 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users