jorge

I have a feeling i'm keylogged

8 posts in this topic

Random maybe helpful information:

windows 7 home premium 64bit

2wire modem/router

wireless keyboard

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 2:13:42 AM, on 1/11/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7827 bytes

Share this post


Link to post
Share on other sites

Why do you think you're being keylogged?

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Share this post


Link to post
Share on other sites
Why do you think you're being keylogged?

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

3 of my emails were hacked

DDS (Ver_09-12-01.01) - NTFSX64

Run by Jorge at 0:03:01.59 on Sun 01/24/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1304 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\Explorer.EXE

c:\program files (x86)\warcraft iii\war3.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\explorer.exe

C:\Users\Jorge\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"

mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe"

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\x64\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\x64\klwtbbho.dll

BHO-X64: link filter bho - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon

================= FIREFOX ===================

FF - ProfilePath - c:\users\jorge\appdata\roaming\mozilla\firefox\profiles\rieeaxx4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\program files (x86)\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\users\jorge\appdata\roaming\move networks\plugins\npqmp071503000010.dll

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]

R2 AVP;Kaspersky Anti-Virus;c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]

=============== Created Last 30 ================

2010-01-21 22:57:41 0 d-----w- c:\program files (x86)\MSXML 4.0

2010-01-21 20:17:53 5961728 ----a-w- c:\windows\syswow64\mshtml.dll

2010-01-21 20:17:53 10976768 ----a-w- c:\windows\syswow64\ieframe.dll

2010-01-21 20:17:52 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-01-21 20:17:52 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-01-21 20:17:52 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-01-21 20:17:52 1224704 ----a-w- c:\windows\syswow64\urlmon.dll

2010-01-21 20:17:52 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-01-21 05:01:50 0 d-----w- c:\programdata\LightScribe

2010-01-21 02:21:23 0 d-----w- c:\program files (x86)\Nero

2010-01-21 02:21:00 0 d-----w- c:\programdata\Nero

2010-01-21 01:39:27 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll

2010-01-20 00:17:41 2977792 ------w- c:\windows\UNNeroVision.exe

2010-01-20 00:17:41 158525 ------w- c:\windows\UNNeroVision.cfg

2010-01-20 00:17:40 24064 ------w- c:\windows\syswow64\msxml3a.dll

2010-01-20 00:16:10 0 d-----w- c:\programdata\Ahead

2010-01-20 00:16:06 38912 ------w- c:\windows\syswow64\picn20.dll

2010-01-20 00:16:06 106496 ----a-w- c:\windows\syswow64\TwnLib20.dll

2010-01-18 03:47:48 0 d-----w- c:\program files\DivX

2010-01-18 03:47:41 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-01-18 03:47:23 0 d-----w- c:\program files (x86)\DivX

2010-01-18 03:47:23 0 d-----w- c:\program files (x86)\common files\DivX Shared

2010-01-15 09:29:04 0 d-----w- c:\program files (x86)\QS

2010-01-15 09:28:53 0 d-----w- c:\users\jorge\appdata\roaming\TeamViewer

2010-01-15 09:28:37 0 d-----w- c:\users\jorge\temp

2010-01-13 11:42:14 0 d-----w- c:\programdata\Blizzard Entertainment

2010-01-13 07:37:19 70656 ----a-w- c:\windows\syswow64\fontsub.dll

2010-01-13 07:37:19 148480 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 07:37:19 108544 ----a-w- c:\windows\syswow64\t2embed.dll

2010-01-13 07:37:19 100864 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 22:58:54 704000 ----a-w- c:\windows\system32\cohelper.dll

2010-01-12 22:58:54 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2010-01-11 08:11:23 0 d-----w- c:\program files (x86)\uTorrent

2010-01-11 08:11:12 0 d-----w- c:\users\jorge\appdata\roaming\uTorrent

2010-01-10 00:57:22 0 d-----w- c:\program files (x86)\TrendMicro

2010-01-09 22:30:25 0 d-----w- c:\users\jorge\appdata\roaming\IrfanView

2010-01-09 22:30:25 0 d-----w- c:\program files (x86)\IrfanView

2010-01-08 04:59:08 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-01-08 00:05:28 0 ----a-w- c:\users\jorge\appdata\roaming\wklnhst.dat

2010-01-07 23:14:54 0 d--h--w- c:\programdata\CanonIJSolutionMenu

2010-01-07 23:14:50 0 d--h--w- c:\programdata\CanonIJMyPrinter

2010-01-07 23:14:43 0 d-----w- c:\programdata\CanonIJPLM

2010-01-07 23:13:09 0 d-----w- c:\program files\common files\CANON

2010-01-07 23:11:52 0 d-----w- c:\program files\Canon

2010-01-07 23:11:02 0 d--h--w- c:\programdata\CanonBJ

2010-01-07 23:10:22 0 d--h--w- c:\program files\CanonBJ

2010-01-07 23:09:32 0 d-----w- c:\program files (x86)\Canon

2010-01-07 23:07:48 0 d-----w- c:\users\jorge\appdata\roaming\OpenOffice.org

2010-01-07 12:22:37 0 d-----w- c:\programdata\Blizzard

2010-01-07 11:03:58 0 d-----w- c:\program files (x86)\DotA Gaming Network

2010-01-07 06:36:04 143387 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-07 06:36:04 104987 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-07 06:35:26 0 d-----w- c:\programdata\Kaspersky Lab

2010-01-07 06:35:26 0 d-----w- c:\program files (x86)\Kaspersky Lab

2010-01-07 06:34:32 0 d-----w- c:\programdata\Kaspersky Lab Setup Files

2010-01-07 06:08:31 0 d-----w- c:\programdata\Martau

2010-01-07 06:08:27 0 d-----w- c:\program files (x86)\Total Uninstall 5

2010-01-07 05:16:19 65536 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TM.blf

2010-01-07 05:16:19 524288 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TMContainer00000000000000000002.regtrans-ms

2010-01-07 05:16:19 524288 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TMContainer00000000000000000001.regtrans-ms

2010-01-07 05:12:07 0 d-----w- c:\windows\$regcmp$

2010-01-07 05:02:03 102912 ----a-w- c:\windows\syswow64\VB6STKIT.DLL

2010-01-07 04:24:49 0 d-----w- c:\users\jorge\appdata\roaming\Malwarebytes

2010-01-07 04:24:44 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 04:24:44 0 d-----w- c:\programdata\Malwarebytes

2010-01-07 04:24:44 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-01-07 04:19:32 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL

2010-01-07 04:19:32 1071088 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX

2010-01-05 05:36:05 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-05 05:36:05 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-05 05:34:59 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-01-05 05:34:59 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-01-05 05:34:44 0 d-----w- c:\program files (x86)\common files\Symantec Shared

2010-01-05 04:54:56 65536 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TM.blf

2010-01-05 04:54:56 524288 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TMContainer00000000000000000002.regtrans-ms

2010-01-05 04:54:56 524288 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TMContainer00000000000000000001.regtrans-ms

2010-01-05 04:49:49 0 d-----w- c:\program files (x86)\CleanMyPC

2010-01-05 00:23:49 0 d-----w- c:\users\jorge\appdata\roaming\HP Support Assistant

2010-01-05 00:23:44 0 d-----w- c:\users\jorge\appdata\roaming\HpUpdate

2010-01-05 00:00:38 0 d-----w- c:\program files (x86)\JRE

2010-01-05 00:00:34 0 d-----w- c:\program files (x86)\OpenOffice.org 3

2010-01-05 00:00:03 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-01-04 09:52:28 0 d-----w- c:\users\jorge\Tracing

2010-01-04 09:28:55 0 d-----w- c:\program files (x86)\Microsoft

2010-01-04 09:28:34 0 d-----w- c:\program files (x86)\Windows Live SkyDrive

2010-01-04 09:28:01 0 d-----w- c:\windows\PCHEALTH

2010-01-04 09:08:15 0 d-----w- c:\program files (x86)\Pando Networks

2010-01-04 09:08:02 0 d-----w- c:\program files (x86)\common files\Windows Live

2010-01-04 05:10:37 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment

2010-01-04 03:42:49 20 ----a-w- c:\windows\syswow64\SYSTEM

2010-01-04 03:40:48 212352 ------w- c:\windows\system32\MpSigStub.exe

2010-01-04 03:40:16 0 d-----w- c:\program files (x86)\AVG

2010-01-04 03:38:29 0 d-----w- c:\program files\WinRAR

2010-01-04 03:05:43 0 d-----w- c:\programdata\Recovery

2010-01-04 02:15:43 0 d-----w- c:\users\jorge\appdata\roaming\PictureMover

2010-01-04 02:12:37 0 d-----w- c:\users\jorge\appdata\roaming\HP TCS

==================== Find3M ====================

2010-01-04 02:12:21 1686 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NY540AA-ABA CQ5210F_YC_0Pres_QCNX942_E94NAv6PrA2_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.49_T090806_WUH0_L409_M2943_J500_7AMD_8Athlon II X2 215_92.7_#091130_N10DE03EF_Z11C10630_G10DE03D0.MRK

2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll

2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll

2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll

2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll

2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:04:31.20 ===============

Malwarebytes' Anti-Malware 1.43

Database version: 3506

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/24/2010 12:09:28 AM

mbam-log-2010-01-24 (00-09-28).txt

Scan type: Quick Scan

Objects scanned: 28073

Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

when i had avg installed it said my csrss file had been compromised

sorry for double post, couldn't find the edit button.

Share this post


Link to post
Share on other sites

Your version of MBAM is still out of date. We are currently on version 1.44 and you have 1.43; please update to the latest version before scanning again.

Share this post


Link to post
Share on other sites
Your version of MBAM is still out of date. We are currently on version 1.44 and you have 1.43; please update to the latest version before scanning again.

Malwarebytes' Anti-Malware 1.44

Database version: 3644

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/27/2010 1:57:39 AM

mbam-log-2010-01-27 (01-57-39).txt

Scan type: Quick Scan

Objects scanned: 28904

Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi jorge,

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your Desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

-screen317

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.