Jump to content

I have a feeling i'm keylogged


jorge
 Share

Recommended Posts

Random maybe helpful information:

windows 7 home premium 64bit

2wire modem/router

wireless keyboard

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 2:13:42 AM, on 1/11/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7827 bytes

Link to post
Share on other sites

  • 2 weeks later...
Why do you think you're being keylogged?

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

3 of my emails were hacked

DDS (Ver_09-12-01.01) - NTFSX64

Run by Jorge at 0:03:01.59 on Sun 01/24/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1304 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\Explorer.EXE

c:\program files (x86)\warcraft iii\war3.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\explorer.exe

C:\Users\Jorge\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"

mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe"

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\x64\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\x64\klwtbbho.dll

BHO-X64: link filter bho - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon

================= FIREFOX ===================

FF - ProfilePath - c:\users\jorge\appdata\roaming\mozilla\firefox\profiles\rieeaxx4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\program files (x86)\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\users\jorge\appdata\roaming\move networks\plugins\npqmp071503000010.dll

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]

R2 AVP;Kaspersky Anti-Virus;c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]

=============== Created Last 30 ================

2010-01-21 22:57:41 0 d-----w- c:\program files (x86)\MSXML 4.0

2010-01-21 20:17:53 5961728 ----a-w- c:\windows\syswow64\mshtml.dll

2010-01-21 20:17:53 10976768 ----a-w- c:\windows\syswow64\ieframe.dll

2010-01-21 20:17:52 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-01-21 20:17:52 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-01-21 20:17:52 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-01-21 20:17:52 1224704 ----a-w- c:\windows\syswow64\urlmon.dll

2010-01-21 20:17:52 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-01-21 05:01:50 0 d-----w- c:\programdata\LightScribe

2010-01-21 02:21:23 0 d-----w- c:\program files (x86)\Nero

2010-01-21 02:21:00 0 d-----w- c:\programdata\Nero

2010-01-21 01:39:27 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll

2010-01-20 00:17:41 2977792 ------w- c:\windows\UNNeroVision.exe

2010-01-20 00:17:41 158525 ------w- c:\windows\UNNeroVision.cfg

2010-01-20 00:17:40 24064 ------w- c:\windows\syswow64\msxml3a.dll

2010-01-20 00:16:10 0 d-----w- c:\programdata\Ahead

2010-01-20 00:16:06 38912 ------w- c:\windows\syswow64\picn20.dll

2010-01-20 00:16:06 106496 ----a-w- c:\windows\syswow64\TwnLib20.dll

2010-01-18 03:47:48 0 d-----w- c:\program files\DivX

2010-01-18 03:47:41 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-01-18 03:47:23 0 d-----w- c:\program files (x86)\DivX

2010-01-18 03:47:23 0 d-----w- c:\program files (x86)\common files\DivX Shared

2010-01-15 09:29:04 0 d-----w- c:\program files (x86)\QS

2010-01-15 09:28:53 0 d-----w- c:\users\jorge\appdata\roaming\TeamViewer

2010-01-15 09:28:37 0 d-----w- c:\users\jorge\temp

2010-01-13 11:42:14 0 d-----w- c:\programdata\Blizzard Entertainment

2010-01-13 07:37:19 70656 ----a-w- c:\windows\syswow64\fontsub.dll

2010-01-13 07:37:19 148480 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 07:37:19 108544 ----a-w- c:\windows\syswow64\t2embed.dll

2010-01-13 07:37:19 100864 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 22:58:54 704000 ----a-w- c:\windows\system32\cohelper.dll

2010-01-12 22:58:54 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2010-01-11 08:11:23 0 d-----w- c:\program files (x86)\uTorrent

2010-01-11 08:11:12 0 d-----w- c:\users\jorge\appdata\roaming\uTorrent

2010-01-10 00:57:22 0 d-----w- c:\program files (x86)\TrendMicro

2010-01-09 22:30:25 0 d-----w- c:\users\jorge\appdata\roaming\IrfanView

2010-01-09 22:30:25 0 d-----w- c:\program files (x86)\IrfanView

2010-01-08 04:59:08 455680 ----a-w- c:\windows\system32\deploytk.dll

2010-01-08 00:05:28 0 ----a-w- c:\users\jorge\appdata\roaming\wklnhst.dat

2010-01-07 23:14:54 0 d--h--w- c:\programdata\CanonIJSolutionMenu

2010-01-07 23:14:50 0 d--h--w- c:\programdata\CanonIJMyPrinter

2010-01-07 23:14:43 0 d-----w- c:\programdata\CanonIJPLM

2010-01-07 23:13:09 0 d-----w- c:\program files\common files\CANON

2010-01-07 23:11:52 0 d-----w- c:\program files\Canon

2010-01-07 23:11:02 0 d--h--w- c:\programdata\CanonBJ

2010-01-07 23:10:22 0 d--h--w- c:\program files\CanonBJ

2010-01-07 23:09:32 0 d-----w- c:\program files (x86)\Canon

2010-01-07 23:07:48 0 d-----w- c:\users\jorge\appdata\roaming\OpenOffice.org

2010-01-07 12:22:37 0 d-----w- c:\programdata\Blizzard

2010-01-07 11:03:58 0 d-----w- c:\program files (x86)\DotA Gaming Network

2010-01-07 06:36:04 143387 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-07 06:36:04 104987 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-07 06:35:26 0 d-----w- c:\programdata\Kaspersky Lab

2010-01-07 06:35:26 0 d-----w- c:\program files (x86)\Kaspersky Lab

2010-01-07 06:34:32 0 d-----w- c:\programdata\Kaspersky Lab Setup Files

2010-01-07 06:08:31 0 d-----w- c:\programdata\Martau

2010-01-07 06:08:27 0 d-----w- c:\program files (x86)\Total Uninstall 5

2010-01-07 05:16:19 65536 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TM.blf

2010-01-07 05:16:19 524288 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TMContainer00000000000000000002.regtrans-ms

2010-01-07 05:16:19 524288 --sha-w- c:\users\jorge\NTUSER.DAT{afe60d2a-fb48-11de-bfd7-002618b35a42}.TMContainer00000000000000000001.regtrans-ms

2010-01-07 05:12:07 0 d-----w- c:\windows\$regcmp$

2010-01-07 05:02:03 102912 ----a-w- c:\windows\syswow64\VB6STKIT.DLL

2010-01-07 04:24:49 0 d-----w- c:\users\jorge\appdata\roaming\Malwarebytes

2010-01-07 04:24:44 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 04:24:44 0 d-----w- c:\programdata\Malwarebytes

2010-01-07 04:24:44 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-01-07 04:19:32 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL

2010-01-07 04:19:32 1071088 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX

2010-01-05 05:36:05 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-05 05:36:05 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-05 05:34:59 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-01-05 05:34:59 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-01-05 05:34:44 0 d-----w- c:\program files (x86)\common files\Symantec Shared

2010-01-05 04:54:56 65536 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TM.blf

2010-01-05 04:54:56 524288 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TMContainer00000000000000000002.regtrans-ms

2010-01-05 04:54:56 524288 --sha-w- c:\users\jorge\NTUSER.DAT{bb85e2b4-f8e5-11de-be0e-002618b35a42}.TMContainer00000000000000000001.regtrans-ms

2010-01-05 04:49:49 0 d-----w- c:\program files (x86)\CleanMyPC

2010-01-05 00:23:49 0 d-----w- c:\users\jorge\appdata\roaming\HP Support Assistant

2010-01-05 00:23:44 0 d-----w- c:\users\jorge\appdata\roaming\HpUpdate

2010-01-05 00:00:38 0 d-----w- c:\program files (x86)\JRE

2010-01-05 00:00:34 0 d-----w- c:\program files (x86)\OpenOffice.org 3

2010-01-05 00:00:03 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-01-04 09:52:28 0 d-----w- c:\users\jorge\Tracing

2010-01-04 09:28:55 0 d-----w- c:\program files (x86)\Microsoft

2010-01-04 09:28:34 0 d-----w- c:\program files (x86)\Windows Live SkyDrive

2010-01-04 09:28:01 0 d-----w- c:\windows\PCHEALTH

2010-01-04 09:08:15 0 d-----w- c:\program files (x86)\Pando Networks

2010-01-04 09:08:02 0 d-----w- c:\program files (x86)\common files\Windows Live

2010-01-04 05:10:37 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment

2010-01-04 03:42:49 20 ----a-w- c:\windows\syswow64\SYSTEM

2010-01-04 03:40:48 212352 ------w- c:\windows\system32\MpSigStub.exe

2010-01-04 03:40:16 0 d-----w- c:\program files (x86)\AVG

2010-01-04 03:38:29 0 d-----w- c:\program files\WinRAR

2010-01-04 03:05:43 0 d-----w- c:\programdata\Recovery

2010-01-04 02:15:43 0 d-----w- c:\users\jorge\appdata\roaming\PictureMover

2010-01-04 02:12:37 0 d-----w- c:\users\jorge\appdata\roaming\HP TCS

==================== Find3M ====================

2010-01-04 02:12:21 1686 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NY540AA-ABA CQ5210F_YC_0Pres_QCNX942_E94NAv6PrA2_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.49_T090806_WUH0_L409_M2943_J500_7AMD_8Athlon II X2 215_92.7_#091130_N10DE03EF_Z11C10630_G10DE03D0.MRK

2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll

2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll

2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll

2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll

2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:04:31.20 ===============

Malwarebytes' Anti-Malware 1.43

Database version: 3506

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/24/2010 12:09:28 AM

mbam-log-2010-01-24 (00-09-28).txt

Scan type: Quick Scan

Objects scanned: 28073

Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Your version of MBAM is still out of date. We are currently on version 1.44 and you have 1.43; please update to the latest version before scanning again.

Malwarebytes' Anti-Malware 1.44

Database version: 3644

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/27/2010 1:57:39 AM

mbam-log-2010-01-27 (01-57-39).txt

Scan type: Quick Scan

Objects scanned: 28904

Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi jorge,

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your Desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.