Jump to content

[HijackThis] Please look [Still Unsolved]

J35u5_M4

By J35u5_M4
in Tech and Computers

 Share

Recommended Posts

J35u5_M4

J35u5_M4

Posted
Posted

Ok, can someone take a look at this log so I know if I have a virus/keylogger or anything? Thanks!

 

 

 

[hide=Log]Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 09:40:59 p.m., on 02/01/2009

 

Platform: Windows XP SP3 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

C:\Archivos de programa\Bonjour\mDNSResponder[Caution: Executable File]

 

C:\Archivos de programa\Java\jre6\bin\jqs[Caution: Executable File]

 

C:\Archivos de programa\McAfee\SiteAdvisor\McSACore[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\MSC\mcmscsvc[Caution: Executable File]

 

c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc[Caution: Executable File]

 

c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MPF\MPFSrv[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MSK\MskSrver[Caution: Executable File]

 

C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService[Caution: Executable File]

 

C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\NICServ[Caution: Executable File]

 

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

c:\ARCHIV~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\WINDOWS\RTHDCPL[Caution: Executable File]

 

C:\WINDOWS\system32\RUNDLL32[Caution: Executable File]

 

C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor[Caution: Executable File]

 

C:\Archivos de programa\Java\jre6\bin\jusched[Caution: Executable File]

 

C:\Archivos de programa\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Archivos de programa\HP\HP Software Update\HPWuSchd[Caution: Executable File]

 

C:\Archivos de programa\HP\hpcoretech\hpcmpmgr[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor[Caution: Executable File]

 

C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg[Caution: Executable File]

 

C:\WINDOWS\system32\wbem\wmiapsrv[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService[Caution: Executable File]

 

C:\Archivos de programa\iPod\bin\iPodService[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File]

 

C:\Documents and Settings\Jesus Maria\Mis documentos\Online Games\Cabal Online\Cabal-Extreme\cabalmain[Caution: Executable File]

 

C:\Archivos de programa\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcods[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MSC\mcshell[Caution: Executable File]

 

c:\ARCHIV~1\mcafee\VIRUSS~1\mcvsshld[Caution: Executable File]

 

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ve.search.yahoo.com/search?fr=mcafee&p=%s

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARCHIV~1\mcafee\msk\mskapbho.dll

 

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL

 

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll

 

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan\scriptsn.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

 

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL[Caution: Executable File]

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR[Caution: Executable File]

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck[Caution: Executable File]

 

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor[Caution: Executable File]"

 

O4 - HKLM\..\Run: [mcagent_exe] "C:\Archivos de programa\McAfee.com\Agent\mcagent[Caution: Executable File]" /runkey

 

O4 - HKLM\..\Run: [McENUI] C:\ARCHIV~1\McAfee\MHN\McENUI[Caution: Executable File] /hide

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr[Caution: Executable File]"

 

O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor[Caution: Executable File]"

 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SERVICIO LOCAL')

 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Servicio de red')

 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Default user')

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

O4 - Global Startup: TEW-623PI Wireless Client Utility.lnk = ?

 

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs[Caution: Executable File]

 

O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll

 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL

 

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder[Caution: Executable File]

 

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs[Caution: Executable File]

 

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Archivos de programa\McAfee\SiteAdvisor\McSACore[Caution: Executable File]

 

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcmscsvc[Caution: Executable File]

 

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc[Caution: Executable File]

 

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods[Caution: Executable File]

 

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy[Caution: Executable File]

 

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File]

 

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File]

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv[Caution: Executable File]

 

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Archivos de programa\McAfee\MSK\MskSrver[Caution: Executable File]

 

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService[Caution: Executable File]

 

O23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\NICServ[Caution: Executable File]

 

O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService[Caution: Executable File]

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: Executable File]

 

 

 

--

 

End of file - 9444 bytes[/hide]

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

Link to comment
Share on other sites
Dracion1

Dracion1

Posted
Posted

Have you considered the possibility you might not have one? :P Might be best to run HijackThis though, and post the log on here so someone can check for you.

 

 

 

McAfee isn't a very good AV anyway. Try something else like Avira (free) or NOD32 (pay for).

draciontheman.png

 

"In the beginning, the universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
Link to comment
Share on other sites
J35u5_M4

J35u5_M4

Posted
  • Author
Posted
Have you considered the possibility you might not have one? :P Might be best to run HijackThis though, and post the log on here so someone can check for you.

 

 

 

McAfee isn't a very good AV anyway. Try something else like Avira (free) or NOD32 (pay for).

 

 

 

Are you telling me one of the most used AV in world isn't good enough? I pay 50$ a year for it, a lot of banks use it, I believe this is one of the bests AV.

 

 

 

What's HijackThis?. I've heard it puts everything in system, is it safe?

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

Link to comment
Share on other sites
Nadril

Nadril

Posted
Posted
Have you considered the possibility you might not have one? :P Might be best to run HijackThis though, and post the log on here so someone can check for you.

 

 

 

McAfee isn't a very good AV anyway. Try something else like Avira (free) or NOD32 (pay for).

 

 

 

Are you telling me one of the most used AV in world isn't good enough? I pay 50$ a year for it, a lot of banks use it, I believe this is one of the bests AV.

 

 

 

:lol: :lol: :lol:

 

 

 

 

 

What's HijackThis?. I've heard it puts everything in system, is it safe?

 

 

 

It doesn't do anything to your computer, it's just a more advanced scanner. Scan with it and post the log here.

Link to comment
Share on other sites
NuckingFuts

NuckingFuts

Posted
Posted
Have you considered the possibility you might not have one? :P Might be best to run HijackThis though, and post the log on here so someone can check for you.

 

 

 

McAfee isn't a very good AV anyway. Try something else like Avira (free) or NOD32 (pay for).

 

 

 

Are you telling me one of the most used AV in world isn't good enough? I pay 50$ a year for it, a lot of banks use it, I believe this is one of the bests AV.

 

 

 

 

No offence but that made me LOL in real life. I would go with that recommendation of getting something like NOD32, and then ZoneAlarm as a firewall.

 

 

 

Do the HijackThis scan, post the log, if it picks something up, be sure to remove it and then change all of your passwords.

Link to comment
Share on other sites
NuckingFuts

NuckingFuts

Posted
Posted
is it virus free? and what do I do with the log?

 

 

 

VirusTotal agrees with Nadril and says the program is virus free. (Online Scanner using 38 different AV)

 


http://www.virustotal.com/analisis/4dbbda429f39246e2a00591dbb4fddda

 

 

 

Logs can be shared on TIF, other forums, or with your friends and family.

Link to comment
Share on other sites
J35u5_M4

J35u5_M4

Posted
  • Author
Posted

Ok, so I *think* I have a keylogger, I don't think I do but just in case, can someone check this and tell me if there is anything wrong? thanks

 

 

 

[hide=Log]Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 09:40:59 p.m., on 02/01/2009

 

Platform: Windows XP SP3 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

C:\Archivos de programa\Bonjour\mDNSResponder[Caution: Executable File]

 

C:\Archivos de programa\Java\jre6\bin\jqs[Caution: Executable File]

 

C:\Archivos de programa\McAfee\SiteAdvisor\McSACore[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\MSC\mcmscsvc[Caution: Executable File]

 

c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc[Caution: Executable File]

 

c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MPF\MPFSrv[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MSK\MskSrver[Caution: Executable File]

 

C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService[Caution: Executable File]

 

C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\NICServ[Caution: Executable File]

 

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

c:\ARCHIV~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\WINDOWS\RTHDCPL[Caution: Executable File]

 

C:\WINDOWS\system32\RUNDLL32[Caution: Executable File]

 

C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor[Caution: Executable File]

 

C:\Archivos de programa\Java\jre6\bin\jusched[Caution: Executable File]

 

C:\Archivos de programa\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Archivos de programa\HP\HP Software Update\HPWuSchd[Caution: Executable File]

 

C:\Archivos de programa\HP\hpcoretech\hpcmpmgr[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor[Caution: Executable File]

 

C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg[Caution: Executable File]

 

C:\WINDOWS\system32\wbem\wmiapsrv[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService[Caution: Executable File]

 

C:\Archivos de programa\iPod\bin\iPodService[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File]

 

C:\Documents and Settings\Jesus Maria\Mis documentos\Online Games\Cabal Online\Cabal-Extreme\cabalmain[Caution: Executable File]

 

C:\Archivos de programa\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcods[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MSC\mcshell[Caution: Executable File]

 

c:\ARCHIV~1\mcafee\VIRUSS~1\mcvsshld[Caution: Executable File]

 

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ve.search.yahoo.com/search?fr=mcafee&p=%s

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARCHIV~1\mcafee\msk\mskapbho.dll

 

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL

 

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll

 

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan\scriptsn.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

 

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL[Caution: Executable File]

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR[Caution: Executable File]

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck[Caution: Executable File]

 

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor[Caution: Executable File]"

 

O4 - HKLM\..\Run: [mcagent_exe] "C:\Archivos de programa\McAfee.com\Agent\mcagent[Caution: Executable File]" /runkey

 

O4 - HKLM\..\Run: [McENUI] C:\ARCHIV~1\McAfee\MHN\McENUI[Caution: Executable File] /hide

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr[Caution: Executable File]"

 

O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor[Caution: Executable File]"

 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SERVICIO LOCAL')

 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Servicio de red')

 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Default user')

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

O4 - Global Startup: TEW-623PI Wireless Client Utility.lnk = ?

 

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs[Caution: Executable File]

 

O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll

 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL

 

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder[Caution: Executable File]

 

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs[Caution: Executable File]

 

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Archivos de programa\McAfee\SiteAdvisor\McSACore[Caution: Executable File]

 

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcmscsvc[Caution: Executable File]

 

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc[Caution: Executable File]

 

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods[Caution: Executable File]

 

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy[Caution: Executable File]

 

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File]

 

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File]

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv[Caution: Executable File]

 

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Archivos de programa\McAfee\MSK\MskSrver[Caution: Executable File]

 

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService[Caution: Executable File]

 

O23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\NICServ[Caution: Executable File]

 

O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService[Caution: Executable File]

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: Executable File]

 

 

 

--

 

End of file - 9444 bytes[/hide]

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

Link to comment
Share on other sites
pryomancer

pryomancer

Posted
Posted
Ok, so I *think* I have a keylogger, I don't think I do but just in case, can someone check this and tell me if there is anything wrong? thanks

 

 

 

[hide=Log]Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 09:40:59 p.m., on 02/01/2009

 

Platform: Windows XP SP3 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

C:\Archivos de programa\Bonjour\mDNSResponder[Caution: Executable File]

 

C:\Archivos de programa\Java\jre6\bin\jqs[Caution: Executable File]

 

C:\Archivos de programa\McAfee\SiteAdvisor\McSACore[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\MSC\mcmscsvc[Caution: Executable File]

 

c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc[Caution: Executable File]

 

c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MPF\MPFSrv[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MSK\MskSrver[Caution: Executable File]

 

C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService[Caution: Executable File]

 

C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\NICServ[Caution: Executable File]

 

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

c:\ARCHIV~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\WINDOWS\RTHDCPL[Caution: Executable File]

 

C:\WINDOWS\system32\RUNDLL32[Caution: Executable File]

 

C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor[Caution: Executable File]

 

C:\Archivos de programa\Java\jre6\bin\jusched[Caution: Executable File]

 

C:\Archivos de programa\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Archivos de programa\HP\HP Software Update\HPWuSchd[Caution: Executable File]

 

C:\Archivos de programa\HP\hpcoretech\hpcmpmgr[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor[Caution: Executable File]

 

C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg[Caution: Executable File]

 

C:\WINDOWS\system32\wbem\wmiapsrv[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService[Caution: Executable File]

 

C:\Archivos de programa\iPod\bin\iPodService[Caution: Executable File]

 

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File]

 

C:\Documents and Settings\Jesus Maria\Mis documentos\Online Games\Cabal Online\Cabal-Extreme\cabalmain[Caution: Executable File]

 

C:\Archivos de programa\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\ARCHIV~1\McAfee\VIRUSS~1\mcods[Caution: Executable File]

 

C:\Archivos de programa\McAfee\MSC\mcshell[Caution: Executable File]

 

c:\ARCHIV~1\mcafee\VIRUSS~1\mcvsshld[Caution: Executable File]

 

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ve.search.yahoo.com/search?fr=mcafee&p=%s

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARCHIV~1\mcafee\msk\mskapbho.dll

 

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL

 

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll

 

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan\scriptsn.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

 

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL[Caution: Executable File]

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR[Caution: Executable File]

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck[Caution: Executable File]

 

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor[Caution: Executable File]"

 

O4 - HKLM\..\Run: [mcagent_exe] "C:\Archivos de programa\McAfee.com\Agent\mcagent[Caution: Executable File]" /runkey

 

O4 - HKLM\..\Run: [McENUI] C:\ARCHIV~1\McAfee\MHN\McENUI[Caution: Executable File] /hide

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr[Caution: Executable File]"

 

O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor[Caution: Executable File]"

 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SERVICIO LOCAL')

 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Servicio de red')

 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Default user')

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

O4 - Global Startup: TEW-623PI Wireless Client Utility.lnk = ?

 

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs[Caution: Executable File]

 

O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll

 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL

 

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll

 

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder[Caution: Executable File]

 

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs[Caution: Executable File]

 

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Archivos de programa\McAfee\SiteAdvisor\McSACore[Caution: Executable File]

 

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcmscsvc[Caution: Executable File]

 

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc[Caution: Executable File]

 

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods[Caution: Executable File]

 

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy[Caution: Executable File]

 

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield[Caution: Executable File]

 

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon[Caution: Executable File]

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv[Caution: Executable File]

 

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Archivos de programa\McAfee\MSK\MskSrver[Caution: Executable File]

 

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService[Caution: Executable File]

 

O23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Archivos de programa\TRENDnet\TEW-623PI Wireless Client Utility\NICServ[Caution: Executable File]

 

O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService[Caution: Executable File]

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: Executable File]

 

 

 

--

 

End of file - 9444 bytes[/hide]

 

 

 

Merged. Just keep this topic open..

spacescenev24.jpg
Link to comment
Share on other sites
D. V. Devnull

D. V. Devnull

Posted
Posted

I just looked through that whole log... I can't find anything. :|

 

 

 

TBH, if you do have a keylogger, McAfee is one of the worst AV in the world to be running. McAfee, Norton, and AVG all stink at the moment. (Unknown to some, McAfee also has a load of backdoors, which basically leaves your PC looking like an open house.) NOD32, Avira, Kaspersky, and ClamAV (Windows Version, possibly named "ClamWin") are all far better options. Heck, I use NOD32 myself, and it has protected me on-the-fly from totally new viruses that somehow got onto sites I trusted. (Obviously, I don't trust those sites anymore. Sure is annoying to find out that your favorite music lyrics site has been overrun by black-hat hackers, though.) :geek:

 

 

 

I wish you well on switching to an alternate AV/FireWall layout, J35u5_M4... These days, it is hard to keep a computer safe and protected. :?

 

 

 

~D. V. "Using the right security packages are critical." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites
J35u5_M4

J35u5_M4

Posted
  • Author
Posted

I know McAfee isn't that great, read some reviews on the internet but my dad says we're keeping McAfee, good or not, so..I don't have a choice about changing AV (He's also gonna kill me if he finds a new AV on my computer :ohnoes: ), all I was wondering was if I had some weird program in that log, because I got myself into a scam site by accident, and someone told me they have keyloggers some times, so I just wanted to make sure

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

Link to comment
Share on other sites
D. V. Devnull

D. V. Devnull

Posted
Posted

In that case, make sure (only if you haven't done it already) that you download, install, and run these:

 

 

 

  1. [*:1fmljcvj]Spybot S&D --
http://www.safer-networking.org/
 
(Choose your language to access the site... I made no assumptions. Also, when installing, don't enable the real-time protection on this one. While Spybot S&D is a good product, the real-time protection can - and usually does - interfere with some of what people do.)
 
[*:1fmljcvj]Lavasoft's AdAware -- http://www.lavasoft.com/products/ad_aware_free.php
 
(You'll need to be on an Administrator ID to install this, just as with most any program install these days... The service that runs underneath Windows' hood is a good thing to have.)
 
[*:1fmljcvj]MalwareBytes' Anti-Malware -- http://www.malwarebytes.org/mbam.php
 
(I don't need to say much here. It does what it says.)

 

 

 

But, only clean out actual spyware/malware, and those pesky cookies that actually come from advert firms. (Who the heck wants an advert firm tracking them anyway? I think we would both like to have our privacy!) Everything else should be left alone. BTW, if you can't figure out what should be removed, then come back with logs from scanning with the utilities I've mentioned. Post those logs to the thread, and those who know about the bad items will help you out. Remember, you don't have to make a choice until you know what an item is.

 

 

 

~D. V. "Knowledge is the real true power." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites
Jaziek

Jaziek

Posted
Posted
Have you considered the possibility you might not have one? :P Might be best to run HijackThis though, and post the log on here so someone can check for you.

 

 

 

McAfee isn't a very good AV anyway. Try something else like Avira (free) or NOD32 (pay for).

 

 

 

Are you telling me one of the most used AV in world isn't good enough? I pay 50$ a year for it, a lot of banks use it, I believe this is one of the bests AV.

 

 

 

:lol: :lol: :lol:

 

 

 

 

 

 

I :lol: ed too, but tbh I shouldnt because I'm using it on this machine. Simply because I cant be arsed to deal with removing the second most stubborn piece of software in the universe.

Tk5SF.png
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept