Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • Please log in to reply
10 replies to this topic

#1 Kirsta

Kirsta

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 25 July 2010 - 07:57 AM

I ran the gmer, and DDS as suggested. I had a problem with gmer and was unable to check the following boxes.

System
Sections
Devices
Modules
Processes
Threads
Libraries

They were all grayed out.

When I ran the scan it did not give me an option to save a log, it just said that gmer did not find anything wrong.

I like to play games. Recently I was told that one of my accounts was hacked, and suspended. Nothing came up on normal scans. I was hoping that someone could tell me if there is anything unsafe on my computer.

Thanks in advance,
Kirsta


-----------------------


DDS (Ver_10-03-17.01) - NTFSX64
Run by Cathy at 8:30:42.46 on Sun 07/25/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2551 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lxdmcoms.exe
C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cathy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files (x86)\digital line detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bookworm_adventures/popcaploader_v10.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [lxdmmon.exe] "c:\program files (x86)\lexmark 5000 series\lxdmmon.exe"
mRun-x64: [lxdmamon] "c:\program files (x86)\lexmark 5000 series\lxdmamon.exe"
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\cathy\appdata\roaming\mozilla\firefox\profiles\8sby38eg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centurylink.net/
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-7-2 55024]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-8-6 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-8-6 35536]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-8-6 317520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-4 202752]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-4 6789632]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-4 221184]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2009-7-2 411136]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-07-15 13:33:10 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-05 17:19:40 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-07-05 17:17:59 0 d-----w- c:\program files\Microsoft Security Essentials

==================== Find3M ====================

2010-07-15 19:37:33 1272 ----a-w- c:\users\cathy\appdata\roaming\wklnhst.dat
2010-07-15 13:33:13 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-15 13:32:23 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-06-02 13:45:45 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-06-01 17:37:48 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 16:24:40 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-27 16:24:39 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-27 16:24:38 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 02:09:32 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-21 02:09:32 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-21 02:09:32 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-21 02:09:32 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-05 02:43:40 19735040 ----a-w- c:\windows\system32\atio6axx.dll
2010-05-05 02:19:48 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-05 02:19:38 506880 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-05-05 02:18:36 584704 ----a-w- c:\windows\system32\aticfx64.dll
2010-05-05 02:16:04 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-05 02:15:56 455168 ----a-w- c:\windows\system32\atieclxx.exe
2010-05-05 02:15:10 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2010-05-05 02:14:44 15024128 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-05-05 02:13:38 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-05-05 02:13:20 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-05-05 02:13:10 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-05-05 02:12:56 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-05-05 02:12:50 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-05-05 02:12:44 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-05-05 02:12:36 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-05-05 02:08:46 3611648 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-05-05 01:56:30 4225536 ----a-w- c:\windows\system32\atidxx64.dll
2010-05-05 01:41:48 3788288 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-05-05 01:41:12 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-05-05 01:41:10 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-05-05 01:41:02 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-05-05 01:41:00 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-05-05 01:40:50 5194752 ----a-w- c:\windows\system32\aticaldd64.dll
2010-05-05 01:38:58 4022272 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-05-05 01:35:00 55296 ----a-w- c:\windows\system32\coinst.dll
2010-05-05 01:33:24 4902400 ----a-w- c:\windows\system32\atiumd64.dll
2010-05-05 01:24:38 2738176 ----a-w- c:\windows\system32\atiumd6a.dll
2010-05-05 01:24:02 334336 ----a-w- c:\windows\system32\atiadlxx.dll
2010-05-05 01:23:52 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-05-05 01:23:40 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-05-05 01:23:36 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-05-05 01:23:36 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-05-05 01:23:32 16384 ----a-w- c:\windows\system32\atig6txx.dll
2010-05-05 01:23:28 15360 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-05-05 01:22:36 36864 ----a-w- c:\windows\system32\atiuxp64.dll
2010-05-05 01:22:26 28160 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-05-05 01:22:20 28160 ----a-w- c:\windows\system32\atiu9p64.dll
2010-05-05 01:22:12 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-05-05 01:21:52 26112 ----a-w- c:\windows\system32\atitmp64.dll
2010-05-05 01:19:16 3015680 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-05-05 01:08:42 53248 ----a-w- c:\windows\system32\atimpc64.dll
2010-05-05 01:08:42 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2010-05-05 01:08:38 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-05-05 01:08:38 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 21:17:50 2110 ----a-w- c:\windows\syswow64\atipblag.dat
2010-04-28 21:17:50 2110 ----a-w- c:\windows\system32\atipblag.dat
2009-12-19 10:25:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-24 02:29:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-31 07:37:55 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-02 20:41:17 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-02 20:41:17 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-02 20:41:17 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-06 16:57:42 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-22 14:04:31 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-02-22 14:04:31 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-02-22 14:04:31 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-02 17:51:58 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:30:59.38 ===============

Attached Files


Edited by Kirsta, 25 July 2010 - 08:03 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:56 AM

Posted 03 August 2010 - 03:25 PM

hi Kirsta,

Your log is a few days old. If you still need help do this as a start:

Please download Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#3 Kirsta

Kirsta
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 03 August 2010 - 06:39 PM

Hey smile.gif

Thanks so much for your reply. I am running the scan now and will post the log as soon as it is finished.

-Kirsta

#4 Kirsta

Kirsta
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 03 August 2010 - 07:07 PM

Here is the log you requested.

Thanks for your help.
-Kirsta

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4386

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/3/2010 8:05:26 PM
mbam-log-2010-08-03 (20-05-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 279409
Time elapsed: 1 hour(s), 1 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#5 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:56 AM

Posted 03 August 2010 - 08:44 PM

hi,

Looks like you already Malwarebytes, in any case it didnt find any malware. Are you having any signs of malware like popups or web page redirection?
Log looks ok to me. You can do a online scan for another opinion:

SET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

somebody must have gotten your account login password. If you havent yet you should change it and use strong passwords:

Password strength check

A strong password is defined as any password which meets the following criteria:

At least fifteen (15) characters in length.
Does not contain your user name, real name, organization name, family member's names or names of your pets.
Does not contain your birth date.
Does not contain a complete dictionary word.
Is significantly different from your previous password.


Should contain three (3) of the following character types.
Lowercase Alphabetical (a, b, c, etc.)
Uppercase Alphabetical (A, B, C, etc.)
Numerics (0, 1, 2, etc.)
Special Characters (@, %, !, etc.)

How Can I Reduce My Risk to Malware?


#6 Kirsta

Kirsta
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 03 August 2010 - 11:27 PM

Both my password and user name are very obscure, and secure. I can't imagine how anyone could guess them. I only use this computer when I play, and I have never let anyone use my account.

I have not had any symptoms of an infection of any sort. The computer boots up smoothly, runs smoothly. No pop-ups, redirects, or anything that would lead me to believe I have any type of bug.

I was completely shocked when the support center said my account was hacked and needed me to verify that I was in fact the owner of the account. Aside from my gaming accounts, this is also my computer for work, and security is important as I do purchase orders for stores.


Here is the log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


#7 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:56 AM

Posted 04 August 2010 - 08:15 PM

Have you checked the Games support page for information about how a account might get hacked, what you should do etc. Your computer appears to be malware free from what I can tell. You sure the contact was really support and not a phishing E-mail asking you for details.
Are a up to date AVG and Windows defender coming up clean also after a scan?

How Can I Reduce My Risk to Malware?


#8 Kirsta

Kirsta
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 05 August 2010 - 01:42 AM

Logging in to the game after I entered my user name and password I got a message saying my account was suspended and to contact support. It was already late in the day so I called the next day. The communication was verbal, not through email.

Their website has all the standard information on account security.

My AVG and Windows Defender are up to date, as well as Microsoft security essentials.

I personally found nothing wrong with this computer. I do have 2 other computers, I just never use them for playing games. I did scans on them as well and found nothing wrong.

If you say you found nothing I am ok with that. I found nothing either LOL I am no expert though, I just needed to be 100% sure, and this was where I came to find out.



#9 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:56 AM

Posted 05 August 2010 - 05:14 PM

hi,

Well based on the logs I dont see any malware present that I can identify and neither did any of the scans. It would be interesting to know how support arrived at that conclusion. The only way I know how they might be stolen is via malware present on your machine which you appear not to have, social engineering tricks or vulnerabilities. I am not a gamer so may not be totally up to date on methods/tricks used to compromise accounts, no doubt there are many. If you find out I would be interested to know.

How Can I Reduce My Risk to Malware?


#10 Kirsta

Kirsta
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 05 August 2010 - 05:51 PM

I called support again today and actually asked that same question. The person I spoke with said she does not know exactly what happened, just says in the notes that the account was accessed by a third party and that the account was blocked for my security.

They have restored my account now that I am sure my PC is safe.

Thank you for your help, and if I am told anything useful I will certainly let you know.

-Kirsta

#11 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:56 AM

Posted 06 August 2010 - 03:15 PM

Your welcome and thanks for the info. Maybe there server was accessed? Unlikely they would admit it. You can delete the Gmer and DDS icon form your desktop. Note that the free version of Malwarebytes must be updated manually and a scan started manually.
Anyway Happy Safe Surfing "out there"

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users