Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Concerned about key-logging software, etc.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ant S

Ant S

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2011 - 02:37 PM

Hi,

I've just discovered that my eBay account has been hacked. Purchases have been made and paid for via my PayPal account.

Nobody else had my passwords. The delivery address for the goods purchased on eBay was not very far from mine. This leads me to think that the passwords may have been obtained from a public-access PC I'd used.

That said, I'm still worried that my PC could be harbouring key-logging or similar spyware. If someone could advise me of the best way to scan my PC for this type of malware, I'd be very grateful.

I'm running Microsoft Windows XP Home Edition SP3 and use Windows firewall and Microsoft Security Essentials. I have logs for TCPView, GMER, Malwarebytes Antimalware, DDS, MBRCheck and TDSSKiller if they would be helpful.

If this post would be better in another forum, please feel free to move it.

Ant :)

Edited by Ant S, 13 January 2011 - 02:38 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:44 AM

Posted 13 January 2011 - 05:24 PM

Post the gmer and tcpview logs. You can post the DDS log as well. If it looks like a standard infection is present I will advise you to post in a different forum.

#3 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2011 - 06:11 PM

Thanks, Grinler. Posts are below.

#4 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2011 - 06:14 PM

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-13 01:32:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_DK23BA-10 rev.00E2A0A0
Running: bjedr1ep.exe; Driver: C:\DOCUME~1\Ant\LOCALS~1\Temp\awtorpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#5 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2011 - 06:17 PM

TCPView log

[System Process] 0 TCP satellite1800 1401 www.bleepingcomputer.com:http http TIME_WAIT
[System Process] 0 TCP satellite1800 1419 209.85.143.96:http http TIME_WAIT 1 612 1 627
[System Process] 0 TCP satellite1800 1409 89.145.95.22:http http TIME_WAIT
[System Process] 0 TCP satellite1800 1417 ec2-79-125-116-170.eu-west-1.compute.amazonaws.com:http http TIME_WAIT
[System Process] 0 TCP satellite1800 1420 dp1.mail.live.com:http http TIME_WAIT 1 424 3 1,669
[System Process] 0 TCP satellite1800 1422 65.54.186.10:https https TIME_WAIT 3 2,908 9 11,125
[System Process] 0 TCP satellite1800 1427 a92-122-212-56.deploy.akamaitechnologies.com:http http TIME_WAIT
ALG.EXE 256 TCP Satellite1800 1028 Satellite1800 0 LISTENING
BecHelperService.exe 1404 TCP Satellite1800 22913 Satellite1800 0 LISTENING
chrome.exe 3404 TCP satellite1800 1113 209.85.146.102 http ESTABLISHED 30 19,231 15 4,578
chrome.exe 3404 TCP satellite1800 1152 209.85.143.155 http ESTABLISHED 18 20,154 41 66,706
chrome.exe 3404 TCP satellite1800 1156 95.101.132.74 http ESTABLISHED 10 6,521 24 27,132
chrome.exe 3404 TCP satellite1800 1179 wy-in-f139.1e100.net http ESTABLISHED 12 10,596 12 3,740
chrome.exe 3404 TCP satellite1800 1260 a92-122-127-242.deploy.akamaitechnologies.com http ESTABLISHED 12 6,265 13 8,621
chrome.exe 3404 TCP satellite1800 1285 lhr14s02-in-f148.1e100.net http ESTABLISHED 6 3,933 9 13,537
chrome.exe 3404 TCP satellite1800 1287 netblk-207-171-14-112.adconion.com http ESTABLISHED 3 2,693 5 8,300
chrome.exe 3404 TCP satellite1800 1293 195.27.30.59 http ESTABLISHED 12 9,859 86 428,258
chrome.exe 3404 TCP satellite1800 1328 209.85.146.149 http ESTABLISHED 4 1,516 25 130,930
chrome.exe 3404 TCP satellite1800 1358 209.85.143.165 http ESTABLISHED 8 9,333 53 218,788
chrome.exe 3404 TCP satellite1800 1393 ww-in-f120.1e100.net https ESTABLISHED
chrome.exe 3404 TCP satellite1800 1400 209.85.143.155 http ESTABLISHED 3 3,550 5 6,836
chrome.exe 3404 TCP satellite1800 1405 209.85.143.152 http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1415 ec2-79-125-116-170.eu-west-1.compute.amazonaws.com http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1439 64.4.45.57 http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1444 199.93.42.126:http http CLOSE_WAIT 1 997 4 7,481
chrome.exe 3404 TCP satellite1800 1447 cds247.lon9.msecn.net:http http CLOSE_WAIT 1 440 1 877
chrome.exe 3404 TCP satellite1800 1443 cds249.lon9.msecn.net http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1445 199.93.42.126 http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1436 64.4.45.57 http ESTABLISHED 1 2,104 1 1,171
chrome.exe 3404 TCP satellite1800 1448 cds247.lon9.msecn.net:http http CLOSE_WAIT 1 460 1 536
chrome.exe 3404 TCP satellite1800 1426 a92-122-212-56.deploy.akamaitechnologies.com http ESTABLISHED 2 3,367 1 1,185
chrome.exe 3404 TCP satellite1800 1446 a92-122-212-72.deploy.akamaitechnologies.com http ESTABLISHED 1 541 6 13,469
chrome.exe 3404 TCP satellite1800 1438 msn1-cal-fd17.cal.hotmail.com http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1449 cds247.lon9.msecn.net:http http CLOSE_WAIT 1 440 1 423
chrome.exe 3404 TCP satellite1800 ms-sql-s cds227.lon9.msecn.net:http http CLOSE_WAIT 1 481 2 1,808
chrome.exe 3404 TCP satellite1800 1442 cds249.lon9.msecn.net http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1450 cds247.lon9.msecn.net http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1451 cds46.lon9.msecn.net:http http CLOSE_WAIT 1 442 6 25,064
chrome.exe 3404 TCP satellite1800 1452 207.46.31.120 http CLOSE_WAIT 1 2,241 1 633
chrome.exe 3404 TCP satellite1800 1462 cds46.lon9.msecn.net http ESTABLISHED 1 442 3 3,756 442 3,756 1 3
chrome.exe 3404 TCP satellite1800 1460 a92-122-212-56.deploy.akamaitechnologies.com http ESTABLISHED 2 5,767 2 1,850 5,767 1,850 2 2
chrome.exe 3404 TCP satellite1800 1464 a92-122-212-72.deploy.akamaitechnologies.com http SYN_SENT
chrome.exe 3404 TCP satellite1800 1456 65.55.149.123 http ESTABLISHED
chrome.exe 3404 TCP satellite1800 1459 cds46.lon9.msecn.net http ESTABLISHED
LSASS.EXE 520 UDP Satellite1800 isakmp * *
LSASS.EXE 520 UDP Satellite1800 4500 * *
SVCHOST.EXE 788 TCP Satellite1800 epmap Satellite1800 0 LISTENING
SVCHOST.EXE 880 UDP satellite1800 ntp * *
SVCHOST.EXE 880 UDP Satellite1800 ntp * *
SVCHOST.EXE 1144 UDP satellite1800 1900 * *
SVCHOST.EXE 1144 UDP Satellite1800 1900 * *
System 4 TCP Satellite1800 microsoft-ds Satellite1800 0 LISTENING
System 4 UDP Satellite1800 microsoft-ds * *
Wilog.exe 2596 UDP Satellite1800 1038 * *

#6 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2011 - 06:20 PM

DDS log (DDS.txt)

DDS (Ver_10-12-12.02) - FAT32x86
Run by Ant at 1:35:09.23 on 13/01/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.495.207 [GMT 0:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ant\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Nectar Search Toolbar BHO: {b7c2f0d8-2209-4693-a15d-5a537211d48b} - c:\program files\nectar search toolbar\Toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Nectar Search Toolbar: {8020143d-5926-4394-a04d-dd0b649da121} - c:\program files\nectar search toolbar\Toolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TFncKy] TFncKy.exe /Type 10
mRun: [TosHKCW.exe] c:\program files\toshiba\wireless hotkey\TosHKCW.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\ant\startm~1\programs\startup\bookso~1.lnk - c:\book\BOOKSU.EXE
StartupFolder: c:\docume~1\ant\startm~1\programs\startup\autoru~1\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: ebay.co.uk
Trusted Zone: google.co.uk
Trusted Zone: google.com
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: microsoft.com
Trusted Zone: msn.com
Trusted Zone: optimusid.com
Trusted Zone: passport.com
Trusted Zone: researchnow.co.uk
Trusted Zone: three.co.uk
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/E/1/F/E1F6B9B3-49AA-42BB-9115-D9FB57768CC2/wmavax.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-4-13 1737464]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-5-1 54752]
R3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [2001-12-6 221824]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [2001-9-24 75776]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

=============== File Associations ===============

txtfile=c:\windows\system32\NOTEPAD.EXE "%1"

=============== Created Last 30 ================

2011-01-12 20:33:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 20:33:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 20:33:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 16:28:25 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{96744821-53d7-4ff9-9636-ac8f45e2443f}\mpengine.dll
2011-01-04 23:02:29 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

==================== Find3M ====================

2010-10-19 21:51:34 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 1:36:02.80 ===============

#7 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2011 - 06:23 PM

DDS log (attach.txt)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/03/2010 18:43:22
System Uptime: 12/01/2011 18:28:04 (7 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel Celeron processor | 370-PIN PGA ZIF SOCKET | 1095/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 9 GiB total, 0.836 GiB free.
D: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: SMC IrCC - Fast Infrared Port
Device ID: ACPI\SMCF010\4&2E6719A8&0
Manufacturer: SMC
Name: SMC IrCC - Fast Infrared Port
PNP Device ID: ACPI\SMCF010\4&2E6719A8&0
Service: SMCIRDA

Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description: Microsoft ACPI-Compliant Control Method Battery
Device ID: ACPI\PNP0C0A\1
Manufacturer: Microsoft
Name: Microsoft ACPI-Compliant Control Method Battery
PNP Device ID: ACPI\PNP0C0A\1
Service: CmBatt

==== System Restore Points ===================

RP295: 05/01/2011 22:57:24 - Software Distribution Service 3.0
RP296: 07/01/2011 01:41:36 - Software Distribution Service 3.0
RP297: 08/01/2011 10:03:27 - Software Distribution Service 3.0
RP298: 09/01/2011 11:17:49 - Software Distribution Service 3.0
RP299: 12/01/2011 10:57:46 - System Checkpoint
RP300: 12/01/2011 16:28:14 - Software Distribution Service 3.0

==== Installed Programs ======================

3Connect
ABBYY FineReader 4.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe SVG Viewer 3.0
ALi Audio Accelerator WDM Driver
ALPS Touch Pad Driver
CCleaner
CmdHere Powertoy For Windows XP
Defraggler
ExamDiff 1.8 (Build 1.8.0.5)
File List Viewer
GetDataBack for FAT
Google Chrome
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB976002-v5)
HP Product Detection
HP RecordNow
ImgBurn
IrfanView (remove only)
Junk Mail filter update
L&H TTS3000 British English
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Nectar Search Toolbar
Network Device Switch
ReadPlease 2003/ReadPlease PLUS 2003
Recuva
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB923789)
Segoe UI
Speccy
STARWARS: The Battle of Endor version 2.1
STARWARS: The Battle of Yavin version 1.1
TOSHIBA Console
TOSHIBA Controls
Toshiba Manuals
TOSHIBA Power Saver
Toshiba Soft Modem AMR
TOSHIBA Software Modem
Toshiba Utilities
Tweak UI
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Support Tools
Windows XP Service Pack 3
WinMerge 2.12.4
Wireless Hotkey
WordWeb
ZTE_MF627_USB_MODEM_1.2059.0.4

==== Event Viewer Messages From Past Week ========

11/01/2011 15:20:21, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/01/2011 15:13:04, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/01/2011 13:05:00, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
09/01/2011 08:14:59, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
09/01/2011 07:55:32, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=2147639286 User: SATELLITE1800\Ant Name: Trojan:Win32/FakeSysdef ID: 2147639286 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.3497.0, AS: 1.95.3497.0 Engine Version: 1.1.6402.0

==== End Of File ===========================

#8 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 19 January 2011 - 07:08 PM

How does it look, Grinler?

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:44 AM

Posted 20 January 2011 - 10:07 AM

Looks like you may have an infection based on your event viewer logs. I suggest you follow the steps here:


http://www.bleepingcomputer.com/forums/topic34773.html

#10 Ant S

Ant S
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 20 January 2011 - 10:27 AM

Thanks, Grinler.

Unless you suggest otherwise I'll start a new thread in Virus, Trojan, Spyware, and Malware Removal Logs.

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:44 AM

Posted 20 January 2011 - 10:50 AM

That would be the best thing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users