Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious behavior. Compromised Gmail


  • Please log in to reply
5 replies to this topic

#1 Robert Headley

Robert Headley

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 27 February 2011 - 06:47 PM

I run Microsoft Security essentials and a few months ago I did a Lenovo system restore to factory settings.
I have had a few problems with passwords being compromised (Google) and World of Warcraft. I have sense enabled two part verification for both.

Here is my Log for DDS.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Robert at 16:26:32.62 on Sun 02/27/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2008.508 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Robert\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\UI0Detect.exe
C:\Users\Robert\Downloads\rmsmbt2w.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Robert\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\robert\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Screenshot Captor] "c:\program files\screenshotcaptor\ScreenshotCaptor.exe" /autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\robert\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\robert\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\iobit\advanced systemcare 3\SPICtrl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\robert\appdata\roaming\mozilla\firefox\profiles\4bhzjv9v.default\
FF - prefs.js: browser.startup.homepage - www.digg.com
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 6\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\robert\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\robert\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\robert\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\robert\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

============= SERVICES / DRIVERS ===============

R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-3-22 44544]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl80598cf2;MpKsl80598cf2;c:\programdata\microsoft\microsoft antimalware\definition updates\{246384bc-c35c-4ca4-a75e-b6ca505ed21d}\MpKsl80598cf2.sys [2011-2-27 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-9 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-22 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-22 97536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-3-22 48192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-16 136176]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2010-11-27 21120]
S3 DVL;DVL;c:\users\robert\appdata\local\temp\DVL.exe [2011-2-27 490368]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-9-29 20224]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S4 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S4 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]
S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]

=============== Created Last 30 ================

2011-02-27 18:32:29 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{246384bc-c35c-4ca4-a75e-b6ca505ed21d}\MpKsl80598cf2.sys
2011-02-26 20:51:18 -------- d-----w- c:\users\robert\appdata\local\Secunia PSI
2011-02-26 20:51:03 -------- d-----w- c:\program files\Secunia
2011-02-26 20:43:58 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{246384bc-c35c-4ca4-a75e-b6ca505ed21d}\mpengine.dll
2011-02-26 02:08:16 87608 ----a-w- c:\users\robert\appdata\roaming\inst.exe
2011-02-26 02:08:16 47360 ----a-w- c:\users\robert\appdata\roaming\pcouffin.sys
2011-02-25 06:35:54 -------- d-----w- c:\program files\TweetDeck
2011-02-24 14:46:43 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 14:46:09 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 14:46:09 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 14:46:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 14:46:07 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 14:46:07 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 15:52:13 -------- d-----w- c:\program files\ESET
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-22 12:51:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-02-21 05:34:01 -------- d-----w- c:\users\robert\appdata\roaming\Pencil
2011-02-21 05:34:01 -------- d-----w- c:\users\robert\appdata\local\Pencil
2011-02-21 05:33:48 -------- d-----w- c:\program files\Evolus
2011-02-21 05:28:47 -------- d-----w- c:\users\robert\.foreui
2011-02-19 20:37:17 -------- d-----w- c:\program files\Audacity
2011-02-19 20:36:32 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-02-18 17:24:53 -------- d-----w- c:\users\robert\appdata\roaming\SumatraPDF
2011-02-18 17:24:49 -------- d-----w- c:\program files\SumatraPDF
2011-02-17 19:19:06 -------- d-----w- c:\users\robert\appdata\roaming\MetroTwit
2011-02-16 19:28:47 -------- d-----w- c:\users\robert\appdata\roaming\Titanium
2011-02-16 19:25:35 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-02-15 11:39:03 -------- d-----w- c:\program files\i2p
2011-02-15 07:49:20 -------- d-----w- c:\users\robert\appdata\local\MotionDSP
2011-02-15 07:49:09 -------- d-----w- c:\users\robert\appdata\roaming\MotionDSP
2011-02-15 07:02:39 -------- d-----w- c:\users\robert\appdata\roaming\Azureus
2011-02-15 07:01:14 -------- d-----w- c:\program files\Vuze
2011-02-15 07:00:59 -------- d-----w- c:\users\robert\appdata\local\Conduit
2011-02-13 07:08:03 -------- d-----w- c:\users\robert\appdata\roaming\SUPERAntiSpyware.com
2011-02-13 07:08:03 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-13 07:07:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-13 06:55:39 -------- d-----w- c:\users\robert\appdata\roaming\Malwarebytes
2011-02-13 06:55:29 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-13 06:55:28 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-13 06:55:23 20952 ------w- c:\windows\system32\drivers\mbam.sys
2011-02-13 06:55:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 06:05:25 -------- d-----w- c:\users\robert\appdata\roaming\Comical
2011-02-13 06:05:08 -------- d-----w- c:\program files\Comica
2011-02-05 08:20:42 -------- d-----w- c:\program files\GIMP 2
2011-02-04 01:45:57 -------- d-----w- c:\users\robert\appdata\roaming\Webyog
2011-02-03 22:42:25 -------- d-----w- c:\users\robert\appdata\local\Instantbird
2011-02-02 02:45:20 -------- d-----w- c:\program files\SyncToy 2.1
2011-02-02 02:10:44 -------- d-----w- c:\progra~2\Sync App Settings
2011-02-02 01:01:36 -------- d-----w- c:\program files\Belvedere
2011-02-01 21:38:54 -------- d-----w- c:\users\robert\appdata\local\{5BAABD43-CAA5-4C70-9322-98DCDE0135CC}
2011-02-01 19:10:46 -------- d-----w- c:\users\robert\appdata\roaming\Songbird2
2011-02-01 19:10:46 -------- d-----w- c:\users\robert\appdata\local\Songbird2
2011-01-31 18:31:26 69632 ------w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP97.DLL
2011-01-31 18:31:26 27136 ------w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD97.DLL
2011-01-31 18:31:14 223744 ------w- c:\windows\system32\CNMLM97.DLL

==================== Find3M ====================

2011-02-20 07:21:20 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-02 08:02:28 86016 ------w- c:\windows\system32\frapsvid.dll
2010-11-29 23:38:30 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ------w- c:\windows\system32\QuickTime.qts

============= FINISH: 16:27:26.70 ===============

I have attached attach.txt and ark.txt

Attached Files

  • Attached File  ark.txt   58.76KB   1 downloads
  • Attached File  DDS.txt   23.36KB   0 downloads


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:57 PM

Posted 07 March 2011 - 05:10 PM

hi,

Your log is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 09 March 2011 - 02:17 AM

Yeah, I do. I am currently using Ubuntu because I was concerned that I may have a Trojan. I have no outward signs that I do. What does my log tell you?

#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:57 PM

Posted 09 March 2011 - 06:02 PM

The logs look ok. Are a updated Malwarebytes, Superantispyware and your AV coming up clean after a scan?

How Can I Reduce My Risk to Malware?


#5 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 09 March 2011 - 11:13 PM

yeah, super anti spyware, malwarebytes, up to date microsoft System interals, everything results in a clean result. so I shouldn't worry about having a trojan?

#6 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:57 PM

Posted 10 March 2011 - 08:53 PM

From the DDS log and the apps you have run, then no, no trojan. I would suggest you change your E-mail passwords if you havent already. See if these links help;

link
link

password guidelines:


At least fifteen (15) characters in length.
Does not contain your user name, real name, organization name, family member's names or names of your pets.
Does not contain your birth date.
Does not contain a complete dictionary word.
Is significantly different from your previous password.


Should contain three (3) of the following character types.

Lowercase Alphabetical (a, b, c, etc.)
Uppercase Alphabetical (A, B, C, etc.)
Numerics (0, 1, 2, etc.)
Special Characters (@, %, !, etc.)

The gaming website will also no doubt have tips and suggestions also.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users