Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone is coming on to my computer stealing information


  • This topic is locked This topic is locked
3 replies to this topic

#1 Fruitloopz

Fruitloopz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 08 February 2009 - 08:34 AM

For sometime now I thought I was going nuts. I had went to a online casino it was after we came back from a cruise and they asked me for my email address and I gave it to them and then I got a email and went to their site and then I did play some and I noticed the games were acting very strange like if someone were turning them off and on and let the wheels on slot machines were spinning really fast then they would come to a halt then a pop up comes up saying they are not connected and just very strange stuff, So I contacted them they said they had a hacker problem going on and I told them that I would no longer play there. They sent me a email about the hacker problem, well when monies was starting to be taken from my account I attempted to call these different places there is no answer and a recording only, I asked for business information from the casino they will not tell me anything after I had downloaded their site and after awhile things started to happen my computer when I had shut it off would come on and appear as if it were new and I would have to go thur the motions of re-registering software and stuff. The logs are not there, it is like it is refreshed daily, my clock on the computer the time was changed and not on EST time any more, Sometimes when I am online checking email and such my arrow button or cursor moves by itself. I have had pop ups come up telling me if i log off others on the computer will be logged off too. I do not know what to think. There is money missing out of my bank account again, This is the 3rd time. I truly thought I was losing my mind, but now I am not too sure that is the case. There are no records except for the past couple days because I have been standing guard over the computer between me and a family member. Two nights ago they locked me out of the computer then after awhile I could get back in. Please help me so I can explain this to the authorities if there is anything you as experts see that is causing this I beg you to please help me. The last time they took money from my account is Friday. PLEASE PLEASE help me. I am even willing to pay for your services. I paid someone else $300.00 they said they were part of Microsoft Co-Contracting Group. After I paid them they have not answered my emails nor helped me. They put this icon on my desk top and i am suppose to click it to get them to help me but they never answer it.I am so sick over this and just do not know what to do. Thank you. Also I have screen shots where is shows a isp address is signing in on my computer and then I have a screen shot where it is saying if i Log out is will shut down the other users. I also have other screen shots of strange stuff.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Terri Lynn Welling at 8:11:16.78 on Sun 02/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.581 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\logmein.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\IDT\IntelXPV_v52\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\LJ189E.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\LogMeIn\x86\logmeinsystray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Terri Lynn Welling\Local Settings\Temporary Internet Files\Content.IE5\BJPUILZ8\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://61.16.170.236:8080/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxp://61.16.170.236:8080/officescan/console/html/ClientInstall/setup.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxp://61.16.170.236:8080/officescan/console/html/root/AtxEnc.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232290587021&h=5cdfb8a35cb50c9b51b2dce1c0a54916/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\136\g2ax_winlogon.dll
Notify: LMIinit - LMIinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-16 47640]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-1-8 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-1-8 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-1-8 338448]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2009-1-8 488768]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-1-8 652552]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\136\g2ax_service.exe [2009-1-16 46392]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-08 07:28 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-08 07:28 1,409 a------- c:\windows\QTFont.for
2009-02-05 14:28 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-05 13:25 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-31 11:45 <DIR> --d----- c:\program files\Alien Skin
2009-01-31 11:45 <DIR> --d----- C:\Alien Skin
2009-01-29 00:31 <DIR> --d----- c:\program files\PCPitstop
2009-01-29 00:22 <DIR> --d----- c:\docume~1\terril~1\applic~1\Grisoft
2009-01-29 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-01-28 23:39 <DIR> --d----- c:\program files\Belarc
2009-01-28 23:18 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-28 23:18 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-28 23:18 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-28 23:18 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-28 23:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-28 23:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-28 22:48 <DIR> --d----- C:\OTS
2009-01-28 19:51 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-01-28 19:51 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-01-28 19:51 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-01-28 19:51 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-01-28 19:51 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-01-28 19:51 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-01-28 19:51 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-01-28 14:05 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-28 12:52 <DIR> --d----- c:\windows\pss
2009-01-21 10:15 14,050 a------- c:\windows\cfgall.ini
2009-01-19 16:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-18 12:47 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-18 12:47 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-18 01:26 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-17 22:43 <DIR> --d----- c:\docume~1\terril~1\applic~1\Pogo Games
2009-01-17 22:31 <DIR> --d----- c:\program files\Oberon Media
2009-01-17 22:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-17 22:30 208,744 a------- c:\windows\system32\muweb.dll
2009-01-17 22:30 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-17 20:19 <DIR> --d----- C:\EPSONREG
2009-01-17 20:19 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-01-17 20:17 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-01-17 20:17 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-01-17 20:17 64,000 a------- c:\windows\system32\E_FBCBACA.DLL
2009-01-17 20:17 79,679 a------- c:\windows\system32\E_FLMACA.DLL
2009-01-17 20:17 34,304 a------- c:\windows\system32\E_FBCHACA.DLL
2009-01-17 20:17 <DIR> --d----- c:\program files\epson
2009-01-17 20:17 46,080 a------- c:\windows\system32\escimgd.dll
2009-01-17 20:17 29,696 a------- c:\windows\system32\escwiad.dll
2009-01-17 20:17 22,016 a------- c:\windows\system32\esccmd.dll
2009-01-17 20:16 44 a------- c:\windows\EPCX3800.ini
2009-01-17 20:14 <DIR> --d----- c:\program files\common files\Kodak
2009-01-17 20:14 <DIR> --d----- C:\KPCMS
2009-01-17 20:14 <DIR> --d----- c:\windows\system32\color
2009-01-17 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2009-01-17 20:12 <DIR> --d----- c:\program files\Kodak
2009-01-17 20:09 <DIR> --d----- c:\program files\common files\L&H
2009-01-17 19:58 376 a------- c:\windows\ODBC.INI
2009-01-17 19:57 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-17 19:57 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-17 19:56 <DIR> --d----- c:\windows\SHELLNEW
2009-01-17 19:49 <DIR> --d----- c:\docume~1\terril~1\applic~1\MAGIX
2009-01-17 19:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MAGIX
2009-01-17 19:46 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-01-17 19:46 309,616 a------- c:\windows\system32\wmv8dmod.dll
2009-01-17 19:46 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-01-17 19:45 <DIR> --d----- c:\program files\WMV9_VCM
2009-01-17 19:45 <DIR> --d----- c:\program files\common files\xara
2009-01-17 19:45 82,432 a------- c:\windows\system32\msxml4r.dll
2009-01-17 19:45 44,544 a------- c:\windows\system32\msxml4a.dll
2009-01-17 19:38 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-01-17 19:38 <DIR> --d----- c:\program files\Xara
2009-01-17 19:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Xara
2009-01-17 19:38 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-01-17 19:38 5,937 a------- c:\windows\mgxoschk.ini
2009-01-17 19:38 <DIR> --d----- c:\windows\system32\MAGIX
2009-01-17 16:57 <DIR> --d----- c:\program files\Jasc Software Inc
2009-01-17 16:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-01-17 16:52 <DIR> --d----- c:\program files\Bonjour
2009-01-17 16:44 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-01-17 13:40 <DIR> --d----- c:\documents and settings\terri lynn welling\Tracing
2009-01-17 13:38 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-17 13:03 <DIR> --d----- c:\program files\Microsoft
2009-01-17 13:00 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-17 12:39 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-17 10:26 <DIR> --d----- c:\windows\system32\scripting
2009-01-17 10:26 <DIR> --d----- c:\windows\l2schemas
2009-01-17 10:26 <DIR> --d----- c:\windows\system32\en
2009-01-17 10:26 <DIR> --d----- c:\windows\system32\bits
2009-01-17 10:22 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-17 09:03 <DIR> --d----- c:\docume~1\terril~1\applic~1\MSNInstaller
2009-01-17 08:58 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-17 08:58 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-17 08:58 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-17 08:58 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-17 08:58 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-17 08:58 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-17 08:58 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-17 08:58 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-17 08:58 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-17 08:56 <DIR> --d----- c:\windows\network diagnostic
2009-01-17 04:11 327,040 -------- c:\windows\system32\drivers\ati2mtaa.sys
2009-01-17 03:58 <DIR> --d----- c:\program files\Microsoft Picture It! 9
2009-01-17 03:58 <DIR> --d----- c:\program files\Design Science
2009-01-17 03:56 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-17 03:56 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-17 03:56 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-17 03:56 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-17 03:56 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-17 03:56 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-17 03:56 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-17 03:55 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-17 03:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-17 03:55 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-17 03:55 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-17 03:55 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-17 03:54 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-17 02:19 142,992 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-17 02:19 <DIR> --d----- c:\windows\system32\log
2009-01-16 23:58 <DIR> --d----- c:\program files\Trend Micro
2009-01-16 23:58 21 a------- C:\tmuninst.ini
2009-01-16 23:04 <DIR> --d----- c:\program files\LogMeIn Rescue Calling Card
2009-01-16 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-01-16 22:58 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-01-16 22:58 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-01-16 22:58 28,984 a------- c:\windows\system32\LMIport.dll
2009-01-16 22:57 87,352 a------- c:\windows\system32\LMIinit.dll
2009-01-16 22:57 1,024 a------- C:\.rnd
2009-01-16 22:57 <DIR> --d----- c:\program files\LogMeIn
2009-01-16 22:36 <DIR> --d----- c:\program files\Citrix
2009-01-16 21:26 <DIR> --d----- c:\program files\MSN Messenger
2009-01-16 20:52 <DIR> --d----- c:\program files\SigmaTel
2009-01-16 20:14 1,270,872 a------- c:\windows\system32\drivers\sthda.sys
2009-01-16 20:14 372,736 a------- c:\windows\system32\stacapi.dll
2009-01-16 20:14 150,016 a------- c:\windows\system32\staco.dll
2009-01-16 20:14 <DIR> --d----- c:\program files\IDT
2009-01-16 18:50 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-16 18:50 <DIR> --d----- c:\program files\Intel Desktop Board
2009-01-16 16:48 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-16 16:33 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-16 16:28 163,840 a----r-- c:\windows\system32\e1000msg.dll
2009-01-16 16:28 56,832 a----r-- c:\windows\system32\NicEtCo.dll
2009-01-16 16:28 21,504 a----r-- c:\windows\system32\NicCo.dll
2009-01-16 16:28 20,992 a----r-- c:\windows\system32\NicInst.dll
2009-01-16 16:27 179,200 a----r-- c:\windows\system32\drivers\e1e5132.sys
2009-01-16 16:27 126,976 a----r-- c:\windows\system32\Prounstl.exe
2009-01-16 16:27 2,845 a----r-- c:\windows\system32\e1e5132.din
2009-01-16 16:27 307,200 a----r-- c:\windows\system32\atiiiexx.dll
2009-01-16 16:27 127,614 a----r-- c:\windows\system32\atiicdxx.dat
2009-01-16 16:27 6,005 a----r-- c:\windows\system32\atifglpf.xml
2009-01-16 16:27 1,114,674 a----r-- c:\windows\system32\drivers\ativcaxx.cpa
2009-01-16 16:27 58,560 a----r-- c:\windows\system32\drivers\ativckxx.vp
2009-01-16 16:27 28,080 a----r-- c:\windows\system32\drivers\ativvpxx.vp
2009-01-16 16:27 929 a----r-- c:\windows\system32\drivers\ativcaxx.vp
2009-01-16 16:27 <DIR> --d----- C:\drivers
2009-01-16 16:01 <DIR> --d----- c:\documents and settings\Terri Lynn Welling
2009-01-16 15:54 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-16 15:53 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-16 15:51 131,584 ac------ c:\windows\system32\dllcache\pmxviceo.dll
2009-01-16 15:50 45,056 ac------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-01-16 15:49 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-16 15:49 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-16 15:49 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-16 15:49 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-01-16 15:49 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-01-16 15:49 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-16 15:49 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-16 15:49 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-16 15:49 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-16 15:49 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-16 15:49 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-16 15:49 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-16 15:49 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-01-16 15:48 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-16 15:47 <DIR> --d----- c:\program files\Online Services
2009-01-16 15:47 <DIR> --d----- c:\program files\Messenger
2009-01-16 15:47 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-16 15:46 <DIR> --d----- c:\program files\Windows NT
2009-01-16 07:26 <DIR> --d----- c:\program files\common files\ODBC
2009-01-16 07:26 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-16 07:26 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-17 10:30 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-16 15:47 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-08 06:42 338,448 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-01-08 06:42 76,304 a------- c:\windows\system32\drivers\tmtdi.sys
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-03 01:37 49,480 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 8:11:34.60 ===============

Attached Files


Edited by Fruitloopz, 08 February 2009 - 09:26 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:04 PM

Posted 17 February 2009 - 08:15 AM

Hi Fruitloopz,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to see if I can assist you with your problem.

Please help me so I can explain this to the authorities if there is anything you as experts see that is causing this I beg you to please help me.


Could you tell me what you expect from us to do? As you might have noticed we are volunteers helping people to remove malware from their computer. We have no authority to provide any kind of testimony. Besides, when we run some tools we might remove the malware or malicious software (if there is any on your system), then we have removed the evidence you might need in the future to show to the authorities.

So if you decide to go on removing possible infection from your system let me know. Otherwise this forum is not the best place to back up your case.

#3 Fruitloopz

Fruitloopz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 17 February 2009 - 08:32 AM

Oh no I did not expect anything like your giving testimony, I was hoping you could tell me how they did it by looking at my files, but while waiting I contacted some others by phone and explained and they told me what to look for and what to do and I have some of it done. I found where the keyloggers are and here is the problem they have added password and user name to them so therefore they can not be removed also there are several other things hidden in files that do not have names that we have found which reappear everytime we attempt to wipe them out. I deeply am grateful for you help and assisting others and I am sorry if what I had written prior came off the wrong way I have just been so upset about all this. I contacted the proper people already, I just thought I was nuts at first. I have a expert coming to handle this. I thank you for your time.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:04 PM

Posted 17 February 2009 - 02:50 PM

I was really affected by the whole malicious scheme and was sorry for you.
I'm glad you have now the help you needed.
Also thanks for letting me know.

This thread will now be closed.

Good lack.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users