Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan thru limewire


  • This topic is locked This topic is locked
6 replies to this topic

#1 bedtimefrog

bedtimefrog

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:05:19 AM

Posted 14 August 2009 - 10:52 AM

Referred from: http://www.bleepingcomputer.com/forums/t/241432/trojan-thru-limewire/ ~ OB

This started out with a Trojan thru limewire but I have done everything I have been told to do so now this is my next step. I have received an notice when i start my computer that says this: C:\windows\system32\msupdte.exe the NTVDM CPU had encountered an illegal instruction CS:1335 IP: 3810 OP:ff 00 00 00 choose to 'close' to terminate the application. On top of this my computer kept freezing and I keep getting a blank page from internet explorer and I have to click a little box in the left hand corner that takes me back to my desktop to get rid of it. Also in my shaw secure I have quarentined Trojan-downloader\win32.small and Trojan-downloader\win32\wilmad.gen!A c:\users\becky documents\morpheus music\downloads\e eze and I dont even have morpheus on my computer...This is very weird

DDS (Ver_09-07-30.01) - NTFSx86
Run by becky at 10:24:07.46 on 14/08/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2036.864 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet explorer\Iexplore.exe
C:\Program Files\Internet explorer\Iexplore.exe
C:\Program Files\Internet explorer\Iexplore.exe
C:\Program Files\Internet explorer\Iexplore.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\becky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.mywinnipeg.com/
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071022
mDefault_Page_URL = hxxp://ca.yahoo.com
mDefault_Search_URL = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
mSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com
mStart Page = hxxp://ca.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\morpheus music\RazaWebHook.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.0.0.610\HPIEAddOn.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-8988-34A187E2698B} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [LogitechSetup] c:\users\becky\appdata\local\temp\quickcam_11.90.1263\setup.exe /skip_all_checks /p /start /restart /l:enu
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /S
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0;

Trident/4.0; DS_desktopsmiley; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)"

-"http://mp46.slingo.com/shockscreen2.asp?shost=mp46.slingo.com&sport=25002&susername=bedtimefrog&spassword=mcconnell&roomname=Mixed Matrix 10K - Room

2&gameid=63"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CamWizard] c:\program files\common files\logitech\qcdrv\bin\CamWizrd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media

Player.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\becky\appdata\roaming\imvuclient\IMVUClient.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\iwinde~1.lnk - c:\programdata\iwin

games\desktopalerts\DesktopAlerts.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works

shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{b1c4042e-ddee-487f-b56c-4e498e790b98}

\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480

\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-27 33408]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2009-5-27 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-5-27 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-5-27 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\shaw secure\anti-virus\minifilter\fsvista.sys [2009-5-27 12384]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2009-5-27 86648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2009-5-27 55904]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2009-5-27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2009-5-27 25184]

=============== Created Last 30 ================

2009-08-13 03:56 506,368 a------- c:\windows\system32\msxml.dll
2009-08-12 20:39 --d----- c:\program files\Wedding Dash 2 - Rings Around the World
2009-08-12 20:39 3,702 a------- c:\windows\system32\msupdte.exe
2009-08-12 03:14 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 03:13 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 03:13 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 03:13 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 03:13 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 03:13 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 03:13 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 03:13 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 03:13 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 03:13 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 03:13 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-06 12:41 --d----- c:\users\becky\Tracing
2009-08-06 12:37 --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-06 12:33 --d----- c:\program files\Microsoft
2009-08-06 12:33 --d----- c:\program files\Windows Live SkyDrive
2009-08-06 12:10 --d----- c:\program files\common files\Windows Live
2009-08-02 19:58 --d----- c:\windows\Diaper Dash
2009-08-02 19:58 --d----- c:\program files\Diaper Dash
2009-08-02 05:17 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-07-30 22:52 --d----- c:\program files\CoreAAC
2009-07-30 22:50 --d----- c:\program files\GRETECH
2009-07-24 15:12 --d----- c:\windows\Alice Greenfingers 2
2009-07-24 15:12 --d----- c:\program files\Alice Greenfingers 2
2009-07-24 00:16 --d----- c:\users\becky\appdata\roaming\FrostWire
2009-07-23 23:48 --d----- c:\program files\Conduit
2009-07-23 15:11 --d----- c:\users\becky\appdata\roaming\Morpheus
2009-07-23 15:11 --d----- c:\program files\Morpheus
2009-07-21 12:35 --d----- c:\users\becky\appdata\roaming\Iwin JanesZOO
2009-07-20 23:24 --d----- c:\users\becky\appdata\roaming\V-Games
2009-07-20 11:39 --d----- c:\program files\iWin Games
2009-07-18 23:20 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-18 23:20 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-18 23:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-18 23:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-18 19:38 --d----- c:\program files\Morpheus Premium
2009-07-18 19:16 --d----- c:\users\becky\Incomplete
2009-07-18 19:15 --d----- c:\program files\P2P_Energy
2009-07-18 19:14 --d----- c:\users\becky\appdata\roaming\Morpheus PRO
2009-07-18 19:14 --d----- c:\programdata\Morpheus PRO
2009-07-18 19:14 --d----- c:\progra~2\Morpheus PRO
2009-07-18 19:05 --d----- c:\programdata\0210
2009-07-18 19:05 --d----- c:\progra~2\0210
2009-07-18 19:03 --d----- c:\program files\BearShare Applications
2009-07-18 18:15 --d----- c:\programdata\Yahoo! Companion
2009-07-17 15:43 --d----- c:\users\becky\appdata\roaming\Malwarebytes
2009-07-16 02:04 --d----- c:\programdata\Malwarebytes
2009-07-16 02:04 --d----- c:\progra~2\Malwarebytes
2009-07-16 02:04 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 20:57 --d----- c:\programdata\Google

==================== Find3M ====================

2009-08-06 13:56 3,174 a------- c:\users\becky\appdata\roaming\wklnhst.dat
2009-08-04 03:01 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-04 03:01 86,016 a------- c:\windows\inf\infpub.dat
2009-08-03 03:02 143,360 a------- c:\windows\inf\infstor.dat
2009-07-24 09:37 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-02-17 18:12 33,191,030 a------- c:\users\becky\DetectiveStoriesHollywoodSetup.exe
2009-02-16 22:25 35,851,404 a------- c:\users\becky\MysteryPITheVegasHeistSetup.exe
2009-02-16 22:15 208,480 a------- c:\users\becky\the-count-of-monte-cristo_s1_l1_gF2357T1L1_d440597571.exe
2009-02-13 14:10 264,176 a------- c:\users\becky\GSCSetup.exe
2009-01-11 11:06 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-11 11:06 56 a---h--- c:\progra~2\ezsidmv.dat
2009-01-11 11:00 22,285,608 a------- c:\users\becky\SkypeSetup.exe
2009-01-11 02:20 22,328 a------- c:\users\becky\appdata\roaming\PnkBstrK.sys
2008-06-18 03:28 174 a--sh--- c:\program files\desktop.ini
2008-06-18 03:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-18 22:41 60,968 a------- c:\users\becky\GoToAssistDownloadHelper.exe
2008-02-16 15:55 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:26:22.77 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 21/10/2007 6:02:59 PM
System Uptime: 14/08/2009 10:07:30 AM (0 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 161.8 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.248 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0014
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0014
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: isatap.{53B26A43-2275-44AB-9EA8-86BFDBB742EB}
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.{53B26A43-2275-44AB-9EA8-86BFDBB742EB}
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0007
Manufacturer: Microsoft
Name: isatap.{53B26A43-2275-44AB-9EA8-86BFDBB742EB}
PNP Device ID: ROOT\*ISATAP\0007
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

7 Wonders - Treasures of Seven
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Alice Greenfingers (remove only)
Alice Greenfingers 2
Amazing Adventures The Lost Tomb 1.0.0.5
AMT 2.0
Animal Agents
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Around The World In 80 Days (remove only)
µTorrent
Beach Party Craze
BearShare
Belle's Beauty Boutique
Big Fish Games Client
Bingo Cafe
BingoLiner
Browser Address Error Redirector
Buccaneer Bistro (Diner Dash Hometown Hero - Gourmet)
Build-a-lot
Build-a-lot 2
Build-a-lot 2: Town of the Year
Build-a-lot 3: Passport to Europe
Burger Island 2 (remove only)
Cake Mania 2
Can You See What I See (remove only)
Can You See What I See? Dream Machine
Choice Guard
Christmasville (remove only)
Chuzzle
Coffee Rush
Cooking Dash
CoreAAC
Costume Chaos
Dairy Dash
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Detective Stories Hollywood
Diaper Dash
Diner Dash
Diner Dash 2
Diner Dash Flo Through Time (remove only)
Diner Dash Seasonal Snack Pack (remove only)
DinerTown Detective Agency (remove only)
Doggie Dash
Dream Day First Home
Dream Day Honeymoon
Dream Day Wedding Married in Manhattan
Dream Vacation Solitaire FREE
Dress Shop Hop
Dress Shop Hop (remove only)
Driver Detective
DVD Shrink 3.2
Emerald City Confidential
Escape Rosecliff Island
Fairy Godmother Tycoon (remove only)
FamilyFeudOnlineParty (remove only)
Farm Frenzy (remove only)
Farm Frenzy 2
Fashion Dash
Fashion Fits
Fee Fi Flo Fun (Diner Dash Hometown Hero - Gourmet)
ffdshow [rev 1909] [2008-03-20]
Fitness Dash
Fitness Frenzy (remove only)
Forgotten Riddles The Mayan Princess
GameHouse
GearDrvs
Gem Shop
Ghost Hunters Majesty Manor
GOM ENCODER
GOM Player
GoToAssist 8.0.0.480
Great Secrets Da Vinci (remove only)
GSC 2.00
Hallmark Card Studio 2007
Hidden Relics
Hidden Wonders of the Depths (remove only)
Hide and Secret (remove only)
Home Sweet Home 2
Hometown Harvest Restaurant (Diner Dash Hometown Hero - Gourmet)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
House of Wonders Babies Come Home (remove only)
House Of Wonders Kitty Kat Wedding (remove only)
ImagXpress
IncrediMail
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
iTunes
iWin Games (remove only)
Jane's Hotel - Family Hero
Jane's Realty
Jane's Realty (remove only)
Jane's Zoo (remove only)
Java™ SE Runtime Environment 6
Jeopardy!
Jewel Quest II (remove only)
JoJo's Fashion Show 2
Jojos Fashion Show (remove only)
Jungle Games
Junk Mail filter update
Labtec Legacy USB Camera Driver Package
Leeloo's Talent Agency
LEGO Star Wars II
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
LimeWire 5.1.3
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
M&Ms The Lost Formulas
Magentic
Magic Encyclopedia - Moon Light
Mall Tycoon 3
Media Access Startup
MediaBar 2.0
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola Phone Tools
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MY CAMERA
MySpaceIM
Mystery Case Files: Return to Ravenhearst ™
Mystery of Unicorn Castle
Mystery P.I. - The Vegas Heist
Mystery PI - The New York Fortune
Mystery PI The Vegas Heist
Mystery Solitaire: Secret Island (remove only)
Natalie Brooks Secrets of Treasure House (remove only)
National Geographic's Herod's Lost Tomb (remove only)
Nero 7 Ultra Edition
neroxml
Pando Media Booster
Paranormal Agency
Parking Dash
Pirateville (remove only)
Plant Tycoon
Polly Pride Pet Detective (remove only)
PunkBuster Services
Pure Hidden (remove only)
QuickTime
Rainbow Mystery
RealArcade
Realtek High Definition Audio Driver
Registry Mechanic 8.0
RollerCoaster Tycoon 3
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Saints and Sinners Bingo
Scrapbook Paige
Secrets of Great Art (remove only)
Shaw Secure
Slingo Quest Hawaii
Snack to the Future (Diner Dash Hometown Hero - Gourmet)
Snowy Lunch Rush (remove only)
Sonic Activation Module
StarCraft
Sunset Studio Deluxe
Sunshine Acres (remove only)
Super Collapse! 3
Supermarket Mania (remove only)
Symantec Real Time Storage Protection Component
System Requirements Lab
System Search Dispatcher
The Count of Monte Cristo (remove only)
The Dash Slipper (Diner Dash Hometown Hero - Gourmet)
The Hidden Object Show
The Hidden Object Show Season 2
The Nightshift Code (remove only)
The Rise of Atlantis
The Secret of Margrave Manor
The Unicorn Castle (remove only)
Through the Cooking Glass (Diner Dash Hometown Hero - Gourmet)
Travel Agency (remove only)
Trivial Pursuit Millennium Edition
True Combat: Elite 0.49
Turbo Pizza (remove only)
Turbo Subs (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Utherverse 3D Client
Wedding Dash - Ready Aim Love
Wedding Dash (remove only)
Wedding Dash 2
Wendys Wellness
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Mobile Device Center
WinRAR archiver
Word Whomp To Go
Wordscape Online Party (remove only)
World Voyage
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== End Of File ===========================

Edited by Orange Blossom, 14 August 2009 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:19 AM

Posted 27 August 2009 - 01:32 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:05:19 AM

Posted 29 August 2009 - 12:08 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by becky at 12:04:03.20 on 29/08/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2036.857 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Search Guard PlusU\sgpupdaters.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF20SDHM\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071022
mDefault_Page_URL = hxxp://ca.yahoo.com
mDefault_Search_URL = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
mSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com
mStart Page = hxxp://ca.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\morpheus music\RazaWebHook.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.0.0.610\HPIEAddOn.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-8988-34A187E2698B} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [LogitechSetup] c:\users\becky\appdata\local\temp\quickcam_11.90.1263\setup.exe /skip_all_checks /p /start /restart /l:enu
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /S
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; DS_desktopsmiley; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.addictinggames.com/downhilljam.html"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CamWizard] c:\program files\common files\logitech\qcdrv\bin\CamWizrd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\becky\appdata\roaming\imvuclient\IMVUClient.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\iwinde~1.lnk - c:\programdata\iwin games\desktopalerts\DesktopAlerts.exe
StartupFolder: c:\users\becky\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{b1c4042e-ddee-487f-b56c-4e498e790b98}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-27 33408]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2009-5-27 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-5-27 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-5-27 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\shaw secure\anti-virus\minifilter\fsvista.sys [2009-5-27 12384]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2009-5-27 100472]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2009-5-27 55904]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2009-5-27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2009-5-27 25184]

=============== Created Last 30 ================

2009-08-24 12:44 <DIR> --d----- c:\program files\Search Guard PlusU
2009-08-24 12:44 <DIR> --d----- c:\program files\SGPSA
2009-08-24 12:44 <DIR> --d----- c:\program files\Search Guard Plus
2009-08-24 12:43 <DIR> --d----- c:\program files\Fast Browser Search
2009-08-21 17:30 <DIR> --d----- c:\windows\system32\eu-ES
2009-08-21 17:30 <DIR> --d----- c:\windows\system32\ca-ES
2009-08-21 17:30 <DIR> --d----- c:\windows\system32\vi-VN
2009-08-19 19:41 613,888 a------- c:\windows\system32\MSMPEG2VDEC.DLL
2009-08-19 19:40 87,040 a------- c:\windows\system32\mssitlb.dll
2009-08-19 19:39 216,064 a------- c:\windows\system32\ntprint.dll
2009-08-19 19:38 98,816 a------- c:\windows\system32\mfps.dll
2009-08-19 19:37 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-08-19 19:37 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-08-19 19:37 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-08-19 19:37 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-08-19 19:37 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-08-19 19:37 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-08-19 19:37 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-08-19 19:37 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-08-19 19:37 218,624 a------- c:\windows\system32\wdscore.dll
2009-08-19 19:37 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-08-19 19:36 247,808 a------- c:\windows\system32\drvstore.dll
2009-08-19 13:17 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-19 13:17 <DIR> --d----- C:\2671beba298d99e4677128ce815de3
2009-08-15 11:34 <DIR> --d----- c:\users\becky\appdata\roaming\MusicNet
2009-08-14 12:43 <DIR> --d----- c:\program files\Alawar Games
2009-08-13 03:56 506,368 a------- c:\windows\system32\msxml.dll
2009-08-12 20:39 <DIR> --d----- c:\program files\Wedding Dash 2 - Rings Around the World
2009-08-12 20:39 3,702 a------- c:\windows\system32\msupdte.exe
2009-08-12 03:14 71,680 a------- c:\windows\system32\atl.dll
2009-08-06 12:41 <DIR> --d----- c:\users\becky\Tracing
2009-08-06 12:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-06 12:33 <DIR> --d----- c:\program files\Microsoft
2009-08-06 12:33 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-06 12:10 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-02 19:58 <DIR> --d----- c:\windows\Diaper Dash
2009-08-02 19:58 <DIR> --d----- c:\program files\Diaper Dash
2009-08-02 05:17 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-07-30 22:52 <DIR> --d----- c:\program files\CoreAAC
2009-07-30 22:50 <DIR> --d----- c:\program files\GRETECH

==================== Find3M ====================

2009-08-21 17:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-21 17:38 143,360 a------- c:\windows\inf\infstor.dat
2009-08-21 17:38 86,016 a------- c:\windows\inf\infpub.dat
2009-08-21 17:30 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-17 04:02 3,256 a------- c:\users\becky\appdata\roaming\wklnhst.dat
2009-07-24 09:37 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-15 07:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 07:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 07:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 07:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-06-15 09:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 09:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 09:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 09:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 07:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-10 06:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-06-10 06:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-06-04 07:07 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-02-17 18:12 33,191,030 a------- c:\users\becky\DetectiveStoriesHollywoodSetup.exe
2009-02-16 22:25 35,851,404 a------- c:\users\becky\MysteryPITheVegasHeistSetup.exe
2009-02-16 22:15 208,480 a------- c:\users\becky\the-count-of-monte-cristo_s1_l1_gF2357T1L1_d440597571.exe
2009-02-13 14:10 264,176 a------- c:\users\becky\GSCSetup.exe
2009-01-11 11:06 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-11 11:06 56 a---h--- c:\progra~2\ezsidmv.dat
2009-01-11 11:00 22,285,608 a------- c:\users\becky\SkypeSetup.exe
2009-01-11 02:20 22,328 a------- c:\users\becky\appdata\roaming\PnkBstrK.sys
2008-06-18 03:28 174 a--sh--- c:\program files\desktop.ini
2008-02-18 22:41 60,968 a------- c:\users\becky\GoToAssistDownloadHelper.exe
2008-02-16 15:55 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:06:10.56 ===============

#4 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:19 AM

Posted 29 August 2009 - 04:41 PM

Hello Bedtimefrog,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as they are approved.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#5 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:05:19 AM

Posted 29 August 2009 - 06:54 PM

I also forgot to add...that since this all started my computer has now been way slower and im my facebook I cant play any of the game or applications because they are to slow because my internet explorer keeps not responding...Very hard to do anything on my computer anymore

#6 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:19 AM

Posted 30 August 2009 - 05:07 PM

Hello bedtimefrog,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#7 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 10 September 2009 - 11:56 AM

As there has been no response for over a week, this topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users