Adult chat spyware Sex in cyprus xxx

2008-10-09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-04-10 .

Adult chat spyware-63

2009-03-14 81984 ----a-w c:\windows\system32\bdod.bin2009-04-13 .

2008-09-11 142648 ----a-w c:\documents and settings\Chrysie\Application Data\GDIPFONTCACHEV1. 2008-09-29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP2009-04-11 .

2009-04-14 754 ----a-w c:\windows\system32\BDUpdate V1.xml2009-03-16 .

2009-03-16 -------- d-----w c:\documents and settings\Chrysie\Application Data\Windows Search2009-03-15 .

I can't pinpoint what I did to get this infection, but I had problems in the recent past with "Antivirus 2009" and just got that cleaned about 2 weeks ago. EXE C:\WINDOWS\system32\C:\WINDOWS\system32\S3C:\WINDOWS\system32\C:\Program Files\Messenger\C:\Program Files\i Pod\bin\i Pod C:\Program Files\HP\Digital Imaging\bin\hpqtra08C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\HP\Digital Imaging\bin\hpqnrs08C:\Program Files\HP\Digital Imaging\bin\C:\Program Files\HP\Digital Imaging\bin\hpq STE08C:\WINDOWS\system32\HPZinw12C:\Program Files\Trend Micro\Hijack This\Hijack C:\WINDOWS\system32\NOTEPAD. EXE Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1- c:\program files\windows desktop search\Windows IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.

EXE/3000 IE: - %windir%\Network Diagnostic\IE: - c:\program files\messenger\LSP: c:\windows\system32\dcsws2DPF: - hxxp:// Click Fix/DPF: - hxxp://upload.facebook.com/controls/20_v5.5.8/Facebook Photo Uploader5DPF: - hxxp:// - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1DPF: - hxxp:// 1221018764265 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_11-windows-i586DPF: - hxxp:// DPF: - hxxp://cdn2msn.com/bin Framework/v10/ZIntro.cab56649DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_07-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_11-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_11-windows-i586DPF: - hxxp://wwwimages.adobe.com/ - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/TCP: = 2.110,2.111 TCP: = 2.110,2.111 Filter: text/html - - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Windows Desktop Search Namespace Manager: - c:\program files\windows desktop search\MSNLNamespace Security Providers: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ================= FIREFOX =================== FF - Profile Path - c:\docume~1\chrysie\applic~1\mozilla\firefox\profiles\fqplvl9n.default\ FF - prefs.js: browser.startup.homepage - hxxp:// FF - component: c:\program files\mozilla firefox\components\FF - plugin: c:\program files\microsoft\office live\np FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8FF - plugin: c:\program files\quicktime\plugins\npqtplugin8============= SERVICES / DRIVERS =============== R0 pssnap; Paramount Software Snapshot Filter;c:\windows\system32\drivers\[2008-5-20 15328] R2 Adobe Active File Monitor; Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\Photoshop Elements File [2004-10-20 98304] R2 BDVEDISK; BDVEDISK;c:\program files\bitdefender\bitdefender 2009\[2008-10-6 82696] R2 Photoshop Elements Device Connect; Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\Photoshop Elements Device [2004-10-20 118784] R2 Reflect Service; Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\Reflect [2008-8-6 216032] R3 bdfm; BDFM;c:\windows\system32\drivers\[2008-9-18 111112] R3 Bdfndisf; Bit Defender Firewall NDIS Filter Service;c:\windows\system32\drivers\[2009-2-3 104328] R3 S3GIGP; S3GIGP;c:\windows\system32\drivers\S3g [2007-7-11 714240] S0 xfilt; VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\[2009-3-15 21656] S3 Arrakis3; Bit Defender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3[2008-7-17 118784] S3 get Plus® Helper;get Plus® Helper;c:\program files\nos\bin\get Plus_Helper [2008-9-10 33752] =============== Created Last 30 ================ 2009-04-12 --d----- c:\program files\VIA 2009-03-15 21,656 a------- c:\windows\system32\drivers09-03-15 12,952 a------- c:\windows\system32\drivers\vide X322009-03-15 69,632 a------- c:\windows\system32\vuins322009-03-15 42,496 a------- c:\windows\system32\drivers\fetnd52009-03-15 337,320 -------- c:\windows\system3209-03-15 --d----- c:\program files\Realtek 2009-03-15 606,684 ac------ c:\windows\system32\dllcache09-03-15 606,684 a------- c:\windows\system32\drivers09-03-15 27,165 ac------ c:\windows\system32\dllcache\fetnd52009-03-15 27,165 a------- c:\windows\system32\drivers\fetnd52009-03-15 5,376 ac------ c:\windows\system32\dllcache09-03-15 5,376 a------- c:\windows\system32\drivers09-03-15 3,328 ac------ c:\windows\system32\dllcache09-03-15 3,328 a------- c:\windows\system32\drivers09-03-14 16 a------- c:\temp09-03-14 --d----- c:\program files\Windows Desktop Search 2009-03-14 192,000 -c------ c:\windows\system32\dllcache09-03-14 98,304 -c------ c:\windows\system32\dllcache09-03-14 29,696 -c------ c:\windows\system32\dllcache09-03-14 --d----- c:\program files\Windows Media Connect 2 2009-03-14 81,984 a------- c:\windows\system3209-03-14 850 a------- c:\windows\system32\Product 2009-03-14 385 a------- c:\windows\system32\user_2009-03-14 --d----- c:\program files\common files\Bit Defender ==================== Find3M ==================== 2009-04-06 38,496 a------- c:\windows\system32\drivers09-04-06 15,504 a------- c:\windows\system32\drivers09-04-01 104,328 a------- c:\windows\system32\drivers09-03-30 142,248 a------- c:\docume~1\chrysie\applic~1\GDIPFONTCACHEV1.

Yesterday I went to look up movie times on Fandango and noticed that the Adult Friend Finder ads (top banner ad and right panel ad) were all porn-type content. DDS (Ver_09-03-16.01) - NTFSx86 Run by Chrysie at .50 on Sun 04/12/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.10.1211 [GMT -] AV: Bit Defender Antivirus *On-access scanning enabled* (Updated) FW: Bit Defender Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Common Files\Bit Defender\Bit Defender Update Service\C:\Program Files\Bit Defender\Bit Defender 2009\C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Adobe\Photoshop Elements 3.0\Photoshop Elements File C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\Program Files\Bonjour\m C:\WINDOWS\system32\inetsrv\C:\Program Files\Java\jre6\bin\C:\Program Files\Adobe\Photoshop Elements 3.0\Photoshop Elements Device C:\WINDOWS\system32\HPZipm12C:\Program Files\Macrium\Reflect\Reflect C:\WINDOWS\system32\-k imgsvc C:\Program Files\Real VNC\VNC4\Win VNC4C:\WINDOWS\system32\Search C:\WINDOWS\Explorer.

I actually sent a nasty e-mail to them until I realized that it was not them, it was ME! I've run a Bit Defender Deep Scan and Malware Bytes Full Scan but neither removed this problem. EXE C:\Program Files\Java\jre6\bin\C:\Program Files\EPSON\Creativity Suite\Event Manager\EEvent C:\Program Files\i Tunes\i Tunes C:\Program Files\HP\HP Software Update\HPWu Schd2C:\Program Files\Bit Defender\Bit Defender 2009\C:\Program Files\Bit Defender\Bit Defender 2009\C:\WINDOWS\RTHDCPL. EXE C:\Program Files\Microsoft Office\Office10\WINWORD. EXE C:\Program Files\Microsoft\Office Live\Office Live Sign C:\WINDOWS\system32\Search Protocol C:\Documents and Settings\Chrysie\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: - No File BHO: Java™ Plug-In SSV Helper: - c:\program files\java\jre6\bin\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: - No File BHO: MSN Toolbar Helper: - c:\program files\msn\toolbar.0.0988.2\BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_TB: MSN Toolbar: - c:\program files\msn\toolbar.0.0988.2\TB: Bit Defender Toolbar: - c:\program files\bitdefender\bitdefender 2009\TB: - No File u Run: [ctfmon.exe] c:\windows\system32\u Run: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background u Run: [Adobe Bridge] m Run: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" m Run: [Sun Java Update Sched] "c:\program files\java\jre6\bin\jusched.exe" m Run: [EEvent Manager] c:\program files\epson\creativity suite\event manager\EEvent m Run: [Quick Time Task] "c:\program files\quicktime\qttask.exe" -atboottime m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [HP Software Update] c:\program files\hp\hp software update\HPWu Schd2m Run: [Adobe CS4Service Manager] "c:\program files\common files\adobe\cs4servicemanager\CS4Service Manager.exe" -launchedbylogin m Run: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe" m Run: [Bit Defender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe" m Run: [RTHDCPL] RTHDCPL. EXE m Run: [VTTimer] m Run: [S3Trayp] S3Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1- c:\program files\common files\adobe\calibration\Adobe Gamma Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1- c:\program files\adobe\acrobat 7.0\reader\reader_Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1- c:\program files\hp\digital imaging\bin\hpqtra08Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1- c:\program files\hp\digital imaging\bin\hpqthb08Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1- c:\program files\microsoft office\office10\OSA.

2009-03-15 -------- d-----w c:\program files\S32009-03-15 .

Comments are closed.