Thread: Spam emails being automatically sent
View Single Post
Old 12-06-2007, 09:38 PM   #10 (permalink)
dcards
Registered User
 
Join Date: Dec 2007
Posts: 15
OS: Windows XP


Re: Spam emails being automatically sent
wow, that was fast! :)

here ya go ...


Deckard's System Scanner v20071014.68
Run by Louis Curti on 2007-12-06 20:36:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Louis Curti.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:05 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\GeekSquad\upssrv.exe
C:\GeekSquad\upsio.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Data\Software\dds\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Louis Curti.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: UPS Service (CyberPowerUPS) - Unknown owner - C:\GeekSquad\upssrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5720 bytes

-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-06 16:30:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-06 16:16:18 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer>
2007-12-06 12:30:23 0 d-------- C:\WINDOWS\ERUNT
2007-12-06 12:16:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-02 14:35:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-02 14:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-02 14:34:48 164 --a------ C:\install.dat
2007-12-02 14:32:57 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\Webroot
2007-12-01 13:15:00 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\Wireshark
2007-12-01 12:55:59 0 d-------- C:\Program Files\Wireshark
2007-12-01 10:39:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-30 20:38:52 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\SUPERAntiSpyware.com
2007-11-30 20:38:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 19:15:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-30 19:09:51 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\Grisoft
2007-11-26 22:01:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer


-- Find3M Report ---------------------------------------------------------------

2007-12-06 17:38:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 15:13:38 0 d-------- C:\Program Files\Trend Micro
2007-12-06 1545 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-02 18:13:53 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\U3
2007-12-01 14:19:55 0 d-------- C:\Program Files\QuickTime
2007-12-01 14:19:24 0 d-------- C:\Program Files\Norton AntiVirus
2007-12-01 1423 0 d-------- C:\Program Files\iTunes
2007-12-01 14:04:18 0 d-------- C:\Program Files\Dell AIO Printer A920
2007-12-01 13:26:05 0 d-------- C:\Program Files\MSN Games
2007-12-01 13:23:59 0 d-------- C:\Program Files\Viewpoint
2007-12-01 13:22:56 0 d-------- C:\Program Files\Maxis
2007-12-01 13:21:48 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-01 13:21:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-01 13:21:16 0 d-------- C:\Program Files\Common Files
2007-12-01 10:50:54 0 d-------- C:\Program Files\Common Files\Real
2007-12-01 10:50:31 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\Real
2007-11-30 17:33:06 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-30 17:30:10 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\Lavasoft
2007-11-30 17:26:37 0 d-------- C:\Program Files\AIM
2007-11-30 17:26:29 0 d-------- C:\Documents and Settings\Louis Curti\Application Data\Aim
2007-11-26 20:23:19 0 d-------- C:\Program Files\Symantec


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
11/26/2003 07:50 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 07:59 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 07:59 AM]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [04/10/2003 03:52 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/24/2007 09:07 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 08:53 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\Louis Curti\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33622d6b-9dba-11da-8171-00038a000015}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-12-06 20:37:36 ------------
dcards is offline