Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

My email account is sending emails

This is a discussion on My email account is sending emails within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_14 Run by EL Rey at 20:49:42 on 2011-11-15 Microsoft Windows


 
 
Thread Tools Search this Thread
Old 11-15-2011, 03:03 PM   #1
Registered Member
 
Join Date: Nov 2011
Location: Lebanon
Posts: 1
OS: windows 7



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_14
Run by EL Rey at 20:49:42 on 2011-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.821 [GMT 2:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\EL Rey\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe
C:\Program Files\wamp\wampmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Program Files\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\EL Rey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uSearch Bar =
mStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Internet Panel: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\netpanel\IEHelper.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\el rey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
uRun: [Facebook Update] "c:\users\el rey\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 85.112.85.85 85.112.85.86
TCP: Interfaces\{039D3E62-CC3B-4934-96A8-6D62182113BF} : DhcpNameServer = 85.112.85.85 85.112.85.86
TCP: Interfaces\{1532CB33-5A8E-4CD5-B1E5-23F26CDA8A81} : DhcpNameServer = 85.112.85.85 85.112.85.86
TCP: Interfaces\{1532CB33-5A8E-4CD5-B1E5-23F26CDA8A81}\24C696E6B6131413143453 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1532CB33-5A8E-4CD5-B1E5-23F26CDA8A81}\24C696E6B6136434231414 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1532CB33-5A8E-4CD5-B1E5-23F26CDA8A81}\34861626E45647 : DhcpNameServer = 85.112.85.85 192.168.123.254
TCP: Interfaces\{1532CB33-5A8E-4CD5-B1E5-23F26CDA8A81}\36F6374716022303 : DhcpNameServer = 85.112.85.85 85.112.85.86 192.168.1.1
TCP: Interfaces\{1532CB33-5A8E-4CD5-B1E5-23F26CDA8A81}\B6162626F6573686 : DhcpNameServer = 192.168.100.1 85.112.85.85 85.112.85.86
TCP: Interfaces\{AE80A0ED-5292-4995-B56E-C00BEE5EBC0B}\24C696E6B6031453733453 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2010-12-12 15200]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-10 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20111112.030\IDSvix86.sys [2011-11-15 368248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-4-23 132696]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-10 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1206000.01d\symnets.sys [2011-5-10 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-12 176128]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-1-19 8192]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-4-12 130000]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-12 5586432]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-12 209920]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-12 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-12-12 130672]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-12 277536]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-24 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-24 8456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-5-18 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-5-18 8576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-2 15872]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
.
=============== Created Last 30 ================
.
2011-11-15 17:23:52 -------- d-----w- c:\users\el rey\appdata\local\{D84B6126-293D-49AB-A63F-CC74CDE553A0}
2011-11-14 22:01:37 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b1f9fc2-648f-4d4f-b9ef-16b89d52dc6f}\offreg.dll
2011-11-14 22:01:35 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b1f9fc2-648f-4d4f-b9ef-16b89d52dc6f}\mpengine.dll
2011-11-14 18:03:10 -------- d-----w- c:\users\el rey\appdata\local\{ED298DCB-7CA5-458F-9286-644093113550}
2011-11-14 18:02:45 -------- d-----w- c:\users\el rey\appdata\local\{19E1F964-388B-4720-8F8D-6FC160515407}
2011-11-12 14:25:16 -------- d-----w- c:\users\el rey\appdata\local\{D4FB7A81-4597-434B-9FEB-8F6396CD0C26}
2011-11-10 19:22:40 -------- d-----w- c:\users\el rey\appdata\local\{FE206EE6-1601-41D4-BFEF-751D7DE14CD0}
2011-11-10 19:22:09 -------- d-----w- c:\users\el rey\appdata\local\{99845DD4-385A-449F-A45C-7FFC14FA7C0E}
2011-11-10 19:21:52 -------- d-----w- c:\users\el rey\appdata\local\{9EA3A3C2-F8E1-4FF8-9D07-A13B240C5E8C}
2011-11-10 11:36:29 -------- d-----w- c:\users\el rey\appdata\local\{1B3BD2F3-A3CA-4EB3-8572-D2E75FCC4E99}
2011-11-09 19:09:45 -------- d-----w- c:\users\el rey\appdata\local\{9A897EC4-F4DE-47B4-B9E9-5A5A44B58A56}
2011-11-09 19:09:31 -------- d-----w- c:\users\el rey\appdata\local\{71C472C3-6B59-4A47-BFB0-D16C23824BD8}
2011-11-09 17:34:57 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:34:48 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 17:34:44 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 18:50:31 -------- d-----w- c:\users\el rey\appdata\local\{451743AB-2432-4B60-A8D2-EE218E2B0A99}
2011-11-08 18:50:17 -------- d-----w- c:\users\el rey\appdata\local\{98C6C4CB-F9D1-4D91-8588-D636FF19ADFB}
2011-11-06 23:04:54 -------- d-----w- c:\users\el rey\appdata\local\{8EFB3883-2187-45EC-BB14-0C43D20AF343}
2011-11-06 07:36:35 -------- d-----w- c:\users\el rey\appdata\local\{27C88020-A636-4598-8961-4A612B678F34}
2011-11-05 19:19:20 -------- d-----w- c:\users\el rey\appdata\local\{69D6795E-A097-4272-98AA-1AB89D7A70B5}
2011-11-05 19:19:03 -------- d-----w- c:\users\el rey\appdata\local\{DA19CF24-D7F8-4BAA-AD22-759A57B28B7F}
2011-11-05 09:12:33 -------- d-----w- c:\users\el rey\appdata\local\{44C87760-FB8F-4BB3-BBCD-594445EA8CB8}
2011-11-04 21:11:17 -------- d-----w- c:\users\el rey\appdata\local\{4EFADC0C-487D-4362-B744-F07E4E83FE55}
2011-11-04 21:10:11 -------- d-----w- c:\users\el rey\appdata\local\{919B8DF2-5066-43A6-8C2D-13154855FBEC}
2011-11-04 05:14:53 -------- d-----w- c:\users\el rey\appdata\local\{CECE0CBC-3A01-4F94-9E07-E377B0DAB503}
2011-11-03 16:42:08 -------- d-----w- c:\users\el rey\appdata\local\{C21751F5-AE19-48C6-8854-2FB3F7E087F9}
2011-11-03 16:41:35 -------- d-----w- c:\users\el rey\appdata\local\{BAAA4B16-5126-40DB-B899-F79249BBDDF3}
2011-11-03 06:48:24 -------- d-----w- c:\users\el rey\appdata\local\{5BD0073A-A2B0-4983-986B-7A59A7DDA7CF}
2011-11-02 17:28:36 -------- d-----w- c:\users\el rey\appdata\local\{5791B95F-E477-4C3A-98CE-BC3AF92D58ED}
2011-11-02 17:28:10 -------- d-----w- c:\users\el rey\appdata\local\{A12C2FA0-038E-4707-BBC6-0B295F4EACF7}
2011-11-02 01:05:43 0 ---ha-w- c:\users\el rey\appdata\local\BIT90A.tmp
2011-11-01 17:30:21 -------- d-----w- c:\users\el rey\appdata\local\{43F0EE80-BD71-44C0-BF5F-A2A4493AB336}
2011-10-30 21:57:53 -------- d-----w- c:\users\el rey\appdata\local\{9D197D23-D338-45A0-B34A-BFDF70A97A0B}
2011-10-30 0822 -------- d-----w- c:\users\el rey\appdata\local\{051FC09C-352B-4D82-89C8-E746B734271A}
2011-10-30 08:05:38 -------- d-----w- c:\users\el rey\appdata\local\{E4C00C9C-BD3E-4159-A52E-CEB914D632A2}
2011-10-29 12:25:00 -------- d-----w- c:\users\el rey\appdata\local\{E050814C-ABA3-4362-90AD-E99F6BBC23A6}
2011-10-29 12:24:32 -------- d-----w- c:\users\el rey\appdata\local\{CD292461-27A5-444B-8CE0-7B357E795F87}
2011-10-29 12:24:10 -------- d-----w- c:\users\el rey\appdata\local\{D85FF3F7-A112-4FB7-A78A-CB3189720AA9}
2011-10-29 00:22:59 -------- d-----w- c:\users\el rey\appdata\local\{8269374A-F234-40B7-9F71-3B075C022D0B}
2011-10-29 00:22:42 -------- d-----w- c:\users\el rey\appdata\local\{E76CA5A7-24AB-4B9E-8E3F-E8D3F6BBD85D}
2011-10-26 19:05:55 -------- d-----w- c:\users\el rey\appdata\local\{3124EC91-0C1F-4D5D-AD5B-721F90F8C16E}
2011-10-26 19:05:42 -------- d-----w- c:\users\el rey\appdata\local\{FB0740D6-3403-4BB2-90AA-5CA130624A0A}
2011-10-26 19:05:30 -------- d-----w- c:\users\el rey\appdata\local\{59831B73-DB10-4A01-9E37-86D508C10122}
2011-10-26 19:05:06 -------- d-----w- c:\users\el rey\appdata\local\{7D6FFA97-D3D2-404B-9213-1B2A0B95699B}
2011-10-26 17:34:24 -------- d-----w- c:\users\el rey\appdata\local\{5B25BFE1-0AE7-4668-A594-1C1A000C7956}
2011-10-26 07:04:56 -------- d-----w- c:\users\el rey\appdata\local\{0754EDAD-92EA-403C-85C2-D4B4D9B6F04D}
2011-10-25 15:35:57 -------- d-----w- c:\users\el rey\appdata\local\{744AFC10-3687-4040-B795-2B4E55B59769}
2011-10-24 15:47:58 -------- d-----w- c:\users\el rey\appdata\local\{0BCAB8D9-8CA9-4B30-9403-C839DCF2CC57}
2011-10-24 15:47:41 -------- d-----w- c:\users\el rey\appdata\local\{C1E0702C-E1E9-4ABB-BD77-A31F5746983B}
2011-10-23 08:41:18 -------- d-----w- c:\users\el rey\appdata\local\{53EB538C-7614-4694-BE1D-451E344709AD}
2011-10-23 08:40:53 -------- d-----w- c:\users\el rey\appdata\local\{7544D234-5CA2-499A-8648-A3DAFBB714C3}
2011-10-22 10:36:10 -------- d-----w- c:\users\el rey\appdata\local\{3F944E81-2BA0-47E8-A318-255961D21CD6}
2011-10-22 10:35:55 -------- d-----w- c:\users\el rey\appdata\local\{DA4AA41F-6FB5-48B2-A8FF-DF08572E0421}
2011-10-22 09:24:38 -------- d-----w- c:\users\el rey\appdata\local\{C1408156-F233-4753-A888-FC9E230E8A68}
2011-10-22 09:16:48 -------- d-----w- c:\users\el rey\appdata\local\{CA7D0EBB-6E96-4332-AF45-B4F94A2681EB}
2011-10-21 20:11:08 -------- d-----w- c:\users\el rey\appdata\local\{FFC21634-4657-4786-9F0F-2458622309C5}
2011-10-19 20:34:56 -------- d-----w- c:\users\el rey\appdata\local\{39ED84FB-CDD5-4AD2-B7F1-25ED783DFCAA}
2011-10-18 21:31:20 -------- d-----w- c:\users\el rey\appdata\roaming\Registry Mechanic
2011-10-18 21:13:13 -------- d-----w- c:\program files\common files\PC Tools
2011-10-18 20:07:48 -------- d-----w- c:\users\el rey\appdata\local\{2BBC48DA-9656-415B-8FD2-4C3B77E2F5EB}
2011-10-18 20:07:33 -------- d-----w- c:\users\el rey\appdata\local\{32061744-3885-4DDC-9E70-231975927389}
2011-10-16 21:14:52 -------- d-----w- c:\users\el rey\appdata\local\{A0BF006C-569F-4F6C-B21C-B32B76D70306}
2011-10-16 21:14:28 -------- d-----w- c:\users\el rey\appdata\local\{01F4460D-14B6-4647-8FD2-D9252613DE69}
.
==================== Find3M ====================
.
2011-10-18 19:45:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-04 12:42:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-09-04 12:08:55 8192 ----a-w- c:\windows\system32\srvany.exe
2011-09-04 12:08:55 151552 ----a-w- c:\windows\KMService.exe
2011-09-04 10:55:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-09-04 10:55:38 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-26 21:07:34 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-08-26 21:07:34 109216 ----a-w- c:\windows\system32\EasyHook64.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601 Disk: ST932032 rev.HP07 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8300D000]<< >>UNKNOWN [0x8BF9C000]<< >>UNKNOWN [0x8BF8B000]<< >>UNKNOWN [0x8BF50000]<< >>UNKNOWN [0x8341F000]<< >>UNKNOWN [0x84611000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8304452A] -> \Device\Harddisk0\DR0[0x887B0030]
\Driver\Disk[0x887AC1D8] -> IRP_MJ_CREATE -> 0x8BFA039F
3 [0x8BFA059E] -> ntkrnlpa!IofCallDriver[0x8304452A] -> [0x887AF568]
\Driver\hpdskflt[0x8875A9E0] -> IRP_MJ_CREATE -> 0x8BF51EB2
5 [0x8BF51F92] -> ntkrnlpa!IofCallDriver[0x8304452A] -> \Device\Ide\IAAStorageDevice-1[0x85FD9028]
\Driver\iaStor[0x86CA4D10] -> IRP_MJ_CREATE -> 0x84637E36
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:52:14.49 ===============
Attached Files
File Type: zip attach.zip (6.8 KB, 22 views)
bashirkaram is offline  
Sponsored Links
Advertisement
 
Old 11-18-2011, 12:41 AM   #2
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please:
  • do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
  • do not run any tools or scans other than those requested;
  • follow all instructions in the order they are presented;
  • if you have problems with or do not understand the instructions, ask before continuing;
  • stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
  • do not attach any logs/reports, etc.. unless specifically requested to do so.
  • All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, uncheck word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

=================

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, including your email password, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

======================
  • Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default) NOTE: If Cure is not an option, please select Skip.
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.5.3.0_date_time_log.txt
  • Attach that log, please.
__________________

amateur is offline  
Old 11-27-2011, 11:11 AM   #3
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
A program is sending out emails from my email
Hello, So I'm getting these emails in my inbox saying "Delivery Status Notification (Failure)" from [email protected] I opened one of these emails and it said I have sent it to a few of my contacts. The email is nothing I would wriite and things I dont even know of. I'm guessing a...
daimleramg General Computer Security 2 09-18-2011 07:30 AM
Setting up new Outlook 2003 email account with new password
How do you retreive, delete, uninstall or change an email account in Microsoft Office 2003, without an unknown password that you have to enter before you can proceed. I just want to set up a new email account using my email address and a new password, so I can then import my pst files. I can do...
Bernie Braun Microsoft Office support 1 09-16-2011 05:51 AM
Problem with sending certain types of email attachments
Help required with blocking of sending of email attachments. I am suddenly having problems sending some email attachments in Outlook 2003. I am using email provider uko2 with BeThere ISP. I have two independent computers which are both connected to the same router and each has the same...
Bar457 Microsoft Office support 7 08-17-2011 09:32 AM
How to send email from currently active account in outlook express 2007
Hi all , I am using Microsoft Office Outlook 2007, Microsoft Window XP Professional service pack 2. I am using outlook express as a monitoring tool which sends email at the scheduled time lets say every after 6 hours.Presently It is using only one account under one profile but the problem...
XtremeInjuries Microsoft Office support 3 04-13-2011 05:33 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:05 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts