Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Email Forwarded from my accounts with no subject and a link

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Email Forwarded from my accounts with no subject and a link

Unread postby snarko » November 2nd, 2010, 12:01 pm

Hi! I hope I'm doing this right. Here is my log and my problem is that over the past couple of weeks both my hotmail and yahoo accounts have forwarded an email with no subject and only a link in the body to (apparently) EVERYONE on my contact list. I changed all my passwords, and it happened again. I don't know if this means I have a keystroke logger or something similar? ANY help / insight would be appreciated. If I did something wrong, or failed to include something, Please let me know.

Thanks,

Kristen

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:32 AM, on 11/2/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\OnlyWire\OnlyWireWindows.exe
C:\windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\windows\system32\conhost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\java.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Kristen\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
O4 - Global Startup: OnlyWire.LNK = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... den-us.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca14.custhelp.com/8201-b499h ... a/RntX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\windows\system32\lxducoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9200 bytes
snarko
Active Member
 
Posts: 6
Joined: November 2nd, 2010, 11:46 am
Advertisement
Register to Remove

Re: Email Forwarded from my accounts with no subject and a l

Unread postby askey127 » November 4th, 2010, 7:44 am

Hi snarko,
We will find out what is doing it.
This may seem like a lot to do at first.
Just take one step at a time,in the order given. If you have a problem, post back and let me know
You may want to print this out before you start.

Having Multiple Antivirus products at the same time causes serious system stability and security issues.
You also have some junk toolbar items and extra anti-spyware programs we will prevent from starting:
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
Download and Run the Norton Removal Tool for your version of Windows.
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
Please Be patient. This tool removes hundreds of files and settings. It will let you know when it's done.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Ad-Aware
AVG 10
(may say AVG Free or AVG 10 Free)
PCTools
Spyware Doctor
(if present in the list)

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Then close your Internet browser (Firefox or other)
Right click TFC on your desktop and choose Run as Administrator
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
Immediately do the following, Do not surf the internet until Avira Antivir is installed:
-----------------------------------------------
Install, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop (Right click and choose "Run as administrator" in Win7), Install the program, Have it update itself, and run a full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

So we are looking for the log from Avira Antivir, and the Installed programs list from HiJackThis.
Use separate replies for the logs if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Email Forwarded from my accounts with no subject and a l

Unread postby snarko » November 4th, 2010, 11:19 am

Hi and thanks... I've done everything up to the copy report from AntiVir out of notepad and paste it here :) I'll finish the next part shortly and post results.

Avira AntiVir Personal
Report file date: Thursday, November 04, 2010 10:12

Scanning for 3013692 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Kristen
Computer name : KRISTEN-PC

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 15:11:02
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 15:11:15
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 15:11:15
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 15:11:15
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 15:11:15
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 15:11:16
VBASE014.VDF : 7.10.13.117 2048 Bytes 11/4/2010 15:11:16
VBASE015.VDF : 7.10.13.118 2048 Bytes 11/4/2010 15:11:16
VBASE016.VDF : 7.10.13.119 2048 Bytes 11/4/2010 15:11:16
VBASE017.VDF : 7.10.13.120 2048 Bytes 11/4/2010 15:11:16
VBASE018.VDF : 7.10.13.121 2048 Bytes 11/4/2010 15:11:16
VBASE019.VDF : 7.10.13.122 2048 Bytes 11/4/2010 15:11:16
VBASE020.VDF : 7.10.13.123 2048 Bytes 11/4/2010 15:11:16
VBASE021.VDF : 7.10.13.124 2048 Bytes 11/4/2010 15:11:16
VBASE022.VDF : 7.10.13.125 2048 Bytes 11/4/2010 15:11:16
VBASE023.VDF : 7.10.13.126 2048 Bytes 11/4/2010 15:11:17
VBASE024.VDF : 7.10.13.127 2048 Bytes 11/4/2010 15:11:17
VBASE025.VDF : 7.10.13.128 2048 Bytes 11/4/2010 15:11:17
VBASE026.VDF : 7.10.13.129 2048 Bytes 11/4/2010 15:11:17
VBASE027.VDF : 7.10.13.130 2048 Bytes 11/4/2010 15:11:17
VBASE028.VDF : 7.10.13.131 2048 Bytes 11/4/2010 15:11:17
VBASE029.VDF : 7.10.13.132 2048 Bytes 11/4/2010 15:11:17
VBASE030.VDF : 7.10.13.133 2048 Bytes 11/4/2010 15:11:17
VBASE031.VDF : 7.10.13.138 25600 Bytes 11/4/2010 15:11:18
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/4/2010 15:11:35
AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 21:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 21:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 11/4/2010 15:11:33
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/4/2010 15:11:30
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 21:09:52
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/4/2010 15:11:28
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/4/2010 15:11:21
AEGEN.DLL : 8.1.3.24 401781 Bytes 11/4/2010 15:11:20
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 21:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 11/4/2010 15:11:19
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, November 04, 2010 10:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sppsvc.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'CFIWmxSvcs.exe' - '1' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'OnlyWireWindows.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'BoostSpeed.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lxducoms.exe' - '1' Module(s) have been scanned
Scan process 'lxduserv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atieclxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '473' files ).



End of the scan: Thursday, November 04, 2010 10:13
Used time: 00:37 Minute(s)

The scan has been done completely.

0 Scanned directories
984 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
984 Files not concerned
7 Archives were scanned
0 Warnings
0 Notes
snarko
Active Member
 
Posts: 6
Joined: November 2nd, 2010, 11:46 am

Re: Email Forwarded from my accounts with no subject and a l

Unread postby snarko » November 4th, 2010, 11:22 am

Hi and thanks... I think I accomplished everything correctly :)


Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
AVG PC Tuneup 2011
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 6.0
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Catalyst Control Center - Branding
Compatibility Pack for the 2007 Office system
DHTML Editing Component
GIMP 2.6.10
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Java(TM) 6 Update 21
Label@Once 1.0
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Tools for Office
LimeWire 5.5.10
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MyToshiba
NetZero Launcher
OGA Notifier 2.0.0048.0
OnlyWire
OpenOffice.org 3.2
Picasa 3
PlayReady PC Runtime x86
Quickbooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Skype Launcher
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Userlytics Studio
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Software Update
snarko
Active Member
 
Posts: 6
Joined: November 2nd, 2010, 11:46 am

Re: Email Forwarded from my accounts with no subject and a l

Unread postby snarko » November 4th, 2010, 11:27 am

Dang it! I see there's still something from AVG on there... I don't know how it got through... I'll try to um... re-uninstall... or something.
snarko
Active Member
 
Posts: 6
Joined: November 2nd, 2010, 11:46 am

Re: Email Forwarded from my accounts with no subject and a l

Unread postby askey127 » November 4th, 2010, 4:24 pm

snarko,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Limewire in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
LimeWire 5.5.10
AVG PC Tuneup 2011

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------
Side Note:
If you use a router, wireless or wired, make sure that the administrator password for the router installation has been changed to one chosen by you.
If the original default password is retained, a remote attacker can install his own server address in between you and your Internet Provider. (The default passwords are published).
If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.

You may need the technical assistance of your Internet provider to check this.
Is this something you can do?
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Email Forwarded from my accounts with no subject and a l

Unread postby snarko » November 4th, 2010, 4:56 pm

Hi. Actually I didn't realize that was still even on my computer. It was supposed to have been deleted a long time ago but apparently has some parts remaining? I know it hasn't been used in a long time, though and these symptoms are fairly recent (past two or three weeks at the most). I'll go see if I can get rid of it completely, though.
snarko
Active Member
 
Posts: 6
Joined: November 2nd, 2010, 11:46 am

Re: Email Forwarded from my accounts with no subject and a l

Unread postby snarko » November 4th, 2010, 7:24 pm

I deleted the AVG program and the limewire program before I ran the scan. Here's the log:


GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-04 18:23:12
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS543225L9SA00 FBEOC43C
Running: tp6n4rw2.exe; Driver: C:\Users\Kristen\AppData\Local\Temp\kwtdafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C93599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88530000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88575000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DA20000, 0x2D5526, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtCreateFile + 6 77B04A16 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtCreateFile + B 77B04A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtMapViewOfSection + 6 77B05076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtMapViewOfSection + 6 77B05076 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtMapViewOfSection + B 77B0507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenFile + 6 77B05126 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenFile + B 77B0512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcess + 6 77B051D6 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcess + B 77B051DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessToken + 6 77B051E6 4 Bytes CALL 76B068EC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessToken + B 77B051EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessTokenEx + 6 77B051F6 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessTokenEx + B 77B051FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThread + 6 77B05256 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThread + B 77B0525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadToken + 6 77B05266 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadToken + B 77B0526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadTokenEx + 6 77B05276 4 Bytes CALL 76B0697D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadTokenEx + B 77B0527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryAttributesFile + 6 77B05386 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryAttributesFile + B 77B0538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryFullAttributesFile + 6 77B05436 4 Bytes CALL 76B06B3B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryFullAttributesFile + B 77B0543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationFile + 6 77B05A86 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationFile + B 77B05A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationThread + 6 77B05AE6 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationThread + B 77B05AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtUnmapViewOfSection + B 77B05E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtCreateFile + 6 77B04A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtCreateFile + B 77B04A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + 6 77B05076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + 6 77B05076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + B 77B0507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenFile + 6 77B05126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenFile + B 77B0512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcess + 6 77B051D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcess + B 77B051DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessToken + 6 77B051E6 4 Bytes CALL 76B058EC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessToken + B 77B051EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessTokenEx + 6 77B051F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessTokenEx + B 77B051FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThread + 6 77B05256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThread + B 77B0525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadToken + 6 77B05266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadToken + B 77B0526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadTokenEx + 6 77B05276 4 Bytes CALL 76B0597D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadTokenEx + B 77B0527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryAttributesFile + 6 77B05386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryAttributesFile + B 77B0538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryFullAttributesFile + 6 77B05436 4 Bytes CALL 76B05B3B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryFullAttributesFile + B 77B0543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationFile + 6 77B05A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationFile + B 77B05A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationThread + 6 77B05AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationThread + B 77B05AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + B 77B05E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtCreateFile + 6 77B04A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtCreateFile + B 77B04A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + 6 77B05076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + 6 77B05076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + B 77B0507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenFile + 6 77B05126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenFile + B 77B0512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcess + 6 77B051D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcess + B 77B051DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessToken + 6 77B051E6 4 Bytes CALL 76B058EC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessToken + B 77B051EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessTokenEx + 6 77B051F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessTokenEx + B 77B051FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThread + 6 77B05256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThread + B 77B0525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadToken + 6 77B05266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadToken + B 77B0526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadTokenEx + 6 77B05276 4 Bytes CALL 76B0597D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadTokenEx + B 77B0527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryAttributesFile + 6 77B05386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryAttributesFile + B 77B0538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryFullAttributesFile + 6 77B05436 4 Bytes CALL 76B05B3B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryFullAttributesFile + B 77B0543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationFile + 6 77B05A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationFile + B 77B05A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationThread + 6 77B05AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationThread + B 77B05AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + B 77B05E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + 6 77B04A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + B 77B04A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77B05076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77B05076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + B 77B0507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + 6 77B05126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + B 77B0512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + 6 77B051D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + B 77B051DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + 6 77B051E6 4 Bytes CALL 76B058EC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + B 77B051EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + 6 77B051F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + B 77B051FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + 6 77B05256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + B 77B0525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + 6 77B05266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + B 77B0526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + 6 77B05276 4 Bytes CALL 76B0597D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + B 77B0527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + 6 77B05386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + B 77B0538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + 6 77B05436 4 Bytes CALL 76B05B3B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + B 77B0543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + 6 77B05A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + B 77B05A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + 6 77B05AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + B 77B05AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + B 77B05E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtCreateFile + 6 77B04A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtCreateFile + B 77B04A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtMapViewOfSection + 6 77B05076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtMapViewOfSection + 6 77B05076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtMapViewOfSection + B 77B0507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenFile + 6 77B05126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenFile + B 77B0512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenProcess + 6 77B051D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenProcess + B 77B051DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenProcessToken + 6 77B051E6 4 Bytes CALL 76B058EC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenProcessToken + B 77B051EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenProcessTokenEx + 6 77B051F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenProcessTokenEx + B 77B051FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenThread + 6 77B05256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenThread + B 77B0525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenThreadToken + 6 77B05266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenThreadToken + B 77B0526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenThreadTokenEx + 6 77B05276 4 Bytes CALL 76B0597D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtOpenThreadTokenEx + B 77B0527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtQueryAttributesFile + 6 77B05386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtQueryAttributesFile + B 77B0538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtQueryFullAttributesFile + 6 77B05436 4 Bytes CALL 76B05B3B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtQueryFullAttributesFile + B 77B0543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtSetInformationFile + 6 77B05A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtSetInformationFile + B 77B05A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtSetInformationThread + 6 77B05AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtSetInformationThread + B 77B05AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtUnmapViewOfSection + 6 77B05E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8020] ntdll.dll!NtUnmapViewOfSection + B 77B05E0B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
snarko
Active Member
 
Posts: 6
Joined: November 2nd, 2010, 11:46 am

Re: Email Forwarded from my accounts with no subject and a l

Unread postby askey127 » November 4th, 2010, 7:52 pm

snarko,
------------------------------------------------
Side Note:
If you use a router, wireless or wired, make sure that the administrator password for the router installation has been changed to one that you chose.
If the default password is retained, a remote attacker can install his own server address in between you and your Internet Provider. (The default passwords are published).
If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.

You may need Tech Help from your Internet Provider, or the original instructions, to make sure this is correct.
Is this something you can do?
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Email Forwarded from my accounts with no subject and a l

Unread postby askey127 » November 8th, 2010, 12:03 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware