1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[No security issues found] My Hotmail is Spamming: DDS Run and Included

Discussion in 'Malware and Virus Removal Archive' started by chrisjwmartin, 2009/12/07.

  1. 2009/12/07
    chrisjwmartin

    chrisjwmartin Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    35
    Likes Received:
    0
    Hello,

    My Hotmail account has been sending daily spam for an electronics site to my friends list. I need to know whether the problem is with this computer or whether my account has been accessed by another machine. I have run DDS and am appending the results below.

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Chris at 8:04:47.15 on 07/12/2009
    Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2924.1601 [GMT 0:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\RtkAudioService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Chris\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
    uDefault_Page_URL = hxxp://www.club-vaio.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.club-vaio.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe "
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [<NO NAME>]
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [Skytel] Skytel.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\6mom5b3q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render|http://www.google.co.uk/ig|https://...m/|http://coldjwplay.livejournal.com/friends/
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\users\chris\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\6mom5b3q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-30 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-30 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-30 53328]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-30 138680]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-27 93320]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-13 299008]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-24 98304]
    R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-24 411488]
    R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-30 254040]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-30 352920]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-24 224384]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-24 9344]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-24 29736]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-13 103712]
    S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-13 353568]
    S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-13 62752]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-13 337184]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-13 83232]

    =============== Created Last 30 ================

    2009-11-26 03:01:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-25 13:38:02 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-25 13:38:02 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-25 13:38:00 714240 ----a-w- c:\windows\system32\timedate.cpl
    2009-11-25 06:07:47 0 d-----w- c:\programdata\NOS
    2009-11-17 17:58:55 0 d-----w- c:\program files\Windows Portable Devices
    2009-11-17 17:58:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-17 14:43:10 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-11-17 14:43:10 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-11-17 14:43:10 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-11-17 14:41:14 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-11-17 14:41:14 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-11-17 14:41:14 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-11-11 23:46:52 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-11 23:46:46 355328 ----a-w- c:\windows\system32\WSDApi.dll

    ==================== Find3M ====================

    2009-11-17 17:58:49 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-11-17 17:58:49 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-17 17:58:49 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-11-17 17:58:49 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-09-27 20:37:34 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
    2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 8:05:36.09 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 31/12/2008 00:29:48
    System Uptime: 12/07/2009 07:53:38 (3553 hours ago)

    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | N/A | 2533/267mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 455 GiB total, 331.467 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================


    7-Zip 4.64
    AAC Decoder
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat 8 Standard - English, Français, Deutsch
    Adobe Acrobat 8.1.7 - CPSID_50029
    Adobe Acrobat 8.1.7 Standard
    Adobe Common File Installer
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 6.0
    Adobe Premiere Elements 4.0
    Adobe Premiere Elements 4.0 Templates
    Apple Application Support
    ArcSoft WebCam Companion 2
    AutoUpdate
    avast! Antivirus
    Big Fish Games Game Suite
    BitTorrent
    BrettspielWelt
    Browser Address Error Redirector
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Dolby Control Center
    DSD Direct
    DSD Direct Player
    DSD Playback Plug-in
    EA Download Manager
    Europa Universalis III - Demo
    Google Chrome
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Impulse
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Java(TM) 6 Update 17
    Java(TM) 6 Update 6
    Karen's Alarm Clock
    McAfee SiteAdvisor
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    MKV Splitter
    Mozilla Firefox (3.5.5)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Transfer
    Oblivion
    OGA Notifier 2.0.0048.0
    OpenMG Secure Module 5.1.00
    Picasa 2
    Primo
    RealPlayer
    Realtek High Definition Audio Driver
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Setting Utility Series
    SimCity™ Societies
    Skype™ 4.1
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Picture Utility
    Sony Video Shared Library
    Spotify
    Star Wars Battlefront II
    Steam
    The Political Machine 2008
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Edit Components 6.4
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Guide 
    VAIO Marketing Tools
    VAIO Media plus
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Smart Network
    VAIO Update 4
    VAIO Wallpaper Contents
    VC80CRTRedist - 8.0.50727.762
    WIDCOMM Bluetooth Software 6.2.0.4100
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinDVD for VAIO
    WinPatrol 2009

    ==== End Of File ===========================
     
    chrisjwmartin,
    #1
  2. 2009/12/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    ******************************************************************************************
    Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
    DO NOT remove those entries!
    If you do, your computer will become UN-bootable.
    The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
    ****************************************************************************************

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/12/08
    chrisjwmartin

    chrisjwmartin Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    35
    Likes Received:
    0
    The GMER exe kept on crashing my entire system, despite having a "random" name.
     
    chrisjwmartin,
    #3
  5. 2009/12/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't think, your Hotmail issue is caused by any infection.
    All logs look clean....
     
    broni,
    #4
  6. 2009/12/08
    chrisjwmartin

    chrisjwmartin Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    35
    Likes Received:
    0
    Thank you broni! That is what I was hoping for :)
     
    chrisjwmartin,
    #5
  7. 2009/12/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...