Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 6.3.2025 / 11:10
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > all outgoing emails hijacked, hjt log posted
Show topics
 
Forums
Forums
All outgoing emails hijacked, HJT log posted
  Jump to:
 
Posted Message
naiart
Newbie
_ 		23. July 2008 @ 14:51 _ Link to this message    Send private message to this user   
Hi,

My computer has been hijacked by something that overwrites all my outgoing emails (from Thunderbird or Outlook) with spam mail that looks like it was written by me. Everything also hangs once in a while and takes a few seconds to get going again. Here is my HJT log. Thank you to anyone who takes the time to respond, I really appreciate all your help!

____________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:29 PM, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Program Files\Oracle\Calendar\OCal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://content.library.utoronto.ca/rcat/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070811
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\popescut\iqmhmp.exe \s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9119 bytes
[ + quote]
Advertisement
_ 		__
2oldGeek
AfterDawn Addict
_ 		23. July 2008 @ 18:37 _ Link to this message    Send private message to this user   
Hi naiart,

Your Log shows nothing? That does not mean your computer is clean, malware can hide.
Please do a little pre-cleaning and post some Logs so we can see what?s going on in there.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Please download Malwarebytes' Anti-Malware to your desktop. DO NOT use yet.

Please download and install SUPERAntiSpyware Free

? Double-click SUPERAntiSypware.exe and use the default settings for installation.
? An icon will be created on your desktop. Double-click that icon to launch the program.
? If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
? Under the "Configuration and Preferences", click the Preferences... button.
? Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
? Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
? Click the "Close" button to leave the control center screen and exit the program.
? Do not run a scan just yet.



Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.

? Under Main "Select Files to Delete" choose: Select All.
? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.


Scan with Malwarebytes' Anti-Malware as follows:
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Be sure that everything is checked, and click Remove Selected.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post contents of that file in your next reply.


Scan with SUPERAntiSpyware as follows:

? Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
? On the left, make sure you check C:\Fixed Drive.
? On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
? After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
? Make sure everything has a checkmark next to it and click "Next".
? A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
? If asked if you want to reboot, click "Yes" and reboot normally.

Reboot to Normal Mode

? To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
? Click Close to exit the program.




Please post a fresh HijackThis log, SUPERAntiSpyware Log and log-date.txt in your next reply.



2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
naiart
Newbie
_ 		24. July 2008 @ 17:16 _ Link to this message    Send private message to this user   
Thank you so much for answering so quickly! I'm sorry I didn't reply to you earlier, it took me a while to run those scans and I cannot use this computer a lot of the day.... I haven't yet tried to reinstall my email account but i will try and let you know what happens! Also, it's possible nothing showed up on my last HJT scan because I had "fixed" a few things that seemed suspicious. That didn't solve anything, so I restored all the fixes before posting the previous log, but maybe nothing showed up because I didn't restart my computer in the meantime....

Anyway, here are the logs, thank you very much again!:

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2

11:54:36 AM 24/07/2008
mbam-log-7-24-2008 (11-54-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 142280
Time elapsed: 1 hour(s), 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP325\A0066130.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

_____________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2008 at 01:20 PM

Application Version : 4.15.1000

Core Rules Database Version : 3513
Trace Rules Database Version: 1504

Scan type : Complete Scan
Total Scan Time : 01:23:40

Memory items scanned : 172
Memory threats detected : 0
Registry items scanned : 5864
Registry threats detected : 0
File items scanned : 97528
File threats detected : 0

Adware.Tracking Cookie
.fastclick.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.torstardigital.122.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.hertz.122.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.goal.adbureau.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
www6.addfreestats.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.everrestmedia.ca [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.everrestmedia.ca [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\RichardB\Application Data\Mozilla\Firefox\Profiles\we57u5ep.default\cookies.txt ]

____________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:20 PM, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://content.library.utoronto.ca/rcat/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070811
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\popescut\iqmhmp.exe \s,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9272 bytes
[ + quote]
naiart
Newbie
_ 		24. July 2008 @ 17:24 _ Link to this message    Send private message to this user   
I just tried it once more and all my emails are still not going through... I mean they are but they arrive with all the content replaced by advertising spam. Sorry.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		24. July 2008 @ 17:34 _ Link to this message    Send private message to this user   
Check and Fix this line in HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


Run MalwareBytes? and post the log.

I?ll be gone for a few days so please hang in there?

2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
naiart
Newbie
_ 		28. July 2008 @ 13:54 _ Link to this message    Send private message to this user   
Hi 2OG, Do you have any other ideas? Is it possible that it is all remote now and something has just hijacked my email account, without anything still remaining on my computer? That would be odd thought because my computer is still running pretty crappily. Sorry I am not knowledgeable about this at all. Thanks again for all you help!
[ + quote]

This message has been edited since posting. Last time this message was edited on 28. July 2008 @ 13:56
2oldGeek
AfterDawn Addict
_ 		28. July 2008 @ 21:14 _ Link to this message    Send private message to this user   
Hi naiart,

Did you run Malwarebytes?? if so, post the Log.

It's not remote without something in your machine. It is still there, somewhere?. So, let?s dig it out:

Download ComboFix from Here to your Desktop.
? Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
? Double click combofix.exe and follow the prompts.
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

Regards
2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
naiart
Newbie
_ 		29. July 2008 @ 11:22 _ Link to this message    Send private message to this user   
Hi again, yes I posted the Malwarebytes log at the top of my post on the 24th. Would you like me to run it again? Here are the ComboFix log file and the HijackThis log. Thanks again!

_______________________

ComboFix 08-07-28.6 - popescut 2008-07-29 11:11:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2537 [GMT -4:00]
Running from: C:\Documents and Settings\popescut\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-24 10:42 . 2008-07-24 10:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 10:42 . 2008-07-24 10:42 <DIR> d-------- C:\Documents and Settings\popescut\Application Data\Malwarebytes
2008-07-24 10:42 . 2008-07-24 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 10:42 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 10:42 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 09:52 . 2008-07-24 09:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-24 09:52 . 2008-07-24 09:52 <DIR> d-------- C:\Documents and Settings\popescut\Application Data\SUPERAntiSpyware.com
2008-07-24 09:52 . 2008-07-24 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 13:34 . 2008-07-22 13:34 <DIR> d-------- C:\Program Files\Ad-Aware
2008-07-22 13:34 . 2008-07-22 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-22 13:33 . 2008-07-24 09:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 10:09 . 2008-07-16 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-10 16:03 . 2008-07-28 11:38 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-07-04 16:54 . 2008-07-04 16:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-04 16:31 . 2008-07-10 09:17 212,480 --a------ C:\WINDOWS\system32\drivers\ndisio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 15:09 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-29 15:08 --------- d-----w C:\Documents and Settings\popescut\Application Data\Thunderbird
2008-07-29 15:06 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-28 20:11 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-07-22 19:11 --------- d-----w C:\Program Files\MSN Messenger
2008-07-18 13:23 --------- d-----w C:\Program Files\Java
2008-07-07 14:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 14:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 18:54 --------- d-----w C:\Program Files\SopCast
2008-06-17 18:33 --------- d-----w C:\Program Files\TVUPlayer
2008-06-17 18:33 --------- d-----w C:\Documents and Settings\popescut\Application Data\TVU Networks
2008-06-17 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-01-29 18:18 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 09:07 843776]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-05-02 14:22:51 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\Program Files\SAPPc\R3vfy32.exe"= c:\program files\SAPpc\R3vfy32.exe:199.212.42.1:Enabled:R3vfy32
"C:\Program Files\SAP\FrontEnd\SAPgui\SAPgui.exe"= c:\program files\SAP\FrontEnd\SAPgui\SAPgui.exe:199.212.42.1:Enabled:SAPgui
"C:\WINDOWS\system32\ntvdm.exe"= C:\WINDOWS\System32\Ntvdm.exe:128.100.102.31:Enabled:SAPlpd 4.08
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R2 ASFIPmon;Broadcom ASF IP Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-03-17 18:25]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-vtsymh - C:\WINDOWS\system32\vtsymh.exe
HKLM-Run-Windows Messenger Live Startup - windowsmsnlive.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://content.library.utoronto.ca/rcat/
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 11:15:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-29 11:17:10
ComboFix-quarantined-files.txt 2008-07-29 15:16:14

Pre-Run: 136,674,119,680 bytes free
Post-Run: 136,700,473,344 bytes free

142 --- E O F --- 2008-07-09 13:28:17



_______________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:58 AM, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://content.library.utoronto.ca/rcat/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070811
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8758 bytes
[ + quote]
2oldGeek
AfterDawn Addict
_ 		29. July 2008 @ 21:41 _ Link to this message    Send private message to this user   
Hi naiart,

Well I found ndisio.sys hiding in there and as best I can tell it?s an e-mail hijacker.
It is a new virus and I didn?t find very much info on it and I cannot find where it?s loading in the registry.
So, let?s try to delete it (if it still exists) and see what happens. Hopefully, this will take care of your problem.


Delete File on Reboot

Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot.
Navigate to the file and click on it once, and then click on the Open button.

C:\WINDOWS\system32\drivers\ndisio.sys

You will now be asked if you would like to reboot your computer to delete the file.
Click on the Yes button.

After reboot, check it out and let me know.. No need to send a HJT Log as this does not show up in it..

Note: If you cannot locate this file using the HJT Delete on reboot function let me know?..

2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
naiart
Newbie
_ 		30. July 2008 @ 12:37 _ Link to this message    Send private message to this user   
Hi again, Okay I used HJT to delete the file and after restarting it no longer appeared in that folder. Then I tried re-adding my email account to Outlook and sending a couple of test mails, but unfortunately I got the same result as before - all the messages are replaced with spam when they are delivered. I'm sorry this is turning out to be such a nuisance! Thanks again for all your help.
[ + quote]

This message has been edited since posting. Last time this message was edited on 30. July 2008 @ 12:38
2oldGeek
AfterDawn Addict
_ 		30. July 2008 @ 19:29 _ Link to this message    Send private message to this user   
I have looked ?til I?m nearly blind. ; ) Cannot find a thing in your Logs?..

I see you have downloaded Thunderbird. Have you tried it yet? Outlook is a Big Target for Advertisers and malware..

Give Thunderbird or even IncrediMail a shot and see what turns up..
My wife uses IncrediMail and loves it, therefore I use it also, just to keep peace on the home front. LOL

2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
naiart
Newbie
_ 		31. July 2008 @ 10:05 _ Link to this message    Send private message to this user   
Hi again! okay I will give it a shot. I was actually using Thunderbird before when the trouble started, and I got the same problem with both Outlook and Thunderbird. But right now I have a much bigger problem: none of my network connections work any longer! I have no access to any of the network drives or the internet, although they all appear as 'connected' (I'm posting this from a different computer on the same network, the problem is only with that machine). After restarting yesterday the network worked fine but today everything is dead! Have you ever heard of something like this? Thanks!
[ + quote]

This message has been edited since posting. Last time this message was edited on 31. July 2008 @ 10:06
2oldGeek
AfterDawn Addict
_ 		3. August 2008 @ 10:55 _ Link to this message    Send private message to this user   
It is very difficult to diagnose a problem on a computer that you?re not sitting at the keyboard..


At this point I might suggest a reformat/reinstall.. That would take care of this computer but the network????

If your network is infected then it could be bad? let me know what you decide and how it turns out. I can do no more I?m afraid?.

2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
naiart
Newbie
_ 		5. August 2008 @ 09:21 _ Link to this message    Send private message to this user   
Honestly I have no idea either, but the IT person here who takes care of the network looked at my computer and somehow got my network connection going again after running some shell script or I don't know what. In any case, everything works again and my emails are now going out cleanly both from Outlook and Thunderbird! Thanks again =)
[ + quote]
Advertisement
_ 		__
 
_
2oldGeek
AfterDawn Addict
_ 		5. August 2008 @ 09:33 _ Link to this message    Send private message to this user   
That's great, naiart.

See if your IT Guy will send me a copy of his Golden Script.. ; )

Maybe it will help me get a bug out.


2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > all outgoing emails hijacked, hjt log posted
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork