Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: reports included- bulk spam email issue  (Read 3988 times)

0 Members and 1 Guest are viewing this topic.

wolfman

    Topic Starter


    Intermediate

    reports included- bulk spam email issue
    « on: October 15, 2012, 02:36:57 PM »
    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Dennis at 15:41:21 on 2012-10-15
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3839.1535 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Garmin\gStart.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=14
    uURLSearchHooks: PC Tools Browser Defender: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    TB: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
    uRun: [gStart] C:\Garmin\gStart.exe
    uRun: [Google Update] "C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDM~1.LNK - C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{448DA267-DD84-49DC-861F-9DA22D5A4B42} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{6A4238BB-A2F7-4A95-8BB1-F35F9D028C6E} : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-5-18 367912]
    R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-5-18 453896]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-5-18 1096688]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-5-18 339608]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-5-18 230952]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-20 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-5-18 546768]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-19 635416]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-5-18 402336]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-5-18 1117624]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 6790656]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 221184]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-9-19 852256]
    R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-1-30 70760]
    R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-5-18 92896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-20 346144]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-20 38456]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-9 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-9 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-10-12 14:57:07   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-10 10:21:12   1656688   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 10:21:10   5505904   ----a-w-   C:\Windows\System32\ntoskrnl.exe
    2012-10-10 10:21:08   3958128   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
    2012-10-10 10:21:08   3902832   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
    2012-09-24 20:21:37   --------   d-----w-   C:\Program Files (x86)\Microsoft Synchronization Services
    2012-09-24 20:18:38   --------   d-----w-   C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-09-24 20:17:33   --------   d-----w-   C:\Program Files (x86)\Microsoft Analysis Services
    2012-09-24 20:16:18   --------   d-----w-   C:\Users\Dennis\AppData\Local\Microsoft Help
    2012-09-22 08:00:57   754824   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe
    .
    ==================== Find3M  ====================
    .
    2012-09-14 19:23:40   2048   ----a-w-   C:\Windows\System32\tzres.dll
    2012-09-14 18:30:38   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
    2012-09-07 22:04:46   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2012-08-24 20:43:16   384352   ----a-w-   C:\Windows\System32\drivers\avgtdia.sys
    2012-08-24 18:05:28   220160   ----a-w-   C:\Windows\System32\wintrust.dll
    2012-08-24 17:10:47   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18   1392128   ----a-w-   C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29   599040   ----a-w-   C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2012-08-18 15:43:05   362496   ----a-w-   C:\Windows\System32\wow64win.dll
    2012-08-18 15:43:05   243200   ----a-w-   C:\Windows\System32\wow64.dll
    2012-08-18 15:43:05   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
    2012-08-18 15:42:31   215040   ----a-w-   C:\Windows\System32\winsrv.dll
    2012-08-18 15:40:26   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
    2012-08-18 15:37:49   425984   ----a-w-   C:\Windows\System32\KernelBase.dll
    2012-08-18 15:34:13   338432   ----a-w-   C:\Windows\System32\conhost.exe
    2012-08-18 11:22:55   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
    2012-08-18 11:19:45   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
    2012-08-18 11:19:22   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
    2012-08-18 11:17:56   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
    2012-08-18 11:17:56   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
    2012-08-18 09:12:09   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
    2012-08-18 09:12:09   2048   ----a-w-   C:\Windows\SysWow64\user.exe
    2012-08-18 09:07:02   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 09:07:02   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 09:07:02   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 09:07:02   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:53:01   714752   ----a-w-   C:\Windows\System32\kerberos.dll
    2012-08-10 23:54:04   541184   ----a-w-   C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:55:04   574464   ----a-w-   C:\Windows\System32\d3d10level9.dll
    2012-08-02 17:05:42   490496   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
    2012-07-26 08:21:28   291680   ----a-w-   C:\Windows\System32\drivers\avgldx64.sys
    2012-07-18 17:31:12   3146752   ----a-w-   C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 15:43:22.10 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/21/2010 5:55:26 PM
    System Uptime: 10/15/2012 3:35:22 PM (0 hours ago)
    .
    Motherboard: FOXCONN |  | 2AB1
    Processor: AMD Athlon(tm) II X4 635 Processor | CPU 1 | 2900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 686 GiB total, 430.836 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.476 GiB free.
    E: is CDROM (UDF)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: PC Tools Data Store
    Device ID: ROOT\LEGACY_PCTDS\0000
    Manufacturer:
    Name: PC Tools Data Store
    PNP Device ID: ROOT\LEGACY_PCTDS\0000
    Service: pctDS
    .
    ==== System Restore Points ===================
    .
    RP183: 10/10/2012 5:38:06 AM - Scheduled Checkpoint
    RP184: 10/11/2012 3:00:25 AM - Windows Update
    RP185: 10/12/2012 9:54:22 AM - Installed iTunes
    RP186: 10/15/2012 5:25:56 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AVG 2012
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Bonjour
    Browser Defender 4.0
    Build-a-lot 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cloudmark DesktopOne
    Coupon Printer for Windows
    CyberLink DVD Suite Deluxe
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    FATE
    Final Drive Nitro
    Garmin Training Center
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    Hulu Desktop
    iTunes
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kobo
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Online Backup
    PC Performer
    PC Tools Spyware Doctor 9.0
    PDF Complete Special Edition
    Penguins!
    PhotoNow!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    QuickTime
    Realtek High Definition Audio Driver
    Recovery Manager
    Roxio CinemaNow 2.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Speccy
    Sportsbook.com
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Virtual Families
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    Wheel of Fortune 2
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/15/2012 3:36:49 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
    10/15/2012 3:36:19 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/15/2012 3:36:19 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
    10/12/2012 9:55:16 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:  An instance of the service is already running.
    10/12/2012 9:54:16 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/12/2012 9:53:45 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/12/2012 9:22:42 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{448DA267-DD84-49DC-861F-9DA22D5A4B42} because another computer on the network has the same name.  The server could not start.
    .
    ==== End Of File ===========================


    [year+ old attachment deleted by admin]

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 991
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: reports included- bulk spam email issue
    « Reply #1 on: October 15, 2012, 03:57:28 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    *********************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    ********************************************
    Download Combofix from any of the links below, and save it to your DESKTOP

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender