1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My email acct. was hijacked.

Discussion in 'Virus & Other Malware Removal' started by Duhbob, Jan 30, 2013.

Thread Status:
Not open for further replies.
  1. Duhbob

    Duhbob Thread Starter

    Joined:
    Feb 5, 2004
    Messages:
    38
    On January 15th and again a few days afterwards, and then again today, my email is sending out tiny files to many of my contacts. The subject is usually RE: or blank, but with my name as the sender. I ran Malwarebytes and quarantined a few badguys on the 15th but did not catch the source. Please critique my logs and help me get this issue fixed.
    Please read all the way to the bottom...GMER froze-up but I was able to screen shot the warning. The info is added to the tail-end of this post. Thank you all for being here!
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:06:52 PM, on 1/30/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Documents and Settings\Bob Brandt\Application Data\Microsoft\Internet Explorer\Quick Launch\purrint.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343054387000
    O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

    --
    End of file - 7303 bytes
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
    Run by Bob Brandt at 19:36:08 on 2013-01-30
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.415 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\Bob Brandt\Application Data\Microsoft\Internet Explorer\Quick Launch\purrint.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://m.www.yahoo.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343054387000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} - hxxp://expressit.broderbund.com/plugin/Download.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{E695A4D2-F796-43DC-BEF6-BA4F98CCEA36} : DHCPNameServer = 192.168.1.254
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bob brandt\application data\mozilla\firefox\profiles\dci6c281.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&gl=us
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: c:\documents and settings\bob brandt\application data\mozilla\firefox\profiles\dci6c281.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\bob brandt\application data\mozilla\firefox\profiles\dci6c281.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-14 13496]
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-30 272216]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-15 398184]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
    R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2008-5-5 33792]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-1-18 231424]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-15 21104]
    R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-15 682344]
    .
    =============== File Associations ===============
    .
    ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    2013-01-31 00:52:29 388096 ----a-r- c:\documents and settings\bob brandt\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-01-31 00:52:27 -------- d-----w- c:\program files\Trend Micro
    2013-01-30 20:54:09 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a842a62-c1ee-44c0-8248-eb264b88fd06}\mpengine.dll
    2013-01-29 21:04:32 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-19 15:09:58 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe
    2013-01-16 02:26:19 -------- d-----w- c:\documents and settings\bob brandt\application data\Malwarebytes
    2013-01-16 02:25:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-01-16 02:25:32 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-16 02:25:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-16 02:11:29 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-22 04:40:38 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-22 04:40:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-24 04:13:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    .
    ============= FINISH: 19:37:42.23 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/18/2008 1:18:22 AM
    System Uptime: 1/27/2013 2:42:47 PM (77 hours ago)
    .
    Motherboard: Quanta | | 3096
    Processor: Mobile AMD Sempron(tm) Processor 3000+ | U23 | 1575/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 18.893 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3091103C&REV_10\4&13826118&0&00A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3091103C&REV_10\4&13826118&0&00A4
    Service: RTL8023xp
    .
    ==== System Restore Points ===================
    .
    RP2006: 12/26/2012 10:38:01 PM - Software Distribution Service 3.0
    RP2007: 12/27/2012 10:38:20 PM - Software Distribution Service 3.0
    RP2008: 12/28/2012 10:39:01 PM - Software Distribution Service 3.0
    RP2009: 12/29/2012 2:59:51 AM - Software Distribution Service 3.0
    RP2010: 12/29/2012 10:39:08 PM - Software Distribution Service 3.0
    RP2011: 12/31/2012 12:33:58 AM - System Checkpoint
    RP2012: 12/31/2012 7:02:20 PM - Software Distribution Service 3.0
    RP2013: 1/1/2013 7:02:04 PM - Software Distribution Service 3.0
    RP2014: 1/2/2013 7:02:35 PM - Software Distribution Service 3.0
    RP2015: 1/3/2013 7:36:19 PM - Installed Rapport
    RP2016: 1/3/2013 7:53:37 PM - Software Distribution Service 3.0
    RP2017: 1/4/2013 3:00:21 AM - Software Distribution Service 3.0
    RP2018: 1/4/2013 7:50:09 PM - Software Distribution Service 3.0
    RP2019: 1/5/2013 2:38:24 AM - Software Distribution Service 3.0
    RP2020: 1/5/2013 7:50:11 PM - Software Distribution Service 3.0
    RP2021: 1/6/2013 8:08:58 AM - Software Distribution Service 3.0
    RP2022: 1/7/2013 8:33:09 AM - Software Distribution Service 3.0
    RP2023: 1/8/2013 8:35:05 AM - Software Distribution Service 3.0
    RP2024: 1/8/2013 11:55:10 PM - Software Distribution Service 3.0
    RP2025: 1/9/2013 8:35:42 AM - Software Distribution Service 3.0
    RP2026: 1/10/2013 11:38:50 AM - System Checkpoint
    RP2027: 1/11/2013 1:02:18 AM - Software Distribution Service 3.0
    RP2028: 1/12/2013 1:02:00 AM - Software Distribution Service 3.0
    RP2029: 1/12/2013 2:48:38 AM - Software Distribution Service 3.0
    RP2030: 1/13/2013 12:59:57 AM - Software Distribution Service 3.0
    RP2031: 1/14/2013 1:00:31 AM - System Checkpoint
    RP2032: 1/14/2013 7:11:26 PM - Software Distribution Service 3.0
    RP2033: 1/14/2013 7:36:45 PM - Software Distribution Service 3.0
    RP2034: 1/15/2013 4:46:34 PM - Software Distribution Service 3.0
    RP2035: 1/15/2013 8:10:25 PM - Installed Java 7 Update 11
    RP2036: 1/15/2013 11:09:06 PM - Software Distribution Service 3.0
    RP2037: 1/16/2013 1:28:36 AM - Removed The Print Shop 23.1
    RP2038: 1/16/2013 11:32:49 PM - Software Distribution Service 3.0
    RP2039: 1/17/2013 11:33:45 PM - Software Distribution Service 3.0
    RP2040: 1/19/2013 1:42:23 AM - System Checkpoint
    RP2041: 1/19/2013 2:36:40 AM - Software Distribution Service 3.0
    RP2042: 1/20/2013 3:36:45 PM - Software Distribution Service 3.0
    RP2043: 1/21/2013 4:23:28 PM - System Checkpoint
    RP2044: 1/21/2013 10:38:43 PM - Software Distribution Service 3.0
    RP2045: 1/22/2013 10:38:15 PM - Software Distribution Service 3.0
    RP2046: 1/23/2013 10:38:05 PM - Software Distribution Service 3.0
    RP2047: 1/25/2013 7:47:32 AM - Software Distribution Service 3.0
    RP2048: 1/26/2013 3:12:38 PM - Software Distribution Service 3.0
    RP2049: 1/27/2013 3:18:43 PM - System Checkpoint
    RP2050: 1/28/2013 7:52:37 AM - Software Distribution Service 3.0
    RP2051: 1/29/2013 8:30:57 AM - System Checkpoint
    RP2052: 1/29/2013 3:04:27 PM - Software Distribution Service 3.0
    RP2053: 1/30/2013 2:54:05 PM - Software Distribution Service 3.0
    RP2054: 1/30/2013 6:52:25 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    2570
    2570_Help
    2570Trb
    AcronymGenie 4.3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player 11
    AiO_Scan_CDA
    AiOSoftwareNPI
    Amazon Kindle
    AMD CPUInfo
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    Athlon 64 Processor Driver
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    AutoUpdate
    Belarc Advisor 7.2
    Bing Maps 3D
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    Broderbund Media Manager
    BSPlayer
    BufferChm
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CDCheck
    CED USB Data Collector
    Compatibility Pack for the 2007 Office system
    Conexant AC-Link Audio
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CueTour
    Data Fax SoftModem with SmartCP
    Defraggler
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    eSupportQFolder
    Fax_CDA
    FullDPAppQFolder
    Game Booster
    GlyphThis (remove only)
    Google Earth
    Google SketchUp 8
    Google Update Helper
    Highlight Viewer (Windows Live Toolbar)
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    HP Document Viewer 5.3
    HP Help and Support
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.A
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HP User Guides 0002
    HP Wireless Assistant 1.01 A2
    HPProductAssistant
    ImgBurn
    InstantShareDevices
    InterVideo WinDVD
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 35
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Malwarebytes Anti-Malware version 1.70.0.1100
    Map Button (Windows Live Toolbar)
    MGI PhotoSuite 4 (Remove Only)
    Microsoft .NET Compact Framework 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Premium
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Web Publishing Wizard 1.52
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.0 - SE
    Nero Burning Rom Screensaver
    Nero PhotoShow Express
    Nero Suite
    NewCopy_CDA
    OpenOffice.org Installer 1.0
    PanoStandAlone
    PhotoGallery
    ProductContextNPI
    Quick Launch Buttons 5.10 B2
    QuickTime
    RandMap
    Rapport
    Readme
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Revo Uninstaller 1.92
    Scan
    ScannerCopy
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Shockwave
    Skins
    SkinsHP1
    Smart Defrag 2
    Smart Menus (Windows Live Toolbar)
    SolutionCenter
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    Status
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    The Print Shop
    TIxx21
    TrayApp
    Tweak UI
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Virtual Magnifying Glass v3.3.1
    WebFldrs XP
    WebReg
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Writer
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinPatrol 2007
    Yahoo! Toolbar
    Zone Deluxe Games
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/30/2013 7:23:19 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================
    GMER froze-up, but it highlighted one line in red and displayed a box which said:Warning, ROOTKIT activity. The log line showed:Disk\Device\Harddisk\0DR0 [email protected] code has been found
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - email acct hijacked
  1. Harry32
    Replies:
    18
    Views:
    1,382
  2. Kula
    Replies:
    5
    Views:
    455
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087623

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice