Inactive Hotmail account misbehaving - logs attached

Status
Not open for further replies.
M

malecours

Hi All,

I'm brand new to the Forum. I just moved to Oklahoma and began internet service with Cox Communications. Over the last few weeks my hotmail account has twice sent out emails to my contacts that direct them to electronics sites to buy cheap ipad2s. I run AVG Free and it updates and scans nightly, but it has found nothing.

The headers both times indicated:

To: do-not-reply@ediblearrangements.com

And the sites people were directed to visit were:

www.ovibuyshop.com and www.66ele.com

I followed the preliminary removal steps which resulted in the following four logs:


•Malwarebytes Anti-Malware log
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7224

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

21/07/2011 5:05:33 PM
mbam-log-2011-07-21 (17-05-33).txt

Scan type: Quick scan
Objects scanned: 158717
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


•GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-21 18:15:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS541680J9SA00 rev.SB2OC70P
Running: hbjuoehv.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwdoapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


DDS.txt

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Owner at 18:22:02 on 2011-07-21
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2037.673 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\explorer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sympatico.msn.ca/
uSEARCH PAGE = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\hughesnet download manager\iefdm2.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Skytel] Skytel.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SearchSettings] "c:\program files\youtube downloader toolbar\SearchSettings.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlall.htm
IE: Download selected with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlselected.htm
IE: Download video with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlfvideo.htm
IE: Download with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-31 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-9-3 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-14 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-14 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-21 42512]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-21 21:46:07 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-07-21 21:45:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 21:45:57 -------- d-----w- c:\programdata\Malwarebytes
2011-07-21 21:45:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 21:45:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 20:42:08 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 20:42:06 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-21 20:42:05 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-03 23:42:07 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-30 04:42:20 1169736 --sh--w- c:\windows\temp\sqlvhost.exe
.
============= FINISH: 18:23:12.62 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 05/01/2008 3:21:05 AM
System Uptime: 21/07/2011 5:07:26 PM (1 hours ago)
.
Motherboard: Acer | | Acadia
Processor: Intel(R) Celeron(R) CPU 530 @ 1.73GHz | uPGA-478 | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 0.655 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 2.984 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1296: 03/07/2011 6:43:24 PM - Windows Update
RP1297: 06/07/2011 8:53:02 AM - Windows Update
RP1298: 21/07/2011 3:42:58 PM - Windows Update
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.57
ACDSee Classic
Acer Assist
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Advanced SystemCare 3
Agere Systems HDA Modem
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audio Recorder for Free
AVG 2011
AVIConverter 3.0
Bonjour
CCleaner (remove only)
CFPAS -- SEPFC 2009
CNET TechTracker
Colasoft MAC Scanner 1.1
Compatibility Pack for the 2007 Office system
D3DX10
Duplicate File Finder
FlipShare
Free 3GP Video Converter version 3.7.18
Free FLV to AVI Video Converter v. 1.0
Garmin Communicator Plugin
Garmin USB Drivers
GOM Player
Google Earth
Google Update Helper
Google Updater
GrabIt 1.4.7 Beta
Home-Plan Finder(TM) 5.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HughesNet Download Manager 1.2
Indeo® Software
Intel A/V Codecs V2.0
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 7
K-Lite Codec Pack 3.7.0 Full
Launch Manager
LightScribe 1.4.142.1
Loki ActiveX Control
Malwarebytes' Anti-Malware version 1.51.1.1800
MasterSplitter Program
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MP3 Player Product Tool 5.12
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
PowerProducer 3.72
QuickPar 0.9
QuickTime
Real Alternative 1.7.5
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Segoe UI
SMAC 2.7
Spelling Dictionaries Support For Adobe Reader 9
StudioTax 2010
SUPERAntiSpyware Free Edition
TTS
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
ViVO Player/DX
VivTV
VLC media player 1.1.4
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1 beta
YouTube Downloader 2.7.1
YouTube Downloader Toolbar v1.0
.
==== Event Viewer Messages From Past Week ========
.
21/07/2011 5:10:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.3 for the Network Card with network address 001E4C0FBE80 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
21/07/2011 5:08:54 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001E4C0FBE80 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
21/07/2011 3:35:47 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
15/07/2011 1:29:46 PM, Error: EventLog [6008] - The previous system shutdown at 1:28:00 PM on 15/07/2011 was unexpected.
.
==== End Of File ===========================


Your kind help is very much appreciated!


Mark
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Over the last few weeks my hotmail account has twice sent out emails to my contacts
Click to expand...
Important question....
Are those mails present in "Sent" folder?
 
Hi Broni - thank you for helping me.

There is one email from each occurance in my sent folder - I hadn't looked there before - on 6/22 on 7/21. They are both from me to 'do-not-reply@ediblearrangements.com'

I've got to get up at 0300 to catch a flight to Boston for my daughter's wedding later next week, and I'll be leaving the laptop at home, unplugged and off of the internet. So if I don't respond to your reply please know that I will in early Aug when I return...


Mark
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back