• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
emailisfun

lots of MAILER-DAEMON emails

11 posts in this topic

I have Win XP. I use Yahoo for email.

 

Lately I have been getting lots of email from MAILER-DAEMON saying 'delivery failure'. When I open the email, it says the email I tried to send was undeliverable. The emails are spam---things like canadian pharmacy or playing casinos. I didn't send these emails. Did someone hijack my email account?

 

Help.

I ran Ad-aware and Spybot. My hijack log is below.

 

Thanks

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:34:59 PM, on 12/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Saitek\Software\Profiler.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\Program Files\InterVideo\WinDVR\WinRemote.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\downloads\HiJackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic 4 Premium\cffrem.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167269922872

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

 

--

End of file - 6533 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

emailisfun,

 

Thanks for your patience. Our volunteers are very busy. Your log indicates that you have Malware on your system. Let's get started.

 

Please download Combofix by sUBs. Or, you may download it from here. Place it on your Desktop.

 

Perform the Combofix scan, as follows:

  • Open notepad and copy/paste the text in the box below into it (all except the word CODE):
     
    http://forums.spywareinfo.com/index.php?s=&showtopic=110469&view=findpost&p=604421
    FileLook::
    C:\WINDOWS\system32\SysTray.Exe
    
    Suspect::
    C:\WINDOWS\system32\SysTray.Exe


     

  • Save this as CFScript
  • Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
     
    CFScript.gif
     
  • ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

 

Please post the Combofix log and a new HijackThis log in your next reply. Please also say how your computer is running now. :)

Edited by shaferintl

Share this post


Link to post
Share on other sites

Thank you for writing! I have followed your instructions.

 

My 2 logs are below:

 

My ComboFix.txt log file is:

ComboFix 07-12-28.1 - Ruti 2007-12-27 22:03:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.610 [GMT -5:00]

Running from: C:\Documents and Settings\Ruti\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ruti\Desktop\CFScript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\sfsync02.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_SFSYNC02

-------\sfsync02

 

 

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))

.

 

2007-12-26 17:17 . 2007-12-27 09:50 <DIR> d-------- C:\Program Files\Google

2007-12-25 21:53 . 2007-12-25 21:53 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4

2007-12-25 19:42 . 2007-12-25 19:42 <DIR> d-------- C:\Program Files\MSBuild

2007-12-25 19:38 . 2007-12-25 19:38 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-12-25 19:37 . 2007-12-25 19:37 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-12-25 19:36 . 2007-12-25 19:36 <DIR> d-------- C:\Program Files\MSXML 6.0

2007-12-25 19:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-12-25 19:26 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-12-25 19:26 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-12-25 19:26 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll

2007-12-25 19:15 . 2007-12-25 19:15 <DIR> d-------- C:\Program Files\Netflix

2007-12-22 17:34 . 2007-12-22 17:46 <DIR> d-------- C:\downloads

2007-12-22 00:24 . 2007-12-22 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-07 10:04 . 2007-12-07 10:04 2,611,451 --a------ C:\MOV04605.MPG

2007-12-07 09:21 . 2007-12-07 09:21 832,347 --a------ C:\moseley.jpg

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-26 00:35 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-20 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2007-12-19 02:35 --------- d-----w C:\Program Files\McAfee

2007-11-28 01:45 --------- d-----w C:\Documents and Settings\Hans\Application Data\Roxio

2007-11-24 04:11 --------- d-----w C:\Documents and Settings\Ruti\Application Data\RipIt4Me

2007-11-16 13:21 --------- d-----w C:\Program Files\Common Files\McAfee

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-11 01:46 --------- d-----w C:\Program Files\XviD

2007-11-11 01:35 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-11 01:35 --------- d-----w C:\Program Files\Ubisoft

2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- C:\WINDOWS\system32\SysTray.Exe ----

 

Company: Microsoft Corporation

File Description: Systray .exe stub

File Version: 5.1.2600.0 (xpclient.010817-1148)

Product Name: Microsoftr Windowsr Operating System

Copyright: c Microsoft Corporation. All rights reserved.

Original file name: systray.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2004-12-03 11:10]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-08 03:33 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-03-02 07:22 C:\WINDOWS\soundman.exe]

"SystemTray"="SysTray.Exe" [2006-02-28 07:00 C:\WINDOWS\system32\systray.exe]

"FmctrlTray"="Fmctrl.EXE" [2001-08-20 08:47 C:\WINDOWS\system32\fmctrl.exe]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]

"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 15:23]

"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 19:02]

"WINSCHEDULER"="C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 18:49]

"WinRemote"="C:\Program Files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 18:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 21:13]

"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]

"CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 13:51]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-04 11:59]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"washindex"="C:\Program Files\Washer\washidx.exe" [2001-04-02 18:32]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-12-04 18:55:06]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2004-11-04 16:11]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 22:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 22:39]

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 01:23]

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]

R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys [2005-03-08 20:54]

R2 Cap7134;TV Capture Card WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-11-19 03:57]

R3 PhTVTune;TV Capture Card WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-11-19 03:57]

S3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-01 21:49]

S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]

S3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 01:33]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa30769c-cf50-11db-a5a8-0019212b9111}]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-15 06:00:00 C:\WINDOWS\Tasks\McDefragTask.job"

- C:\WINDOWS\system32\defrag.exe

"2007-12-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-27 22:09:38

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-27 22:10:41 - machine was rebooted

.

2007-12-27 03:21:54 --- E O F ---

 

 

 

My new Hijack this log is:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:26:53 PM, on 12/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Saitek\Software\Profiler.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\Program Files\InterVideo\WinDVR\WinRemote.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\downloads\HiJackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167269922872

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

 

--

End of file - 6251 bytes

 

I don't know how the computer is running yet--I just followed the instrutions a few minutes ago. I'll have to wait a few days and see if I get any more Undeliverable emails to my Yahoo account.

 

Thanks!!

Edited by emailisfun

Share this post


Link to post
Share on other sites

emailisfun,

 

Thanks for the logs and information. Looking very good! :thumbsup:

 

Please download OTMoveIt

  • Double click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

 

Download Dr.Web CureIt to the desktop. Do not execute it.

 

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

 

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

 

Run Dr.Web CureIt as follows:

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Please run an online scan to be sure we've left nothing behind!

 

Run a BitDefender Online scan Here and post the results.

 

Please post the DrWeb.csv report, the BitDefender Scan Report, and a new HijackThis log in your next reply. Please also say how your computer is running now. :)

Share this post


Link to post
Share on other sites

Thank you once again for writing! I have followed your instructions and my 3 logs are below:

 

DrWeb.csv log:

A0030474.exe;C:\System Volume Information\_restore{A9734579-C031-4A04-917A-4FBBAA1DD174}\RP251;Probably BACKDOOR.Trojan;Incurable.Moved.;

 

 

BitDefender report

BitDefender Online Scanner

Scan report generated at: Fri, Dec 28, 2007 - 23:58:05

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time

01:02:47

Files

215507

Folders

6253

Boot Sectors

2

Archives

1479

Packed Files

25108

Results

Identified Viruses

0

Infected Files

0

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

0

Engines Info

Virus Definitions

884650

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

14

Archive plugins

38

Unpack plugins

7

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

No virus found.

 

 

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:00:20 AM, on 12/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Saitek\Software\Profiler.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\Program Files\InterVideo\WinDVR\WinRemote.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\downloads\HiJackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167269922872

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

 

--

End of file - 6629 bytes

 

 

I checked my emails today and had 8 Undeliverable emails, which is still kind of alot...

Edited by emailisfun

Share this post


Link to post
Share on other sites

emailisfun,

 

Thanks for the post. Your system appears to be clean!! :thumbsup::thumbsup:

 

I checked my emails today and had 8 Undeliverable emails, which is still kind of alot...
OK, let's dig a little deeper into this...

 

First of all, make sure that McAfee is scanning your outgoing email. Do this:

  1. Right click on "M" icon.
  2. Select VirusScan>Options.
  3. Click on the Advanced button & go to the Email Scan tab.
  4. Check the option to "Outbound email Scan" & click on Ok.
  5. Close the VirusScan Options windows by clicking Ok on that.

If not identical to this it should at least be vaguely similar...

 

Are you using Outlook Express? Or Outlook?

 

Sometimes, spammers will disguise their spam as returned emails to get you to open them and click on a link. Do not click on any links embedded in these emails.

 

If your Outlook has been Hijacked, there should be evidence of the outgoing emails. To determine if the emails are originating from your system, do the following:

  1. Open Outlook Express.
  2. Click on the Sent Items folder.
  3. Visually scan the list and try to locate a sent email for each undeliverable. The date and time stamp should match. Also, the subject of the underliverable.

Please perform this online scan: Kaspersky Webscan

1. Read the Requirements and Privacy statement, then select "Accept"

2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab

3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.

4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"

5. When the download is complete it will say ready, click "Next"

6. Select a target to scan: Click on "My Computer"

7. When the scan is complete choose to save the results as "Save as Text"

8. Post the Kaspersky scan results in your next reply.

 

Let me know what you find about the sent emails by posting here. Please post the Kaspersky scan results in your next reply. Please also say how your computer is running now. :)

Share this post


Link to post
Share on other sites

thanks again for taking the time to help me. i really appreciate it.

 

For McAfee, under Email and IM configuration, it says:

E-mail protection is enabled.

On: E-mail messages and attachments are scanned.

But isn't email protection ony for Outlook, not for Yahoo? Does Mcafee scan my Yahoo emails?

 

I have Mcafee Security Center with Virus and Firewall protection.

 

 

I don't use Outook or Outlook Express on this computer.

 

 

My Kaspersky log is below:-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, December 30, 2007 12:34:34 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 30/12/2007

Kaspersky Anti-Virus database records: 500302

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

 

Scan Statistics:

Total number of scanned objects: 81682

Number of viruses found: 0

Number of infected objects: 0

Number of suspicious objects: 0

Duration of the scan process: 01:32:36

 

Infected Object Name / Virus Name / Last Action

C:50b5110d516f0397\%temp%dd_msxml_retMSI.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{7F9A8787-B90B-4C2D-924D-D22782121A1D}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys669b246a19163192219d37cdbaee7fa_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3149342fc534209e967870196e8b0a42_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3531a740e249ba58cbfba7af4c630e80_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53fa8cc55d3138f8c8f51823e7624204_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f8515f8c119eace30aed50267f71213_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\712c6cf1b22e86dc1e2d4a7460753a86_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73c9423ed45937ebbee45649b4036052_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7987f38c53707b74b49f651459df14fa_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a0323d2568e6cea56441e99ed6d882c_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f70630924f0c7cb1367806c065a8255_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\911212d9f20e6c0dd1896924570ab9f0_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2704ac8b0907ac7fd6401cc8ae32204_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae9f8bfc43b09ae3c9566318481d9828_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b320ca0e82e2c910419c957659d98a99_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60c81c2d4b6bb7f53300ad4a5c21758_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d26d6d9eff08c5fed9980c9dbca8e7a2_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe5d337d1bda13a482a1d20a4b394c5e_27cf24b1-ab2a-4b05-b0b7-cebcdfe76379 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Hans\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Hans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Hans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Hans\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hans\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Hans\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A9734579-C031-4A04-917A-4FBBAA1DD174}\RP324\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{4A9A1C16-FC73-44BB-9899-8B4B37470AF5}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcmsc_b6YjfdDKFJARSza Object is locked skipped

C:\WINDOWS\Temp\mcmsc_EJOX7ca86bRkVTe Object is locked skipped

C:\WINDOWS\Temp\mcmsc_obiku3ulMzSugeE Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

Today I only had one undeliverable email, so things are getting better.

Thanks again!

Share this post


Link to post
Share on other sites

emailisfun,

 

Thanks for the post. Your system appears to be clean!! :thumbsup::thumbsup:

 

But isn't email protection ony for Outlook, not for Yahoo? Does Mcafee scan my Yahoo emails?
I missed the fact that your problem was with Yahoo mail. Sorry :whistle:

 

Today I only had one undeliverable email, so things are getting better.
Great news! :thumbsup:

 

OK, so you are using Yahoo mail. That is a web-based email engine. You have to logon to the Yahoo email site to use it... correct? That being the case, there is nothing about your computer that could affect the undeliverable emails. It is something you would need to address with Yahoo.

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

 

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

1) First and foremost, you should maintain your firewall. It is the primary way to keep out malware. A tutorial on understanding and using firewalls may be found here.

 

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

 

Ad-Aware

I see you use Ad-aware. A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

 

SpywareGuard

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

 

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:

http://www.mozilla.org/products/firefox/

 

4) Also make sure to run your antivirus software, perform scans regularly, and to keep it up-to-date.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems! If I've missed something on your email problem, let me know. I'll leave this open a few days. Good luck. :D

Share this post


Link to post
Share on other sites

thank you once again for all your help. i really appreciate it. and thanks for the helpful links. i will read them and make sure my computer is protected.

 

today i got zero undeliverable emails!

 

you're the best.

 

Happy new year!

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

 

Happy new year!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0