ATT email account hacked

Bill James · August 28, 2012

Hello... I am working on a neighbor's system who's ATT email was hacked back in June. We would like to find out if his computer has been compromised. Thank you in advance for any help offered.

We attempted to perform a MBAM Quick Scan but it only runs for a couple of minutes and freezes. There is no log file to post.

Below are dds.txt and attach.txt log files...

dds.txt -

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by David at 19:35:02 on 2012-08-27

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2144 [GMT

-7:00]

.

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-

21771CA47CD1}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-

1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program

files\spybot - search & destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program

files\microsoft\bingbar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program

files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software

update\HPWuSchd2.exe"

mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital

imaging\bin\hpqSRMon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0

\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement

pack\default manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java

update\jusched.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide

/waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-

malware\mbamgui.exe" /starttray

StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1

\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk

- c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1

\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

c:\programs\partygaming\partypoker\RunApp.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}

- c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

- c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

- c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} -

hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} -

hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer =

192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath -

c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\

FF - prefs.js: browser.search.selectedEngine - search

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7

\npapicomadapter.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program

files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program

files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-

08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-

08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]

R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys

[2012-3-14 33656]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7

913144]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation [2008-6-6 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-

malware\mbamservice.exe [2012-6-3 655944]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search &

destroy\SDWinSec.exe [2010-1-15 1153368]

R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-

15 15360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3

22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-

18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-3-18 135664]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy

sweeper\SpySweeper.exe [2008-8-9 3585384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32

\macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250056]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE

[2011-2-28 183560]

S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-3-18 135664]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe

[2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-24 18:15:46 7023536 ----a-w- c:\programdata\microsoft\windows

defender\definition updates\{fdc008c0-150f-4895-99e3-5750f90a1639}\mpengine.dll

2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll

.

==================== Find3M ====================

.

2012-08-16 20:33:25 70344 ----a-w- c:\windows\system32

\FlashPlayerCPLApp.cpl

2012-08-16 20:33:25 426184 ----a-w- c:\windows\system32

\FlashPlayerApp.exe

2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32

\drivers\mbam.sys

2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32

\drivers\ksecdd.sys

2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 19:35:57.30 ===============

attach.txt -

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/10/2007 7:03:06 AM

System Uptime: 8/27/2012 7:24:57 PM (0 hours ago)

.

Motherboard: ASUSTek Computer INC. | | NARRA

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 225 GiB total, 108.775 GiB free.

D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0011

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #11

PNP Device ID: ROOT\*6TO4MP\0011

Service: tunnel

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

7500_7600_7700_Help

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Reader 8.1.3

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

Bing Bar

Bing Rewards Client Installer

Bonjour

Bookworm Deluxe

BPD_HPSU

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Cards_Calendar_OrderGift_DoMorePlugout

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Enhanced Multimedia Keyboard Solution

ESET Online Scanner v3

ESET Smart Security

eSupportQFolder

Fax

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Connections (remove only)

HP Customer Experience Enhancements

HP Customer Feedback

HP Customer Participation Program 8.0

HP Easy Setup - Core

HP Easy Setup - Frontend

HP Imaging Device Functions 8.0

HP Officejet Pro All-In-One Series

HP On-Screen Caps/Num/Scroll Lock Indicator

HP Photosmart Essential 2.5

HP Photosmart Essential 3.0

HP Picasso Media Center Add-In

HP Print Diagnostic Utility

HP Solution Center 8.0

HP Total Care Advisor

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

iTunes

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java™ 6 Update 26

Kidspiration 2

L7500

LightScribe 1.4.136.1

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

Microsoft Works

Mozilla Firefox (3.6.21)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

OGA Notifier 2.0.0048.0

ProductContext

PSSWCORE

Python 2.4.3

QuickTime

Realtek High Definition Audio Driver

Rhapsody Player Engine

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Soft Data Fax Modem with SmartCP

SolutionCenter

Spy Sweeper Core

Spybot - Search & Destroy

Status

Super TextTwist

swMSM

Text Twist

Text Twist 2

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VideoToolkit01

WebReg

Windows Live ID Sign-in Assistant

Windows Live OneCare safety scanner

.

==== Event Viewer Messages From Past Week ========

.

8/27/2012 7:26:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

8/27/2012 7:26:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect.

8/27/2012 7:26:06 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/27/2012 7:26:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/27/2012 3:52:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

8/24/2012 11:16:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Maniac · August 28, 2012

Hello Bill James! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Perform these steps:

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=417944entry417944

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
a new fresh DDS log

Bill James · August 29, 2012

Hello Maniac... thank you for your assistance.

I performed the steps you suggested for Teatimer. MBAM did perform a Quick Scan in Safe Mode. The new logs you requested are below...

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.28.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

David :: DAVID-PC [administrator]

8/28/2012 7:28:52 PM

mbam-log-2012-08-28 (19-28-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 193239

Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by David at 19:40:57 on 2012-08-28

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2004 [GMT

-7:00]

.

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-

21771CA47CD1}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-

1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program

files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -