BleepingComputer.com: Email Id was Hacked

A few days ago my email id got hacked dunno how. I am not sure whether its a virus or not as my computer has adequate security softwares

This post has been edited by Budapest: 08 December 2011 - 04:54 PM

A few days ago my email id got hacked dunno how. I am not sure whether its a virus or not as my computer has adequate security softwares
Here are the logs you requested

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Warrior at 19:22:49 on 2011-12-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2069 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AllToTray\ALLTOTRAY.EXE
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;localhost
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AllToTray] c:\program files\alltotray\ALLTOTRAY.EXE
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\hema\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219336993935
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BAAF050B-00F5-4CA8-B89A-8D2BC30F951F} : NameServer = 203.94.227.70,203.94.243.70
TCP: Interfaces\{D5624540-57CD-4D16-B87F-7463683FBE3F} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hema\application data\mozilla\firefox\profiles\5xyh3sv1.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=69932095&tool_id=62781&qkw=
FF - component: c:\documents and settings\hema\application data\mozilla\firefox\profiles\5xyh3sv1.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hema\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-8-30 70784]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-10-22 28552]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2007-12-22 21504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-26 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-26 314456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-26 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-26 44768]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1883328]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-9-16 366152]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-6-6 1524544]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [2007-12-25 827008]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2005-11-29 40448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-16 22216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S1 MpKsl29801592;MpKsl29801592;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc0480ab-4831-43c2-ad55-7c4206ae53fb}\mpksl29801592.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc0480ab-4831-43c2-ad55-7c4206ae53fb}\MpKsl29801592.sys [?]
S1 MpKsl2f1df8d8;MpKsl2f1df8d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{752f538b-2c84-462e-b710-b2f23acc535e}\mpksl2f1df8d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{752f538b-2c84-462e-b710-b2f23acc535e}\MpKsl2f1df8d8.sys [?]
S1 MpKsl2f46e6bc;MpKsl2f46e6bc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1af91aa1-e8b2-48cc-b9b2-7b6ec1d1b7e8}\mpksl2f46e6bc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1af91aa1-e8b2-48cc-b9b2-7b6ec1d1b7e8}\MpKsl2f46e6bc.sys [?]
S1 MpKsl6397ac12;MpKsl6397ac12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97440ca2-90c3-40e7-8721-a28194b2e37e}\mpksl6397ac12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97440ca2-90c3-40e7-8721-a28194b2e37e}\MpKsl6397ac12.sys [?]
S1 MpKsl648b7d15;MpKsl648b7d15;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\mpksl648b7d15.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\MpKsl648b7d15.sys [?]
S1 MpKsl6838ee4d;MpKsl6838ee4d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5aaff-be66-4704-9c84-28a9b2309157}\mpksl6838ee4d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5aaff-be66-4704-9c84-28a9b2309157}\MpKsl6838ee4d.sys [?]
S1 MpKsl9f4a37db;MpKsl9f4a37db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{926b54c3-4c42-4691-a6e4-902367fa390b}\mpksl9f4a37db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{926b54c3-4c42-4691-a6e4-902367fa390b}\MpKsl9f4a37db.sys [?]
S1 MpKsla1a427fd;MpKsla1a427fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc0057a6-3caa-48fe-9d22-5d93cd5dcb21}\mpksla1a427fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc0057a6-3caa-48fe-9d22-5d93cd5dcb21}\MpKsla1a427fd.sys [?]
S1 MpKsla8dc965f;MpKsla8dc965f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\mpksla8dc965f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\MpKsla8dc965f.sys [?]
S1 MpKslb6771653;MpKslb6771653;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c47352de-e04c-4837-80f3-5a621bca9a22}\mpkslb6771653.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c47352de-e04c-4837-80f3-5a621bca9a22}\MpKslb6771653.sys [?]
S1 MpKslfd61cff8;MpKslfd61cff8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfbc3493-9e21-4471-9fea-351938753dd2}\mpkslfd61cff8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfbc3493-9e21-4471-9fea-351938753dd2}\MpKslfd61cff8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 aaudstum;aaudstum; [x]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-10-31 34406]
S3 cpuz130;cpuz130; [x]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\warrior\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\warrior\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
S3 OracleServiceHARISH;OracleServiceHARISH;c:\app\warrior\product\11.2.0\dbhome_1\bin\oracle.exe harish --> c:\app\warrior\product\11.2.0\dbhome_1\bin\ORACLE.EXE HARISH [?]
S3 WebCamDriver;WebCam driver;c:\windows\system32\drivers\WebCam.sys [2010-9-25 63488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
S4 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\61xx\svc\mvraidsvc.exe [2006-8-10 114688]
S4 MRUWebService;MRU Web Service;c:\program files\marvell\61xx\apache2\bin\Apache.exe [2006-4-29 20541]
S4 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-8 2214504]
S4 OracleJobSchedulerHARISH;OracleJobSchedulerHARISH;c:\app\warrior\product\11.2.0\dbhome_1\bin\extjob.exe harish --> c:\app\warrior\product\11.2.0\dbhome_1\bin\extjob.exe HARISH [?]
S4 Tomcat7;Apache Tomcat 7.0 Tomcat7;c:\program files\apache software foundation\bin\Tomcat7.exe [2011-9-28 74752]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-02 07:26:11 -------- d-----w- c:\program files\CastleVilleBot
2011-11-16 11:11:42 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-16 11:06:36 0 ----a-w- c:\windows\system32\REN6A.tmp
2011-11-16 11:06:36 0 ----a-w- c:\windows\system32\REN69.tmp
2011-11-16 11:06:36 0 ----a-w- c:\windows\system32\REN68.tmp
2011-11-15 13:27:16 -------- d-----w- C:\cn
2011-11-13 07:06:42 -------- d-----w- C:\app
2011-11-13 07:06:36 -------- d-----w- c:\program files\Oracle
2011-11-13 06:33:12 -------- d-----w- c:\documents and settings\hema\.oracle
2011-11-09 19:55:08 8096 ----a-w- c:\windows\GROUPS.EXE
2011-11-09 19:55:07 -------- d-----w- C:\TASM
2011-11-09 19:51:28 -------- d-----w- C:\tasm5
2011-11-07 07:19:42 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-06 21:18:44 -------- d-----w- c:\documents and settings\all users\application data\VS
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-17 14:27:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:48:01 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48:00 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47:11 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-02 21:20:34 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:05:47 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 06:11:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 19:25:39.35 ===============

EDIT: Topics merged ~Budapest

This post has been edited by Budapest: 08 December 2011 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431035 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

I cannot upload the new gmer file the upload file size is already full
I will post the dds log in the mean time


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Warrior at 19:37:24 on 2011-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2386 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AllToTray\ALLTOTRAY.EXE
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;localhost
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AllToTray] c:\program files\alltotray\ALLTOTRAY.EXE
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\hema\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219336993935
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BAAF050B-00F5-4CA8-B89A-8D2BC30F951F} : NameServer = 203.94.227.70,203.94.243.70
TCP: Interfaces\{D5624540-57CD-4D16-B87F-7463683FBE3F} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hema\application data\mozilla\firefox\profiles\5xyh3sv1.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=69932095&tool_id=62781&qkw=
FF - component: c:\documents and settings\hema\application data\mozilla\firefox\profiles\5xyh3sv1.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hema\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-8-30 70784]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-10-22 28552]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2007-12-22 21504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-26 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-26 314456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-26 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-26 44768]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1883328]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-9-16 366152]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-6-6 1524544]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [2007-12-25 827008]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2005-11-29 40448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-16 22216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S1 MpKsl29801592;MpKsl29801592;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc0480ab-4831-43c2-ad55-7c4206ae53fb}\mpksl29801592.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc0480ab-4831-43c2-ad55-7c4206ae53fb}\MpKsl29801592.sys [?]
S1 MpKsl2f1df8d8;MpKsl2f1df8d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{752f538b-2c84-462e-b710-b2f23acc535e}\mpksl2f1df8d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{752f538b-2c84-462e-b710-b2f23acc535e}\MpKsl2f1df8d8.sys [?]
S1 MpKsl2f46e6bc;MpKsl2f46e6bc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1af91aa1-e8b2-48cc-b9b2-7b6ec1d1b7e8}\mpksl2f46e6bc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1af91aa1-e8b2-48cc-b9b2-7b6ec1d1b7e8}\MpKsl2f46e6bc.sys [?]
S1 MpKsl6397ac12;MpKsl6397ac12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97440ca2-90c3-40e7-8721-a28194b2e37e}\mpksl6397ac12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97440ca2-90c3-40e7-8721-a28194b2e37e}\MpKsl6397ac12.sys [?]
S1 MpKsl648b7d15;MpKsl648b7d15;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\mpksl648b7d15.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\MpKsl648b7d15.sys [?]
S1 MpKsl6838ee4d;MpKsl6838ee4d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5aaff-be66-4704-9c84-28a9b2309157}\mpksl6838ee4d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5aaff-be66-4704-9c84-28a9b2309157}\MpKsl6838ee4d.sys [?]
S1 MpKsl9f4a37db;MpKsl9f4a37db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{926b54c3-4c42-4691-a6e4-902367fa390b}\mpksl9f4a37db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{926b54c3-4c42-4691-a6e4-902367fa390b}\MpKsl9f4a37db.sys [?]
S1 MpKsla1a427fd;MpKsla1a427fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc0057a6-3caa-48fe-9d22-5d93cd5dcb21}\mpksla1a427fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc0057a6-3caa-48fe-9d22-5d93cd5dcb21}\MpKsla1a427fd.sys [?]
S1 MpKsla8dc965f;MpKsla8dc965f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\mpksla8dc965f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1ac82676-c4cf-4ba5-8e05-46adec396c6d}\MpKsla8dc965f.sys [?]
S1 MpKslb6771653;MpKslb6771653;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c47352de-e04c-4837-80f3-5a621bca9a22}\mpkslb6771653.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c47352de-e04c-4837-80f3-5a621bca9a22}\MpKslb6771653.sys [?]
S1 MpKslfd61cff8;MpKslfd61cff8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfbc3493-9e21-4471-9fea-351938753dd2}\mpkslfd61cff8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfbc3493-9e21-4471-9fea-351938753dd2}\MpKslfd61cff8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 aaudstum;aaudstum; [x]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-10-31 34406]
S3 cpuz130;cpuz130; [x]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\warrior\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\warrior\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
S3 OracleServiceHARISH;OracleServiceHARISH;c:\app\warrior\product\11.2.0\dbhome_1\bin\oracle.exe harish --> c:\app\warrior\product\11.2.0\dbhome_1\bin\ORACLE.EXE HARISH [?]
S3 WebCamDriver;WebCam driver;c:\windows\system32\drivers\WebCam.sys [2010-9-25 63488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
S4 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\61xx\svc\mvraidsvc.exe [2006-8-10 114688]
S4 MRUWebService;MRU Web Service;c:\program files\marvell\61xx\apache2\bin\Apache.exe [2006-4-29 20541]
S4 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-8 2214504]
S4 OracleJobSchedulerHARISH;OracleJobSchedulerHARISH;c:\app\warrior\product\11.2.0\dbhome_1\bin\extjob.exe harish --> c:\app\warrior\product\11.2.0\dbhome_1\bin\extjob.exe HARISH [?]
S4 Tomcat7;Apache Tomcat 7.0 Tomcat7;c:\program files\apache software foundation\bin\Tomcat7.exe [2011-9-28 74752]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-09 16:43:08 -------- d-----w- c:\documents and settings\hema\application data\MoRUN.net
2011-12-02 07:26:11 -------- d-----w- c:\program files\CastleVilleBot
2011-11-16 11:11:42 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-16 11:06:36 0 ----a-w- c:\windows\system32\REN6A.tmp
2011-11-16 11:06:36 0 ----a-w- c:\windows\system32\REN69.tmp
2011-11-16 11:06:36 0 ----a-w- c:\windows\system32\REN68.tmp
2011-11-15 13:27:16 -------- d-----w- C:\cn
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-17 14:27:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:48:01 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48:00 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47:11 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-02 21:20:34 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:05:47 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 06:11:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 19:41:11.07 ===============

Hello, my name is Elise and I'll assist you with this issue.

Unfortunately email addresses get hacked quite frequently. The first action you need to take, is to change your password(s) and replace it with a new, strong password.

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

sorry for the late reply
I would like to keep P2p so I wont use it . here is the required log



ComboFix 11-12-17.05 - Warrior 12/18/2011 19:39:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2414 [GMT 5.5:30]
Running from: c:\documents and settings\HEMA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\HEMA\Application Data\Desktopicon
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-14 18:34 . 2011-12-14 18:34 -------- d-----w- c:\program files\CastleVilleBot
2011-12-09 16:43 . 2011-12-09 16:43 -------- d-----w- c:\documents and settings\HEMA\Application Data\MoRUN.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-10-26 07:21 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-26 07:21 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-26 07:22 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-26 07:22 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-26 07:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-26 07:22 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-26 07:22 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-10-26 07:22 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-26 07:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-26 07:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-17 14:27 . 2011-04-23 18:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 11:06 . 2011-11-16 11:06 0 ----a-w- c:\windows\system32\REN6A.tmp
2011-11-16 11:06 . 2011-11-16 11:06 0 ----a-w- c:\windows\system32\REN69.tmp
2011-11-16 11:06 . 2011-11-16 11:06 0 ----a-w- c:\windows\system32\REN68.tmp
2011-11-06 21:22 . 2011-03-04 15:13 112832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-10-10 14:22 . 2007-12-22 17:39 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:48 . 2011-05-07 10:47 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2011-05-02 15:06 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2011-05-02 15:06 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-05-02 15:06 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-10-26 07:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 17:47 . 2011-05-02 15:06 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-02 21:20 . 2010-08-23 07:22 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 21:15 . 2011-11-16 11:11 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-01 06:33 . 2011-10-01 06:33 15872 ----a-r- c:\documents and settings\HEMA\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2011-09-28 07:05 . 2007-07-27 12:00 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 06:11 . 2007-10-09 07:33 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 06:11 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:11 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-23 10:52 . 2011-11-04 15:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AllToTray"="c:\program files\AllToTray\ALLTOTRAY.EXE" [2004-01-26 728576]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2011-7-18 380928]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-17 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rdboot32.exe {16907711-4DF7-479c-939A-8F50F42128C3}
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 22:14 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 16:40 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheTomcatMonitor7.0_Tomcat7]
2011-09-27 20:43 102400 ----a-w- c:\program files\Apache Software Foundation\bin\Tomcat7w.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-15 20:55 136176 ----atw- c:\documents and settings\HEMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 13:06 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 06:09 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-05-04 18:32 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 08:29 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"DataSvr"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"TuneUp.UtilitiesSvc"=3 (0x3)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"Tomcat7"=3 (0x3)
"NAUpdate"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\ghost\\GhostSrv\\GhostSrv.exe"=
"f:\\Software\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\chettyharish\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\chettyharish\\counter-strike\\hl.exe"=
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [8/30/2006 1:13 PM 70784]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/22/2011 5:31 PM 28552]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [12/22/2007 9:04 PM 21504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/26/2011 12:52 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/26/2011 12:52 PM 314456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:55 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/26/2011 12:52 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2008 11:24 AM 366152]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [6/6/2011 9:56 PM 1524544]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [12/25/2007 9:23 PM 827008]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [11/29/2005 1:07 AM 40448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2008 11:24 AM 22216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 7:27 PM 10064]
S1 MpKsl29801592;MpKsl29801592;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC0480AB-4831-43C2-AD55-7C4206AE53FB}\MpKsl29801592.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC0480AB-4831-43C2-AD55-7C4206AE53FB}\MpKsl29801592.sys [?]
S1 MpKsl2f1df8d8;MpKsl2f1df8d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{752F538B-2C84-462E-B710-B2F23ACC535E}\MpKsl2f1df8d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{752F538B-2C84-462E-B710-B2F23ACC535E}\MpKsl2f1df8d8.sys [?]
S1 MpKsl2f46e6bc;MpKsl2f46e6bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AF91AA1-E8B2-48CC-B9B2-7B6EC1D1B7E8}\MpKsl2f46e6bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AF91AA1-E8B2-48CC-B9B2-7B6EC1D1B7E8}\MpKsl2f46e6bc.sys [?]
S1 MpKsl6397ac12;MpKsl6397ac12;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97440CA2-90C3-40E7-8721-A28194B2E37E}\MpKsl6397ac12.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97440CA2-90C3-40E7-8721-A28194B2E37E}\MpKsl6397ac12.sys [?]
S1 MpKsl648b7d15;MpKsl648b7d15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AC82676-C4CF-4BA5-8E05-46ADEC396C6D}\MpKsl648b7d15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AC82676-C4CF-4BA5-8E05-46ADEC396C6D}\MpKsl648b7d15.sys [?]
S1 MpKsl6838ee4d;MpKsl6838ee4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1A5AAFF-BE66-4704-9C84-28A9B2309157}\MpKsl6838ee4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1A5AAFF-BE66-4704-9C84-28A9B2309157}\MpKsl6838ee4d.sys [?]
S1 MpKsl9f4a37db;MpKsl9f4a37db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{926B54C3-4C42-4691-A6E4-902367FA390B}\MpKsl9f4a37db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{926B54C3-4C42-4691-A6E4-902367FA390B}\MpKsl9f4a37db.sys [?]
S1 MpKsla1a427fd;MpKsla1a427fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC0057A6-3CAA-48FE-9D22-5D93CD5DCB21}\MpKsla1a427fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC0057A6-3CAA-48FE-9D22-5D93CD5DCB21}\MpKsla1a427fd.sys [?]
S1 MpKsla8dc965f;MpKsla8dc965f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AC82676-C4CF-4BA5-8E05-46ADEC396C6D}\MpKsla8dc965f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AC82676-C4CF-4BA5-8E05-46ADEC396C6D}\MpKsla8dc965f.sys [?]
S1 MpKslb6771653;MpKslb6771653;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C47352DE-E04C-4837-80F3-5A621BCA9A22}\MpKslb6771653.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C47352DE-E04C-4837-80F3-5A621BCA9A22}\MpKslb6771653.sys [?]
S1 MpKslfd61cff8;MpKslfd61cff8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFBC3493-9E21-4471-9FEA-351938753DD2}\MpKslfd61cff8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFBC3493-9E21-4471-9FEA-351938753DD2}\MpKslfd61cff8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 aaudstum;aaudstum; [x]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [10/31/2008 7:35 PM 34406]
S3 cpuz130;cpuz130; [x]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\Warrior\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:c:\app\Warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\Warrior\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=EXTPROC_DLLS=ONLY:c:\app\Warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Warrior\product\11.2.0\dbhome_1\BIN\TNSLSNR --> c:\app\Warrior\product\11.2.0\dbhome_1\BIN\TNSLSNR [?]
S3 OracleServiceHARISH;OracleServiceHARISH;c:\app\warrior\product\11.2.0\dbhome_1\bin\ORACLE.EXE HARISH --> c:\app\warrior\product\11.2.0\dbhome_1\bin\ORACLE.EXE HARISH [?]
S3 WebCamDriver;WebCam driver;c:\windows\system32\drivers\WebCam.sys [9/25/2010 4:48 PM 63488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 11:24 PM 116608]
S4 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [8/10/2006 9:16 AM 114688]
S4 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [4/29/2006 3:17 PM 20541]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/8/2011 1:28 PM 2214504]
S4 OracleJobSchedulerHARISH;OracleJobSchedulerHARISH;c:\app\warrior\product\11.2.0\dbhome_1\Bin\extjob.exe HARISH --> c:\app\warrior\product\11.2.0\dbhome_1\Bin\extjob.exe HARISH [?]
S4 Tomcat7;Apache Tomcat 7.0 Tomcat7;c:\program files\Apache Software Foundation\bin\Tomcat7.exe [9/28/2011 2:13 AM 74752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-HARISH-Warrior.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-27 22:14]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-920026266-725345543-1003Core.job
- c:\documents and settings\HEMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-15 20:55]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-920026266-725345543-1003UA.job
- c:\documents and settings\HEMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-15 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;localhost
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\HEMA\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BAAF050B-00F5-4CA8-B89A-8D2BC30F951F}: NameServer = 203.94.227.70,203.94.243.70
FF - ProfilePath - c:\documents and settings\HEMA\Application Data\Mozilla\Firefox\Profiles\5xyh3sv1.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=69932095&tool_id=62781&qkw=

FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OracleOraDb11g_home1ClrAgent]
"ImagePath"="c:\app\Warrior\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:c:\app\Warrior\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Warrior\product\11.2.0\dbhome_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(916)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-12-18 19:51:31
ComboFix-quarantined-files.txt 2011-12-18 14:21
.
Pre-Run: 20,816,289,792 bytes free
Post-Run: 20,762,398,720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional" /fastdetect /TUTag=BK5IGT /Kernel=TUKernel.exe
.
- - End Of File - - 071ADA689A1C8FA2296C965D6E9E022B

Hi, how are things running at this point? Any problem left?

Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

computer has no problems at all The malware removal log confirms that nothing is here

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8397

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/20/2011 12:16:02 AM
mbam-log-2011-12-20 (00-16-02).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 438111
Time elapsed: 1 hour(s), 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Your logs look good as well. Lets do one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the
    icon on your desktop.
  
  
• Check "YES, I accept the Terms of Use."
  
• Click the Start button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check "Scan Archives" and "Remove found threats"
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click List Threats
  
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Click the Back button.
  
• Click the Finish button.

ok it spotted three things. cheat engine is ok it manipulates memory,hence it got flagged. unlocker is also safe I believe its flagged as it can manipulate running process.

I think the only one problem is in system volume information. Any idea what it is??

C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\System Volume Information\_restore{98702DFE-A26C-488B-808C-0F8C43D27ECF}\RP265\A0080301.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
F:\Software\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined

The third object is nothing serious either, besides, it is in system restore, meaning that it is not active.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

• Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
    
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    
  • an Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  
  
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

uh still doesnt make sense how my email id got hacked?? I use last pass for generating password and it was 32 character alpha numeric key ;o

What sometimes happens is that encrypted email databases that store passwords get hacked. The hackers that way obtain a list of passwords that are used. This is something that is kept out of public in many cases, but I remember it happening to Hotmail once, resulting in a large amount of users having hacked accounts.

ok Well it was my email anyways so no harm done.

Thank you for your help mate

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.