Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My AOL e-mail address sending viagra ads - slow computer


  • Please log in to reply
8 replies to this topic

#1 computerdummie1

computerdummie1

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 June 2010 - 11:10 PM

Hello, here is my dds and attach log info. It took a really long time (hours and hours), partly because I'm a "computer dummie", and also I use netscape for internet, which all the windows were different than what the prep guide showed.

I kept trying to get the gmer as the prep guide directed me to do, but after an hour of trying, and freezing up my computer mainly at the "save" section, I gave up.

To sum up my problem that is told is detail at -
http://www.bleepingcomputer.com/forums/t/325887/my-aol-e-mail-address-sending-viagra-ads/


My e-mail address has been hijacked, today spam selling candian viagra was sent out to any and every e-mail address in my AOL account, and my "sent" folder vanished. Hundreds if not thousands of people I have e-mailed at some point got a spam from "me".
Also, I don't know if its related, or another issue, my computer has gotten slower, and slower, and the startup time is very long.

Thank you so much for any and all tips, help and suggestions.

Here is the DDS log, and below that the attach log

DDS (Ver_10-03-17.01) - NTFSx86
Run by BBY at 20:23:08.63 on Sun 06/20/2010
Internet Explorer: 7.0.6000.17037
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.895.183 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\aol\1175810257\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Users\BBY\Desktop\dds.scr
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AOL Fast Start] "c:\program files\aol 9.0a\AOL.EXE" -b
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [HostManager] c:\program files\common files\aol\1175810257\ee\AOLSoftware.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-20 164048]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080208.001\IDSvix86.sys [2008-2-8 180272]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-20 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-20 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-1-28 109616]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-12-13 1252232]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-10-24 37008]

=============== Created Last 30 ================

2010-06-21 02:20:39 0 ----a-w- c:\users\bby\defogger_reenable
2010-06-20 23:41:41 0 d-----w- c:\users\bby\appdata\roaming\Malwarebytes
2010-06-20 23:41:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 23:41:12 0 d-----w- c:\programdata\Malwarebytes
2010-06-20 23:41:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 23:41:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 16:21:01 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-20 16:18:31 0 d-----w- c:\programdata\Alwil Software

==================== Find3M ====================

2010-05-21 20:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2008-12-12 10:17:38 174 --sha-w- c:\program files\desktop.ini
2008-09-05 18:41:31 51200 ----a-w- c:\windows\inf\infpub.dat
2008-09-05 18:41:30 86016 ----a-w- c:\windows\inf\infstrng.dat
2008-09-05 18:41:29 86016 ----a-w- c:\windows\inf\infstor.dat
2008-06-12 09:11:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-13 23:38:04 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-12-13 23:38:04 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-12-13 23:38:04 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:24:26.02 ===============

Here is the attach log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2007 6:28:37 AM
System Uptime: 6/20/2010 12:43:48 PM (8 hours ago)

Motherboard: ECS | | Alhena5
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2991/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 101.669 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.876 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP719: 5/31/2010 8:56:22 AM - Windows Update
RP720: 6/1/2010 7:28:30 PM - Scheduled Checkpoint
RP721: 6/3/2010 8:46:06 AM - Windows Update
RP722: 6/5/2010 12:34:35 PM - Scheduled Checkpoint
RP723: 6/6/2010 10:52:13 AM - Scheduled Checkpoint
RP724: 6/8/2010 8:16:59 AM - Windows Update
RP725: 6/8/2010 8:57:18 PM - Scheduled Checkpoint
RP726: 6/10/2010 9:44:15 AM - Windows Update
RP727: 6/12/2010 7:46:29 AM - Windows Update
RP728: 6/14/2010 1:57:05 PM - Windows Update
RP729: 6/15/2010 1:56:27 PM - Scheduled Checkpoint
RP730: 6/17/2010 12:20:41 PM - Scheduled Checkpoint
RP731: 6/17/2010 4:08:08 PM - Windows Update
RP732: 6/18/2010 12:03:51 PM - Scheduled Checkpoint
RP733: 6/20/2010 10:17:44 AM - avast! Free Antivirus Setup

==== Installed Programs ======================


Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
AOL Mail and AIM Gadget
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AppCore
ATI Catalyst Control Center Ex
ATI Catalyst Install Manager
AV
avast! Free Antivirus
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
ccCommon
Compaq Connections (remove only)
DVD Play
FLV Player 2.0, build 23
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Total Care Advisor
HP Update
LightScribe 1.4.124.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MovieEdit Task
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Netscape Navigator (9.0.0.6)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PhotoFiltre
PhotoStitch
Python 2.4.3
QuickTime
RAW Image Task 1.0
Realtek High Definition Audio Driver
RemoteCapture Task 1.0.2
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
RTC Client API v1.2
Soft Data Fax Modem with SmartCP
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== End Of File ===========================





BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:30 AM

Posted 26 June 2010 - 02:31 PM

Hello computerdummie1

Welcome to BleepingComputer smile.gif
==========================
Hi I see no malware in those logs.
After you changed he passwords do you still have the problem?
If so then we will dig deeper but I think someone may have compromised your email account only nit an infection on the system.
This happens a lot to many online mail services.

If you have not changed the email password from another computer please do it now.
This will more than likely end the issue.
Let me know.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 computerdummie1

computerdummie1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 27 June 2010 - 10:51 AM

Hi, thanks for the reply! I was beginnin' to think you guys forgot about poor lil ole me, and I was going to demand a full refund of all cost associated with this site...er, wait a minute.... ; )

The problem has stopped, as far as "me" sending out viagra pitch's....possibly the "avast" thingy I loaded did it?

Yes, I changed passwords.

I don't understand this sentence... " I think someone may have compromised your email account only nit an infection on the system.

Could you either re-phrase that or tell me what a "nit" is?

Also, what happened to my "sent" folder on AOL? It no longer exists, other than e-mails I sent after this all happened. I had hundreds if not thousands of sent e-mails in there that are all gone. Where did they go?

And - my computer is still acting sluggish, and the start up time is very very very slow, maybe 5 times as slow as it used to be....?? Any sorta fancy shmantcy gizmo's a computer dummie like me could run to fix this issue, or am I "back to best buy shoppin' for a new computer", which is the only way I have previously been able to solve this issue!

Thank you for any help, I truly appreciate it!

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:30 AM

Posted 27 June 2010 - 01:03 PM

QUOTE
I think someone may have compromised your email account only nit an infection on the system.
Could you either re-phrase that or tell me what a "nit" is?

It is a typo it should have been this:
I think someone may have compromised your email account only not an infection on the system.

How much memory is installed? RAM you can check by going to the Vista flag at the bottom left of your desktop then right click on Computer and choose properties.
Post the amount that you see there listed under Installed Memory (RAM)
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 computerdummie1

computerdummie1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 27 June 2010 - 02:12 PM

Hi,

The Ram is "895 mb".

But the computer USED to start up fine, I have a feeling sumthin is slowin' it down?

What does "compromise my e-mail" mean if it's not a virus or malware? And did this compromise swipe my sent folder and that's why it vanished? Did this happen to MY computer to AOL? Help me Mr. Wizard! ; )

Thanks!



#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:30 AM

Posted 28 June 2010 - 06:04 AM

I am surprised it was fast because less that one gigabyte with Vista to me is slow the recommended ram to run Vista is 2 gb's.

For the AOL folder I have no idea you may have to contact them about that or see if it was moved to another folder.

I see some Norton remnants if you no longer use Norton then please download and run their removal tool which can be found here: http://service1.symantec.com/support/tsgen...005033108162039

After that I really don't see too many things that can go to help speed it up.
You can try to also download Startuplite by malwarebytes which can be found here: http://www.malwarebytes.org/startuplite.php you can enable\disable what you want for when the computer boots up.
Other than that there is no malware present.
So let me know of any other problems and I will close this thread
.

Edited by kahdah, 28 June 2010 - 06:05 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 computerdummie1

computerdummie1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 01 July 2010 - 10:34 AM

Hi Thanks again for all the help - but something now is wrong with my camera.

I am having a new problem now, my computer will no longer download pictures from my digital camera. Even though my computer has been slower, this has never been an issue till I started doing all the things trying to fix this e-mail hijack.

Could the Avast, or Defogger thingy or any of the other stuff I downloaded to get logs have somehow blocked my camera?



#8 computerdummie1

computerdummie1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 01 July 2010 - 11:22 AM

After checking and re-checking I have found that I had downloaded pictures AFTER I had loaded Avast, plus I tried shutting it down, it does not appear to be the problem.

I also downloaded pictures AFTER my e-mail was hijack, a few days AFTER my initial post to this site, and while I was waiting for a reply.

Therefore, I really do feel something in everything I did, either the log loading things, or the "defooger" has caused my computer not to accept pictures.

I get the "beep", showing the connection is in, but then nothing, and the computer does not recognize my camera. Something is blocking it from loading pictures.

How do I "un-refog" if this is the issue"?? How do I "undo" whatever I did?


Thanks again!

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:30 AM

Posted 01 July 2010 - 01:18 PM

Tell me this can you plug in the camera then go to Start > My Computer > then open your camera that way or does the camera not show in My Computer?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users