Hy all!
I know this is my first post, but please help me!

So the deal is, that since saturday i just seen that my computer sends spam/e-mails!

Here’s my screenshot:
http://imageshack.us][IMG]http://img246.imageshack.us/img246/2797/avastscrza9.jpg

The bubble hides it, but only this day, my pc has sent more than 18000 spam!!! :-\

I use the newest avast! 4.7 with Hungarian language, my firewall is Sunbelt Personal Firewall 4.
I also downloaded Ad-Aware, Spyspot S&D and AVG Anty-Spyware, all of them finds stuff, and they delete them, but nothing changes. I tried trendMicro Housecall 6.5, it found some thing, but, my browser frozes as i want to delete them. Oh, and also, only a few seconds after i start an Ad-Aware scan, i get a Blue Screen of Death…

And yes, i also ran an avast pre-boot scan (or how to say it in english), it found 2 virus, i quarantined those, but nothing changed.

This spamming is only disturbing when me when i surf the net, it slows down it, but when i disconnect from the net, it ceases.

The avast memory scan shows nothing, and nothing shows up even if i run a real-time spyware protecting program, like Spybot.

Does somebody know how to start Safe Mod apart from the normal, F8 pressing? Couse somehow, i can’t start safe mode, it looks like my keyboard turns off after the load of BIOS…

(i will send my HijacktHis logfile, but with it, my message is more than 10k characters)

Attach the log as attachement to your forum message.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:23, on 2007.12.25.
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files 2\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files 2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files 2\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files 2\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files 2\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files 2\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files 2\WhatPulse\WhatPulse.exe
D:\Program Files 2\DAEMON Tools\daemon.exe
C:\Program Files\Invitel\USB ADSL Modem\DSLMON.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
D:\Program Files 2\SpywareGuard\sgmain.exe
D:\Program Files 2\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files 2\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.invitel.hu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - terjesztő: Invitel
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files 2\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files 2\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Rádió - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Anvshell] anvshell.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [liveNote] livenote.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [MessengerPlus3] “D:\Program Files 2\MessengerPlus! 3\MsgPlus.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM..\Run: [SpySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /startintray
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM..\Run: [Gnetmous] C:\Program Files\Genius\NetScroll Optical Mouse\gnetmous.exe
O4 - HKLM..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “D:\Program Files 2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..\Run: [DesktopX] “D:\PROGRA~1\DesktopX\DesktopX Builder.exe” -noui
O4 - HKCU..\Run: [WhatPulse] D:\Program Files 2\WhatPulse\WhatPulse.exe
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU..\Run: [DAEMON Tools] “D:\Program Files 2\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU..\Run: [Uniblue RegistryBooster2] D:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files 2\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘HELYI SZOLGÁLTATÁS’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘HÁLÓZATI SZOLGÁLTATÁS’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: SpywareGuard.lnk = D:\Program Files 2\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = D:\Program Files 2\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader gyorsindító.lnk = D:\Program Files 2\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Invitel\USB ADSL Modem\DSLMON.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files 2\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.invitel.hu
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip..{AD241D23-339D-4BDC-B388-B9616A921E4E}: NameServer = 213.163.34.66 62.77.203.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: windph32 - windph32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files 2\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files 2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files 2\Sunbelt Software\Personal Firewall\kpf4ss.exe

–
End of file - 9305 bytes

[note- Helyi Szolgáltatás = Local Service, Hálozati Szolgáltatás = Network Service, Invitel = my ISP (terjesztő only means something like spreader)]

Here’s how to set the computer to boot into Safe Mode:

http://www.bleepingcomputer.com/tutorials/tutorial61.html#winxo

If you can boot into Safe Mode with Networking, run some online scans:

F-Secure

BitDefender

Panda

Trend Micro Housecall

Thanks, i will try, i hope they will work.

You should disable/terminate spybot teatimer as it can interfer with the scans suggested.

Open Spybot and make sure teatimer is disabled. To do so do the following

Click mode
click Advanced mode
if you get a warning answer “yes”
click tools
click resident
uncheck resident “teatimer” and SDHelper if installed
click allow change
reboot

You should also pay an urgent visit to windows update once you resolve this as you XP is years out of date, there are two SPs and numerous security updates after XP SP2. These updates have closed numerous vulnerabilities which are being exploited.

Your IE6 is also one SP adrift and it can’t be updated to IE6 SP2 unless you have XP SP2 installed, the same would be true if you wanted to upgrade to IE7.

Your version of JAVA is equally out of date. Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.

Then get the latest update from here http://www.java.com/en/download/index.jsp

Or JRE version 6 update 3 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html