Constant Emails Being Sent From My Computer

Welcome to Major Geeks!

You skipped a few early parts of the READ ME. First from the important notes.

You have both Clam AV and Norton installed! You must uninstall one of these immediately. Installing both of these may have cause your security center to have been disabled from montoring for proper behavior and updating of your antivirus and firewall.

The from step 1 of the READ ME

You have four old Sun Java versions install:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

Uninstall these now and then reboot!!! After reboot install the current version from the given link.

Did you install WebEx and do you use it? It is no malware, but I want to make sure you are the one who installed it as I see it on your PC.

You need to stop storing things like below in the C:\Program Files folder.
If you want to save these, make a folder somewhere else like C:\Downloads and save them there in appropriately name subfolders to make it easy to identify later. The Program Fles folder should only contain the what you install not the installer programs and certainly not miscelleanous files. Remove the below from this folder and any others like this ASAP.

Code:

2008-03-03 16:52 . 2008-03-03 16:52 23,689,528 --a------ C:\Program Files\symrapidreleasedefsv5i32.exe
2008-03-03 16:49 . 2008-03-03 16:52 29,284,464 --a------ C:\Program Files\symrapidreleasedefsx86.exe
2008-03-03 11:45 . 2007-12-16 22:10 9,733,451 --a------ C:\Program Files\vlc-0.8.6d-win32.exe
2008-03-03 09:07 . 2008-03-03 09:07 606,176 --a------ C:\Program Files\AmazonMP3Installer.exe
2008-01-07 18:38 --------- d-----w C:\Program Files\Last.fm
2007-12-27 20:07 8,975,360 ----a-w C:\Program Files\atmcns.msi
2007-09-26 17:43 5,702,875 ----a-w C:\Program Files\emusic_setup_standalone.exe
2007-09-25 15:21 51,422,520 ----a-w C:\Program Files\iTunes742Setup.exe
2007-09-25 14:58 4,212 ----a-w C:\Program Files\ReadMe.txt
2007-09-25 14:57 513,080 ----a-w C:\Program Files\setup2.exe
2007-09-10 21:05 8,433,529 ----a-w C:\Program Files\tclock20.exe
2007-09-05 21:47 17,452,125 ----a-w C:\Program Files\clamwin-0.91.2-setup.exe
2007-09-05 16:56 16,282,136 ----a-w C:\Program Files\RCClientSetup1.exe
2007-08-30 22:15 22,492,672 ----a-w C:\Program Files\php-5.2.3-win32-installer.msi
2007-08-30 21:47 4,447,744 ----a-w C:\Program Files\apache_2.2.4-win32-x86-no_ssl.msi
2007-08-28 23:04 86,356,060 ----a-w C:\Program Files\Setup.exe
2007-08-15 19:27 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-08-14 14:11 13,430,784 ----a-w C:\Program Files\AXIconWork60p.exe
2007-07-31 18:54 1,014,730 ----a-w C:\Program Files\PowerISO37.exe
2007-07-31 15:33 5,435,392 ----a-w C:\Program Files\Azureus_3.0.1.6a_windows.exe
2007-07-09 19:19 15,732,984 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2007-07-09 16:35 19,968 ----a-w C:\Program Files\monthly-budget.xls
2007-07-09 14:36 182,994 ----a-w C:\Program Files\pearbudget.zip
2007-06-26 20:35 797,976 ----a-w C:\Program Files\cylence_theme__for_thunderbird_2.0_-2.0-tb.jar
2007-06-25 14:02 6,715,336 ----a-w C:\Program Files\Thunderbird Setup 2.0.0.4.exe
2007-06-22 13:41 11,407,704 ----a-w C:\Program Files\Setup_File_Print_FedEx_Kinkos.exe
2007-06-14 14:50 15,788,024 ----a-w C:\Program Files\StuffIt11.0.0.34.exe
2007-04-30 16:25 912,413 ----a-w C:\Program Files\15651250.zip
2007-04-30 16:20 274,944 ----a-w C:\Program Files\MyFonts Order M795050.msi
2007-04-30 15:53 448,894 ----a-w C:\Program Files\Swept Away 0.2 Installer.exe
2007-04-27 19:53 445,614 ----a-w C:\Program Files\Swept Away Installer.exe
2007-04-17 21:52 5,059,728 ----a-w C:\Program Files\WebExPCNow.exe
2007-04-13 22:46 83,043,496 ----a-w C:\Program Files\PowerDVD_Trial.exe
2007-04-11 00:38 32,307,977 ----a-w C:\Program Files\Second Life 1-14-0-1 Setup.exe
2007-04-10 23:04 363,776 ----a-w C:\Program Files\download-cuzsetup.exe.exe
2007-04-03 22:25 1,190,379 ----a-w C:\Program Files\calrepwin1.6.1.zip
2007-03-30 17:10 1,450,649 ----a-w C:\Program Files\npp.4.0.2.Installer.exe
2007-03-29 23:22 1,746,441 ----a-w C:\Program Files\putty-0.59-installer.exe
2007-03-22 14:19 15,505,200 ----a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2007-03-22 14:18 4,666 ----a-w C:\Program Files\legitcheck.hta
2007-03-20 14:43 37,860,928 ----a-w C:\Program Files\iTunesSetup.exe
2007-03-13 21:11 26,477,376 ----a-w C:\Program Files\MEM_LG_8600.exe
2007-03-13 07:46 2,650,350 ----a-w C:\Program Files\eMusicDownloadManager.exe
2007-03-13 07:34 242,440 ----a-w C:\Program Files\SKPager.exe
2007-03-13 07:29 7,035,160 ----a-w C:\Program Files\RCClientSetup.exe
2007-03-13 07:24 11,027,270 ----a-w C:\Program Files\WSFTP_HomeT128_Install.exe
2007-03-13 04:38 559,856 ----a-w C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe
2007-03-13 04:37 4,880,248 ----a-w C:\Program Files\WindowsDesktopSearch-KB917013-V301-XP-x86-enu.exe
2007-03-13 01:58 1,606,064 ----a-w C:\Program Files\googletalk-setup.exe
2007-03-06 19:34 3,782,589 ----a-w C:\Program Files\LastFM_Win_1.1.3.0.exe
2007-02-06 15:30 3,597,312 ----a-w C:\Program Files\DiskView.msi
2006-11-29 22:57 5,900,416 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-29 21:47 17,533,000 ----a-w C:\Program Files\ie7setup_mail.exe
2006-04-13 17:50 680,747 ----a-w C:\Program Files\gdTunesSetup12.exe
2006-04-13 17:48 64,000 ----a-w C:\Program Files\GoogleDesktopSystemMonitorPanel.msi
2005-09-13 18:53 92,828,160 ----a-w C:\Program Files\Fireworks8-en.exe
2005-09-13 18:51 113,060,248 ----a-w C:\Program Files\Flash8-en.exe
2005-09-13 18:47 62,651,176 ----a-w C:\Program Files\Dreamweaver8-en.exe
2003-11-17 15:44 262,704 ----a-w C:\Program Files\manual.rtf

Other than the above there are only a few minor things to do.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

DirLook::
C:\Documents and Settings\Eric\qua

FileLook::
C:\WINDOWS\system32\ataskernel.exe
 
File::
C:\WINDOWS\system32\winistr.exe

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Eric\Local Settings\temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!