Someone is sending out emails using my email name

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Someone is sending out emails using my email name10th April 2010, 5:00 pm

Someone is sending out junk emails with attachments using my email name to all of my contacts in my windows live mail account. Not sure what to do. I updated all the information from "Read This Before Posting" and have included the hijackthis printout below. Can you help fix this problem?

Thanks, racafrustrated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:36 AM, on 4/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\LDCM\Bin\USM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\BootStrap Agent\Bsa.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} (SFImageUpload1_8.ImageUpload) - http://fredmeyer.storefront.com/images/global/activex/SFImageUpload1_8.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9a6b15c4c2a8c) (gupdate1c9a6b15c4c2a8c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Bootstrap Agent - Intel Corporation - C:\Program Files\Intel\BootStrap Agent\Bsa.exe
O23 - Service: Intel CI Manager - Intel(R) Corporation - C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel IIDS - Intel(R) Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel SSM - Intel(R) Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: win32sl - Unknown owner - C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE (file missing)

--
End of file - 11912 bytes

Re: Someone is sending out emails using my email name10th April 2010, 6:49 pm

Hi

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Re: Someone is sending out emails using my email name11th April 2010, 5:14 am

Here is the "Extras" file

OTL Extras logfile created on: 4/10/2010 9:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 6.00 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GATEWAY-0R10EG5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intel\LDCM\BIN\USM.exe" = C:\Program Files\Intel\LDCM\BIN\USM.exe:*:Disabled:Intel(R) LANDesk(R) Client Manager User Space Manager -- (Intel(R) Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B59A227-CAC2-4688-8759-580B4DC5F220}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{25EF00A0-F17B-11D6-88EA-000476CD2443}(Verizon Online)" = Visual IP InSight(Verizon Online)
"{25EF00A3-F17B-11D6-88EA-000476CD2443}" = Verizon Online Control Pad
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE242D6-608E-4067-8BC1-89B8A957A531}" = OverDrive Media Console
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}" = BlackBerry Device Software Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E448242-1967-4470-A3F5-FFB62B341D8F}" = 2600
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player 2002
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}" = 2600_Help
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch

Jukebox
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}" = 2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry

Media Sync
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AnswerWorks" = AnswerWorks Runtime
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Client Manager 6.0" = Intel LANDesk Client Manager 6.3
"comcasttb" = Comcast Toolbar 3.0
"Cook'n Recipe Organizer" = Cook'n Recipe Organizer
"Corel Applications" = Corel Applications
"Creative Driver" = Creative Driver
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative NOMAD II Driver" = Creative NOMAD II Driver
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 3.9.3.17
"filehippo.com" = filehippo.com Update Checker
"Gateway Desktop Manager" = Gateway Desktop Manager
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"Gateway Power Management" = Gateway Power Management
"Golden" = Golden Records Vinyl to CD Converter
"HelpSpot" = HelpSpot
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOMAD Jukebox 3 Driver" = NOMAD Jukebox 3 Driver
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PX: {20835511-BBDA-4EC2-B64D-0670BA4CBF2F}" = Do More 6.0
"PX: {99A393E0-1F86-4AB7-9FE3-ACEC7E10098F}" = Gateway Internet Links
"RealPlayer 6.0" = RealPlayer Basic
"Scribe" = Express Scribe Uninstall
"Sony Digital Voice Editor" = Sony Digital Voice Editor
"Sony Player Plug-in for Windows Media Player" = Sony Player Plug-in for Windows Media Player
"ToolBox" = NCH Toolbox
"Verizon.MCCInstall" = Verizon Online Support Center
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"SmartDraw 2007" = SmartDraw 2007

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2010 10:07:38 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/31/2010 1:08:54 AM | Computer Name = GATEWAY-0R10EG5 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/2/2010 12:09:21 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Error | ID = 1000
Description = Faulting application wpwin9.exe, version 9.0.0.738, faulting module
pfit90.dll, version 9.0.0.738, fault address 0x0003e4b2.

Error - 4/6/2010 5:30:47 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2010 11:57:03 AM | Computer Name = GATEWAY-0R10EG5 | Source = Application Error | ID = 1000
Description = Faulting application scribe.exe, version 0.0.0.0, faulting module
hidwatch.dll, version 0.0.0.0, fault address 0x00039b3c.

Error - 4/7/2010 2:47:28 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2010 8:03:40 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 11:47:48 AM | Computer Name = GATEWAY-0R10EG5 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 12:24:02 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 12:35:29 PM | Computer Name = GATEWAY-0R10EG5 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Re: Someone is sending out emails using my email name11th April 2010, 5:19 am

Here is the OTL file: Part 1 of ?

OTL logfile created on: 4/10/2010 9:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 6.00 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GATEWAY-0R10EG5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/10 21:55:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/05 06:19:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/05/05 06:19:38 | 001,622,488 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2005/05/09 16:32:14 | 000,086,016 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
PRC - [2005/05/09 16:32:12 | 000,086,016 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
PRC - [2005/01/15 13:03:03 | 000,385,024 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe
PRC - [2005/01/12 14:54:56 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2004/02/21 21:34:12 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/02/21 21:28:31 | 000,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2004/01/08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/07/02 15:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\cthelper.exe
PRC - [2002/06/19 00:05:38 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/06/03 17:03:24 | 000,094,208 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2002/05/02 10:03:16 | 000,020,563 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\LDCM\BIN\USM.exe
PRC - [2002/05/02 09:53:54 | 000,028,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\LDCM\BIN\IIDS.exe
PRC - [2002/03/28 15:35:22 | 000,065,536 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BootStrap Agent\bsa.exe
PRC - [2002/03/18 06:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
PRC - [2002/03/18 06:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe
PRC - [2001/11/07 13:25:54 | 000,020,480 | ---- | M] (BVRP Software) -- C:\Program Files\PhoneTools\capFax.exe

========== Modules (SafeList) ==========

MOD - [2010/04/10 21:55:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2005/01/15 13:03:07 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SBHook.dll
MOD - [2004/01/08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/01/08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll
MOD - [2002/03/18 06:34:42 | 000,094,208 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\iphook32.dll
MOD - [2002/03/13 13:25:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (win32sl)
SRV - [2010/03/22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/01 23:08:29 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/05 06:19:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2004/02/21 21:28:31 | 000,057,344 | ---- | M] (Lanovation) [Auto | Running] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/02/21 21:21:07 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/05/02 10:06:28 | 000,020,480 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\LDCM\CI\CIMGR\CiMgrLdr.exe -- (Intel CI Manager)
SRV - [2002/05/02 10:01:34 | 000,036,947 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\LDCM\BIN\SSM.exe -- (Intel SSM)
SRV - [2002/05/02 09:53:54 | 000,028,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\LDCM\BIN\IIDS.exe -- (Intel IIDS)
SRV - [2002/03/28 15:35:22 | 000,065,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BootStrap Agent\Bsa.exe -- (Intel Bootstrap Agent)

========== Driver Services (SafeList) ==========

DRV - [2009/05/27 14:03:34 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 14:03:18 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 14:03:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/09 12:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/06/20 04:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/12/10 04:06:00 | 003,536,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/21 21:34:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (l8042pr2)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/07/24 11:52:24 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 08:48:30 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 08:48:20 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 08:48:06 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 08:48:02 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 08:47:50 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 08:46:26 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/07/09 19:10:00 | 000,011,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/06/19 00:19:18 | 000,070,064 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/06/19 00:18:28 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/06/19 00:14:20 | 000,025,226 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/06/19 00:14:14 | 000,029,446 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/06/19 00:14:08 | 000,127,026 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/06/19 00:09:04 | 000,237,568 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/06/19 00:07:42 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/05/09 16:05:28 | 000,009,978 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cismbios.sys -- (CiSmBios)
DRV - [2001/08/17 06:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 06:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2000/06/06 09:29:58 | 000,006,736 | ---- | M] (RioPort.com) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RioPnP.sys -- (RioPNP)
DRV - [2000/03/22 21:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

O1 HOSTS File: ([2009/03/18 21:11:11 | 000,302,335 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CapFax] C:\Program Files\PhoneTools\capFax.exe (BVRP Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\cthelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\BIN\USM.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra 'Tools' menuitem : Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} http://fredmeyer.storefront.com/images/global/activex/SFImageUpload1_8.CAB (SFImageUpload1_8.ImageUpload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.9808217593 (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/01 11:03:55 | 000,000,619 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/02/21 21:15:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/22 01:16:40 | 000,000,143 | ---- | M] () - C:\AUTOLOG.REG -- [ NTFS ]
O33 - MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\Shell - "" = AutoRun
O33 - MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/03/01 16:07:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Re: Someone is sending out emails using my email name11th April 2010, 5:19 am

Here is the OTL file part 2.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/10 21:55:42 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/10 09:51:00 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\winlogon.scr
[2010/04/10 09:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/04/10 09:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/10 09:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/10 09:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/10 09:39:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/10 09:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2010/04/10 09:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/10 09:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/10 09:22:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/10 09:22:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/10 09:22:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/10 09:22:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/10 09:18:46 | 016,291,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u19-windows-i586.exe
[2009/06/25 13:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/17 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/16 20:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/16 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/16 12:44:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/16 12:44:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/16 12:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/02/21 22:20:14 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/10 21:55:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/10 21:51:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/10 10:49:14 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/04/10 09:51:02 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\winlogon.scr
[2010/04/10 09:49:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 09:47:56 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/10 09:47:18 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/10 09:21:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/10 09:21:41 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/10 09:21:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/10 09:21:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/10 09:21:41 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/10 09:18:59 | 016,291,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u19-windows-i586.exe
[2010/04/10 08:48:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/10 08:47:49 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\craigslist.url
[2010/04/10 08:45:43 | 003,216,238 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00581102}.CDF
[2010/04/10 08:45:43 | 003,216,238 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00581102}.BAK
[2010/04/10 08:45:38 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/10 08:45:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/10 08:45:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 08:45:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 08:45:27 | 1340,985,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 17:40:57 | 000,023,304 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/04/09 17:40:57 | 000,023,304 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/04/09 17:40:57 | 000,018,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/04/09 17:40:57 | 000,018,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/04/09 17:40:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/09 17:40:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/09 17:40:57 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/04/09 17:40:57 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/04/09 17:40:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/09 07:01:36 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/04/08 18:18:36 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Streets & Trips 2002.lnk
[2010/04/08 13:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/07 20:40:26 | 000,028,956 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\https psor.inshealth.com ehi next.pdf
[2010/04/06 22:08:42 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/06 20:22:42 | 000,860,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\healthNetApp.pdf
[2010/03/21 22:59:37 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Garden Growing Season 2010.xls
[2010/03/21 21:29:03 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2010/03/15 20:43:32 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/03/15 20:19:32 | 000,524,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 20:19:32 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 20:19:32 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 16:33:44 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cassidy's-10-Birthday-Party-Games.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/10 09:47:18 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/07 20:40:22 | 000,028,956 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\https psor.inshealth.com ehi next.pdf
[2010/04/06 20:22:39 | 000,860,696 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\healthNetApp.pdf
[2010/03/20 09:15:54 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Garden Growing Season 2010.xls
[2010/03/18 19:22:59 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/12 20:03:42 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cassidy's-10-Birthday-Party-Games.doc
[2010/01/24 15:45:37 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BBMS_EXCEPTION.txt
[2009/03/22 19:47:51 | 000,000,413 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2009/03/22 19:46:10 | 000,000,078 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2008/07/07 22:13:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/07/07 19:31:30 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff
[2008/03/15 14:02:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/03/15 14:00:02 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/15 14:00:01 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/09/26 14:54:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/30 07:43:15 | 000,005,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/09/30 07:43:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/06 01:53:03 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/18 09:39:12 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/02/18 09:39:12 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/02/18 09:39:12 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/02/18 09:39:12 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/02/10 09:04:39 | 012,582,912 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2005/12/10 04:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 04:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 04:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 04:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 04:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/30 19:55:19 | 000,017,231 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/06/22 21:54:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/06/22 21:05:03 | 000,003,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/03 18:02:53 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2005/03/26 15:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2005/01/11 22:31:38 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2005/01/11 22:31:38 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2004/12/19 22:58:41 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2004/11/28 15:49:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/27 10:48:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/31 21:15:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/01 08:41:17 | 000,186,988 | ---- | C] () -- C:\Documents and Settings\Owner\~
[2004/02/26 19:22:33 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2004/02/26 19:21:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2004/02/26 19:19:58 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2004/02/26 19:19:57 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2004/02/26 19:19:56 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2004/02/26 19:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/02/22 02:14:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2004/02/22 01:44:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/21 22:44:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/21 22:43:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/21 22:38:30 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2004/02/21 22:32:14 | 000,000,104 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2004/02/21 22:21:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/02/21 22:20:46 | 000,053,024 | ---- | C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL
[2004/02/21 22:20:39 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/02/21 22:20:36 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/02/21 22:20:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\editinf.ini
[2004/02/21 22:20:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/02/21 22:19:44 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/02/21 21:47:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CTPdeSrvps.dll
[2004/02/21 21:45:47 | 000,009,978 | ---- | C] () -- C:\WINDOWS\System32\drivers\cismbios.sys
[2004/02/21 21:45:39 | 000,014,756 | ---- | C] () -- C:\WINDOWS\System32\Ldcmrc16.dll
[2004/02/21 21:44:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2004/02/21 21:38:12 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/02/21 21:38:01 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2004/02/21 21:18:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2004/02/21 21:18:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2003/10/06 13:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 13:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/02/03 07:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1998/08/16 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/03/01 16:10:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/03/02 00:05:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2004/03/01 16:10:40 | 014,942,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/03/01 16:10:41 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/09/03 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[1996/04/03 12:33:26 | 000,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys
[2002/09/03 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 06:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 22:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 22:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 22:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 22:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 22:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/02/21 21:21:07 | 000,045,056 | ---- | M] (LANovation) -- C:\WINDOWS\system32\PCTKRNT.SYS
[1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS
[2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 06:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/04/10 08:45:25 | 000,019,036 | ---- | M] () -- C:\aaw7boot.log
[2007/12/01 11:03:55 | 000,000,619 | ---- | M] () -- C:\autoAlbum.log
[2004/02/21 21:15:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/08/22 01:16:40 | 000,000,143 | ---- | M] () -- C:\AUTOLOG.REG
[2007/07/06 17:03:15 | 015,357,454 | ---- | M] () -- C:\BHB 5486.wav
[2004/02/25 18:32:49 | 000,000,095 | ---- | M] () -- C:\BIOSID.TXT
[2006/02/12 17:34:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/03/16 07:51:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/02/21 14:58:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[1998/10/13 07:25:14 | 000,005,248 | ---- | M] () -- C:\BRCDFIND.EXE
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/03/16 08:08:43 | 000,010,890 | ---- | M] () -- C:\ComboFix.txt
[2004/02/21 21:15:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/02/21 21:48:22 | 000,000,188 | ---- | M] () -- C:\CtDrvIns.log
[2010/01/27 08:33:59 | 000,146,286 | ---- | M] () -- C:\DVD2Mp4_Log.txt
[2000/12/29 18:07:56 | 001,414,473 | ---- | M] () -- C:\flyer.dwg
[2010/04/10 08:45:27 | 1340,985,344 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2002/10/28 16:54:36 | 000,000,362 | ---- | M] () -- C:\INSERTU.INI
[2004/02/21 21:15:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/02/21 21:34:45 | 000,000,547 | -H-- | M] () -- C:\IPH.PH
[2006/03/06 22:58:16 | 000,001,623 | ---- | M] () -- C:\iPod_log.txt
[2004/07/03 19:49:20 | 001,197,959 | ---- | M] (Visual Networks ) -- C:\IPVNMonInstaller.exe
[2010/04/10 09:35:48 | 000,012,875 | ---- | M] () -- C:\JavaRa.log
[2002/08/29 04:41:28 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\joy.cpl
[2002/09/03 06:00:00 | 000,025,852 | ---- | M] () -- C:\JOY.CP_
[2004/05/06 17:36:38 | 000,079,507 | ---- | M] () -- C:\JUNK
[2004/05/06 17:31:28 | 000,000,347 | ---- | M] () -- C:\JUNK.BK!
[2004/02/21 21:46:02 | 000,000,052 | -H-- | M] () -- C:\LDISCAN.CFG
[2004/02/21 21:15:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/12 16:52:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/10 15:29:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/10 08:45:25 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2002/10/11 02:23:22 | 000,473,600 | ---- | M] (Gateway Computers) -- C:\PINSERT.EXE
[2006/03/05 23:08:24 | 021,249,848 | ---- | M] (Apple Computer, Inc.) -- C:\QuickTimeInstaller.exe
[2004/03/16 08:55:21 | 000,012,213 | ---- | M] () -- C:\rjscncm.wp
[2002/05/02 17:58:36 | 000,006,912 | ---- | M] () -- C:\TCREAD.EXE
[2002/08/26 07:56:28 | 000,001,274 | ---- | M] () -- C:\XPHOME.T
[2005/06/22 21:54:03 | 000,001,188 | ---- | M] () -- C:\_Sid.txt

< %PROGRAMFILES%\*. >
[2010/01/27 19:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/21 17:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2005/10/04 22:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/03/16 13:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/06/05 22:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/06/21 17:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2004/02/26 19:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Borland
[2009/07/15 17:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2004/11/28 15:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/07/15 17:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2009/07/15 17:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\comcasttb
[2009/07/15 17:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\ComcastUI
[2010/04/10 09:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/02/21 21:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/02/26 19:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2004/02/21 22:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2006/02/18 09:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2004/02/21 21:51:26 | 000,000,000 | ---D | M] -- C:\Program Files\DVD
[2009/03/15 18:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/03/18 20:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\filehippo.com
[2004/02/21 21:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway
[2010/01/27 22:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/06/22 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2004/02/22 01:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2007/11/22 09:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA MEDIA
[2010/01/03 22:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2005/05/26 06:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2007/03/04 22:22:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/02/25 21:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/03/15 21:27:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/18 19:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/18 19:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/03/16 20:13:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/17 22:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2004/02/25 01:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/03/17 22:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/11 09:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/09/03 21:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2004/03/31 21:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/03 22:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/02/21 21:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/03/31 21:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/03/31 22:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets & Trips
[2004/03/31 22:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2004/03/31 22:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2003
[2009/03/15 18:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2004/02/22 01:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/03/10 04:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/21 03:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/15 21:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/02/21 21:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2005/11/26 23:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\MsnMusic
[2006/11/17 16:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/04 22:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/01/09 08:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2009/06/04 22:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/06/04 22:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/09/10 15:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/04/10 09:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2004/03/31 21:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2004/03/07 19:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2004/02/21 21:13:49 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/12 03:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/09/30 07:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\Overland
[2004/02/21 21:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\pc-doctor for windows
[2008/03/15 14:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2007/10/17 21:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\PhoneTools
[2009/12/10 08:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/02/21 21:34:11 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/21 03:09:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/01/24 15:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2004/02/21 21:40:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/03/15 18:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2004/02/21 21:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
[2007/06/15 21:27:44 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2007
[2008/07/07 22:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/03/25 21:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/15 18:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2004/07/03 07:28:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2004/02/22 01:59:22 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Online
[2004/02/26 19:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\WexTech
[2006/02/12 15:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2004/02/22 01:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2009/09/03 21:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/03 21:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/09/10 15:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/15 21:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/06/29 10:20:09 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/02/21 21:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2006/03/07 23:33:16 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2010/01/24 15:47:55 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\BBMS_EXCEPTION.txt
[2004/02/21 15:08:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2005/04/03 18:05:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2007/11/04 09:51:18 | 000,065,392 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2006/09/30 07:43:27 | 000,005,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2008/07/21 21:09:51 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff

< MD5 for: AGP440.SYS >
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/09/03 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/09/12 16:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/09/10 15:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-10 11:04:59

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\Shortcut to WP.EXE.pif:SummaryInformation
< End of report >

Re: Someone is sending out emails using my email name11th April 2010, 9:47 am

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
O33 - MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\Shell - "" = AutoRun
O33 - MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\Shortcut to WP.EXE.pif:SummaryInformation

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

=======================

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here along with the OTL fix log. Smile...

Re: Someone is sending out emails using my email name11th April 2010, 2:56 pm

Here is the report from ComboFix:
ComboFix 10-04-10.02 - Owner 04/11/2010 7:43.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.750 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\cthelper.exe
c:\windows\system32\Data
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 14:07 . 2010-04-11 14:07 -------- d-----w- C:\_OTL
2010-04-10 16:47 . 2010-04-10 16:47 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-04-10 16:45 . 2010-04-10 16:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-10 16:44 . 2010-04-10 16:44 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-10 16:44 . 2010-04-11 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-10 16:22 . 2010-04-10 16:22 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 16:22 . 2010-04-10 16:22 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36962b96-n\msvcp71.dll
2010-04-10 16:22 . 2010-04-10 16:22 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36962b96-n\jmc.dll
2010-04-10 16:22 . 2010-04-10 16:22 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36962b96-n\msvcr71.dll
2010-04-10 16:22 . 2010-04-10 16:22 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12616f4b-n\decora-d3d.dll
2010-04-10 16:22 . 2010-04-10 16:22 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12616f4b-n\decora-sse.dll
2010-03-19 02:15 . 2010-03-19 02:15 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 14:15 . 2004-02-22 05:22 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
2010-04-11 14:15 . 2004-02-22 05:22 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
2010-04-10 16:47 . 2004-02-22 04:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 16:21 . 2009-03-16 05:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-09 14:01 . 2008-03-15 21:00 60 ----a-w- c:\windows\wpd99.drv
2010-04-09 14:01 . 2008-03-15 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-03-19 02:22 . 2006-02-12 23:14 -------- d-----w- c:\program files\iTunes
2010-03-19 02:21 . 2006-02-12 23:10 -------- d-----w- c:\program files\iPod
2010-03-19 02:21 . 2009-06-22 00:41 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 03:43 . 2009-08-31 17:25 256 ----a-w- c:\windows\system32\pool.bin
2010-02-07 03:28 . 2010-02-07 03:28 144160 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2010-02-07 03:28 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-07 03:27 . 2010-02-07 03:27 1436320 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"User Space Manager"="c:\program files\Intel\LDCM\Bin\USM.exe" [2002-05-02 20563]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-02-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-12 86016]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2005-01-15 385024]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2005-05-09 86016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-3-7 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\LDCM\\BIN\\USM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 10:09 PM 64160]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [5/5/2009 6:19 AM 616408]
R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\cismbios.sys [2/21/2004 9:45 PM 9978]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2/21/2004 9:48 PM 6736]
S2 gupdate1c9a6b15c4c2a8c;Google Update Service (gupdate1c9a6b15c4c2a8c);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 8:35 PM 133104]
S2 Intel Bootstrap Agent;Intel Bootstrap Agent;c:\program files\Intel\BootStrap Agent\bsa.exe [2/21/2004 9:45 PM 65536]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:08]

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://fredmeyer.storefront.com/images/global/activex/SFImageUpload1_8.CAB
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CTHelper - CTHELPER.EXE
AddRemove-Creative Driver - c:\windows\System32\ctdrvins
AddRemove-HijackThis - c:\documents and settings\Owner\Desktop\HijackThis.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2010-04-11 07:54:11
ComboFix-quarantined-files.txt 2010-04-11 14:54
ComboFix2.txt 2009-03-16 15:08

Pre-Run: 11,597,006,848 bytes free
Post-Run: 11,565,722,624 bytes free

- - End Of File - - 317C607D3238FD506967A4ABD73F6569

Re: Someone is sending out emails using my email name11th April 2010, 2:57 pm

Here is the OTL report:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{128b75ab-9a4c-11dc-b719-0007e9b60959}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{128b75ab-9a4c-11dc-b719-0007e9b60959}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{128b75ab-9a4c-11dc-b719-0007e9b60959}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{128b75ab-9a4c-11dc-b719-0007e9b60959}\ not found.
File F:\LaunchU3.exe not found.
ADS C:\Documents and Settings\Owner\Desktop\Shortcut to WP.EXE.pif:SummaryInformation deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131477 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 291183057 bytes

User: Owner
->Temp folder emptied: 80935875 bytes
->Temporary Internet Files folder emptied: 619662243 bytes
->Java cache emptied: 73952049 bytes
->Flash cache emptied: 271714 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29130368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23947282 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 4112760093 bytes

Total Files Cleaned = 4,991.00 mb

OTL by OldTimer - Version 3.2.1.1 log created on 04112010_070712

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Someone is sending out emails using my email name11th April 2010, 6:50 pm

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: Someone is sending out emails using my email name11th April 2010, 7:14 pm

Thanks for your help. I am scanning now. Are we getting close?

Re: Someone is sending out emails using my email name11th April 2010, 9:41 pm

Here is the scan results. No virus found!!!!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=90dc22688c530b4d86bacac376a89050
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-04-11 08:51:22
# local_time=2010-04-11 01:51:22 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 33693136 33693136 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95347
# found=0
# cleaned=0
# scan_time=5921

Re: Someone is sending out emails using my email name11th April 2010, 9:42 pm

So do you think it is fixed? Will it stop sending out emails to my contacts using my address?

Re: Someone is sending out emails using my email name12th April 2010, 3:27 am

Have you seen any of that activity lately?

Re: Someone is sending out emails using my email name12th April 2010, 3:44 am

It usually happens over night. It is 8:45pm here. So I guess I will see in the morning. We also have a laptop on a wirless network. Should I be concered with that machine? It is running Windows Vista.

Re: Someone is sending out emails using my email name12th April 2010, 4:13 am

If you see any weird activity on the other machine, post a new topic about it, so we can avoid confusion. Wink

Someone is sending out emails using my email name

descriptionSomeone is sending out emails using my email name10th April 2010, 5:00 pm

descriptionRe: Someone is sending out emails using my email name10th April 2010, 6:49 pm

descriptionRe: Someone is sending out emails using my email name11th April 2010, 5:14 am

descriptionRe: Someone is sending out emails using my email name11th April 2010, 5:19 am

descriptionRe: Someone is sending out emails using my email name11th April 2010, 5:19 am

descriptionRe: Someone is sending out emails using my email name11th April 2010, 9:47 am

descriptionRe: Someone is sending out emails using my email name11th April 2010, 2:56 pm

descriptionRe: Someone is sending out emails using my email name11th April 2010, 2:57 pm

descriptionRe: Someone is sending out emails using my email name11th April 2010, 6:50 pm

descriptionRe: Someone is sending out emails using my email name11th April 2010, 7:14 pm

descriptionRe: Someone is sending out emails using my email name11th April 2010, 9:41 pm

descriptionRe: Someone is sending out emails using my email name11th April 2010, 9:42 pm

descriptionRe: Someone is sending out emails using my email name12th April 2010, 3:27 am

descriptionRe: Someone is sending out emails using my email name12th April 2010, 3:44 am

descriptionRe: Someone is sending out emails using my email name12th April 2010, 4:13 am

descriptionRe: Someone is sending out emails using my email name

Someone is sending out emails using my email name10th April 2010, 5:00 pm

Re: Someone is sending out emails using my email name10th April 2010, 6:49 pm

Re: Someone is sending out emails using my email name11th April 2010, 5:14 am

Re: Someone is sending out emails using my email name11th April 2010, 5:19 am

Re: Someone is sending out emails using my email name11th April 2010, 5:19 am

Re: Someone is sending out emails using my email name11th April 2010, 9:47 am

Re: Someone is sending out emails using my email name11th April 2010, 2:56 pm

Re: Someone is sending out emails using my email name11th April 2010, 2:57 pm

Re: Someone is sending out emails using my email name11th April 2010, 6:50 pm

Re: Someone is sending out emails using my email name11th April 2010, 7:14 pm

Re: Someone is sending out emails using my email name11th April 2010, 9:41 pm

Re: Someone is sending out emails using my email name11th April 2010, 9:42 pm

Re: Someone is sending out emails using my email name12th April 2010, 3:27 am

Re: Someone is sending out emails using my email name12th April 2010, 3:44 am

Re: Someone is sending out emails using my email name12th April 2010, 4:13 am

Re: Someone is sending out emails using my email name