WiredWX Hobby Weather ToolsLog in

 


hotmail sending viagra spam to all of my contacts periodically please help

2 posters

descriptionhotmail sending viagra spam to all of my contacts periodically please help Emptyhotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Just like this poster:

http://www.GeekPolice.net/virus-spyware-malware-removal-f11/hotmail-sending-link-to-viagra-to-all-my-contactshelp-t23457.htm#156741

My hotmail is acting up. Same as above, "[m]y hotmail e-mail is sending this link to all my contacts, [Mod Edit], I don't know what it is. I am getting lots of delivery failure messages but many of my contacts are getting the link. I feel completely overwhelmed, I have never had a virus before... can someone help me? Thanks so much!!!"

my OTL logs follow:

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyOTL.txt

more_horiz
OTL logfile created on: 10/25/2010 11:04:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\My Documents\Hotmail
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 6.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.43 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive F: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-F11689672 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/25 23:03:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Hotmail\OTL.exe
PRC - [2010/10/20 10:05:27 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/20 10:05:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/03 12:31:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/21 23:29:46 | 000,654,648 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2010/07/14 20:00:22 | 000,304,480 | ---- | M] (eAcceleration Corp) -- C:\Program Files\StopSign\OnAccess\onaccess.exe
PRC - [2010/05/03 19:28:57 | 000,365,912 | ---- | M] (eAcceleration Corp) -- C:\Program Files\StopSign\Firewall\FWService.exe
PRC - [2010/04/16 12:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/03/15 15:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) -- C:\Program Files\eAcceleration\Framework\eac_svc.exe
PRC - [2010/03/15 15:29:37 | 000,263,504 | ---- | M] (eAcceleration Corp) -- C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:36 | 000,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spider.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/27 03:17:04 | 000,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/05/15 16:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2004/08/22 18:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2002/09/25 12:20:30 | 000,491,520 | ---- | M] () -- C:\Program Files\PopCap Games\NingPo MahJong Deluxe\Ningpo.exe


========== Modules (SafeList) ==========

MOD - [2010/10/25 23:03:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Hotmail\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/03 12:33:23 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/03 19:28:57 | 000,365,912 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\StopSign\Firewall\FWService.exe -- (FWService)
SRV - [2010/03/15 15:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (sstsmonsvc)
SRV - [2010/03/15 15:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (ssfwmonsvc)
SRV - [2010/03/15 15:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (eac_notifysvc)
SRV - [2010/03/15 15:29:37 | 000,263,504 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/27 03:17:04 | 000,009,216 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/15 16:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/05/03 19:29:02 | 000,109,664 | ---- | M] (eAcceleration Corp) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fwcore.sys -- (fwcore)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/05/15 16:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 16:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 16:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/11/28 03:11:00 | 001,161,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.iptorrents.com"
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/03 12:33:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 20:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 10:05:32 | 000,000,000 | ---D | M]

[2010/07/20 13:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/10/25 13:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions
[2010/07/21 22:57:43 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/22 11:28:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 10:45:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/31 17:53:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/04 18:50:18 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\searchplugins\weathercom.xml
[2010/07/21 23:05:05 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\searchplugins\winamp-search.xml
[2010/10/25 13:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 08:35:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\Program Files\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OnAccess] C:\Program Files\StopSign\OnAccess\onaccess.exe (eAcceleration Corp)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\Program Files\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1093506461265 (WUWebControl Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {42DD0873-5FA9-465D-90DE-0826020416A5} - C:\Program Files\StopSign\OnAccess\onaccess_hk32.dll (eAcceleration Corp)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 01:46:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7bc07737-f6f4-11d8-aa1d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7bc07737-f6f4-11d8-aa1d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bc07737-f6f4-11d8-aa1d-806d6172696f}\Shell\AutoRun\command - "" = D:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: BCMSMMSG - hkey= - key= - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: OnAccess - hkey= - key= - C:\Program Files\StopSign\OnAccess\onaccess.exe (eAcceleration Corp)
MsConfig - StartUpReg: Orb - hkey= - key= - C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoftwareStation - hkey= - key= - C:\Program Files\eAcceleration\Station\station.exe (eAcceleration Corp)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: StopSignPopupBlocker - hkey= - key= - C:\Program Files\StopSign\PopupBlocker\sspopupblockerctrl.exe (eAcceleration Corp )
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: webscan - hkey= - key= - C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe (eAcceleration Corp)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 12:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Hotmail
[2010/10/13 11:25:23 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 11:25:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 11:25:15 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/07 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/21 20:10:37 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010/07/21 20:10:37 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/25 12:41:36 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/10/25 12:19:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1647877149-725345543-1003.job
[2010/10/25 12:19:40 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/25 12:19:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/25 02:24:51 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2010/10/24 20:38:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1647877149-725345543-1003.job
[2010/10/24 12:38:05 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/22 22:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/21 21:20:52 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/16 16:35:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/14 11:07:09 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 01:32:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/08 01:13:36 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 01:13:36 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/07 19:52:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 19:52:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/16 01:21:55 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/15 12:09:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Adrvsys.dll
[2010/08/08 03:51:20 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/08/04 18:47:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2010/08/04 18:47:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2010/07/25 20:37:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/07/21 23:11:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/21 20:03:59 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 18:53:56 | 000,001,138 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/25 20:18:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/09 09:38:00 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/09/09 09:38:00 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/25 20:17:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/25 20:17:05 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/25 20:17:05 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 09:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2004/08/26 01:46:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/04 12:12:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004/08/26 01:46:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/08/26 01:46:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/01 09:51:12 | 000,000,453 | -H-- | M] () -- C:\IPH.PH
[2004/08/26 01:46:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/13 18:48:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/25 12:19:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/21 20:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Acceleration Software
[2010/07/20 13:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/08/01 09:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/07/19 17:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/07/22 11:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/21 22:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/08/31 17:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2010/07/22 11:55:17 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/15 12:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Borland
[2010/07/25 20:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/07/21 22:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/10/07 19:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/26 01:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/07/20 13:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/21 20:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\D-Tools
[2010/09/10 18:18:47 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2010/08/04 12:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2010/07/30 13:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Drug Lord 2
[2010/07/21 20:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\eAcceleration
[2010/07/20 15:33:55 | 000,000,000 | ---D | M] -- C:\Program Files\GameHouse Games Collection
[2010/07/25 22:19:43 | 000,000,000 | ---D | M] -- C:\Program Files\Hero Editor
[2010/07/21 18:56:35 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/07/21 19:58:00 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/07/25 20:39:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/14 01:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/03 23:11:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/28 22:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/09/03 23:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/08 03:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2010/07/21 22:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/13 19:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/08/26 01:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/20 12:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/20 12:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/07/20 12:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/07/27 08:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/20 12:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/15 11:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/24 19:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/20 12:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/08/26 01:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/26 01:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/21 22:55:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2010/07/21 18:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/07/19 18:21:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/07/20 13:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/08/13 18:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/26 01:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/08/13 19:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/22 23:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/08/08 03:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2010/09/03 23:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/08/03 12:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/07/21 22:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2010/07/19 18:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/21 22:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Regensoft
[2010/07/27 08:35:36 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/07/21 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\StopSign
[2010/08/04 18:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2010/08/04 18:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel Toolbar
[2004/08/26 02:09:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/21 22:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/08/08 03:51:38 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2010/07/25 22:33:58 | 000,000,000 | ---D | M] -- C:\Program Files\WinAce
[2010/07/21 22:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/21 22:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Remote
[2010/07/20 10:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/07/19 18:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/13 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/08/13 18:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/26 01:44:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/25 23:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2004/08/26 01:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/08/29 17:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2004/08/25 20:18:30 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2010/08/13 18:29:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 05:32:16

< End of report >

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyExtras.txt

more_horiz
OTL Extras logfile created on: 10/25/2010 11:04:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\My Documents\Hotmail
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 6.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.43 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive F: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-F11689672 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Academy of Magic" = GameHouse Games Collection: Academy of Magic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adventure Inlay" = GameHouse Games Collection: Adventure Inlay
"Adventure Inlay - Safari Edition" = GameHouse Games Collection: Adventure Inlay - Safari Edition
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AIM_7" = AIM 7
"Air Strike 3D" = GameHouse Games Collection: Air Strike 3D
"Alien Sky" = GameHouse Games Collection: Alien Sky
"Aloha Solitaire" = GameHouse Games Collection: Aloha Solitaire
"Aloha TriPeaks" = GameHouse Games Collection: Aloha TriPeaks
"Ancient Tri-Jong" = GameHouse Games Collection: Ancient Tri-Jong
"Ancient Tripeaks" = GameHouse Games Collection: Ancient Tripeaks
"Astrobatics" = GameHouse Games Collection: Astrobatics
"Atlantis" = GameHouse Games Collection: Atlantis
"Atomaders" = GameHouse Games Collection: Atomaders
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bejeweled 2" = GameHouse Games Collection: Bejeweled 2
"Bewitched" = GameHouse Games Collection: Bewitched
"Big Kahuna Reef" = GameHouse Games Collection: Big Kahuna Reef
"BitTorrent" = BitTorrent
"Boggle Supreme" = GameHouse Games Collection: Boggle Supreme
"Bounce Out Blitz" = GameHouse Games Collection: Bounce Out Blitz
"Casino Island To Go" = GameHouse Games Collection: Casino Island To Go
"Chainz" = GameHouse Games Collection: Chainz
"Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked
"Charm Solitaire" = GameHouse Games Collection: Charm Solitaire
"Charm Tale" = GameHouse Games Collection: Charm Tale
"Chicktionary" = GameHouse Games Collection: Chicktionary
"Chuzzle Deluxe" = GameHouse Games Collection: Chuzzle Deluxe
"Collapse! Crunch" = GameHouse Games Collection: Collapse! Crunch
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Combo Chaos!" = GameHouse Games Collection: Combo Chaos!
"Crystal Path" = GameHouse Games Collection: Crystal Path
"Cubis Gold 2" = GameHouse Games Collection: Cubis Gold 2
"Diablo II" = Diablo II
"Digby's Donuts" = GameHouse Games Collection: Digby's Donuts
"Diner Dash" = GameHouse Games Collection: Diner Dash
"Drug Lord 2" = Drug Lord 2
"EaccelSetup" = StopSign Internet Security
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Feeding Frenzy" = GameHouse Games Collection: Feeding Frenzy
"ffdshow" = ffdshow (remove only)
"Fiber Twig" = GameHouse Games Collection: Fiber Twig
"Five Card Deluxe" = GameHouse Games Collection: Five Card Deluxe
"Flip Words" = GameHouse Games Collection: Flip Words
"Flying Leo" = GameHouse Games Collection: Flying Leo
"Fortune Tiles Gold" = GameHouse Games Collection: Fortune Tiles Gold
"Fresco Wizard" = GameHouse Games Collection: Fresco Wizard
"GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku
"Gearz" = GameHouse Games Collection: Gearz
"Granny in Paradise" = GameHouse Games Collection: Granny in Paradise
"Gutterball" = GameHouse Games Collection: Gutterball
"Gutterball 2" = GameHouse Games Collection: Gutterball 2
"Hamsterball" = GameHouse Games Collection: Hamsterball
"Hello!" = GameHouse Games Collection: Hello!
"Holiday Express" = GameHouse Games Collection: Holiday Express
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Iggle Pop!" = GameHouse Games Collection: Iggle Pop!
"Incadia" = GameHouse Games Collection: Incadia
"Incredible Ink" = GameHouse Games Collection: Incredible Ink
"Insaniquarium Deluxe" = GameHouse Games Collection: Insaniquarium Deluxe
"Inspector Parker" = GameHouse Games Collection: Inspector Parker
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"Invadazoid" = GameHouse Games Collection: Invadazoid
"IrfanView" = IrfanView (remove only)
"Jewel Quest" = GameHouse Games Collection: Jewel Quest
"Lemonade Tycoon" = GameHouse Games Collection: Lemonade Tycoon
"Luxor" = GameHouse Games Collection: Luxor
"Mad Caps" = GameHouse Games Collection: Mad Caps
"Magic Ball 2" = GameHouse Games Collection: Magic Ball 2
"Magic Ball 2 - New Worlds" = GameHouse Games Collection: Magic Ball 2 - New Worlds
"Magic Ball Deluxe" = GameHouse Games Collection: Magic Ball
"Magic Inlay" = GameHouse Games Collection: Magic Inlay
"Magic Vines" = GameHouse Games Collection: Magic Vines
"Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures
"Mah Jong Medley" = GameHouse Games Collection: Mah Jong Medley
"Mah Jong Quest" = GameHouse Games Collection: Mah Jong Quest
"Mahjong Garden To Go" = GameHouse Games Collection: Mahjong Garden To Go
"Mahjong Towers Eternity" = GameHouse Games Collection: Mahjong Towers Eternity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maui Wowee" = GameHouse Games Collection: Maui Wowee
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NingPo MahJong Deluxe 1.04" = NingPo MahJong Deluxe 1.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"Phlinx To Go" = GameHouse Games Collection: Phlinx To Go
"Pin High Country Club Golf" = GameHouse Games Collection: Pin High Country Club Golf
"Pizza Frenzy" = GameHouse Games Collection: Pizza Frenzy
"Platypus" = GameHouse Games Collection: Platypus
"Poker Superstars" = GameHouse Games Collection: Poker Superstars
"PROSet" = Intel(R) PRO Network Connections Drivers
"Puzzle Express" = GameHouse Games Collection: Puzzle Express
"Puzzle Inlay" = GameHouse Games Collection: Puzzle Inlay
"Puzzle Solitaire" = GameHouse Games Collection: Puzzle Solitaire
"QBz" = GameHouse Games Collection: QBz
"Reader's Digest Super Word Power" = GameHouse Games Collection: Reader's Digest Super Word Power
"RealPlayer 12.0" = RealPlayer
"Ricochet" = GameHouse Games Collection: Ricochet
"Ricochet Lost Worlds" = GameHouse Games Collection: Ricochet Lost Worlds
"Ricochet Lost Worlds: Recharged" = GameHouse Games Collection: Ricochet Lost Worlds - Recharged
"Roller Rush" = GameHouse Games Collection: Roller Rush
"Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"SCRABBLE" = GameHouse Games Collection: SCRABBLE
"Shape Shifter" = GameHouse Games Collection: Shape Shifter
"Shop for HP Supplies" = Shop for HP Supplies
"Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spelvin" = GameHouse Games Collection: Spelvin
"Splash" = GameHouse Games Collection: Splash
"Spring Sprang Sprung" = GameHouse Games Collection: Spring Sprang Sprung
"ST6UNST #1" = Hero Editor V0.96
"ST6UNST #2" = Hero Editor V0.96 (C:\Program Files\Hero Editor\)
"Super 5-Line Slots" = GameHouse Games Collection: Super 5-Line Slots
"Super Blackjack!" = GameHouse Games Collection: Super Blackjack!
"Super Bounce Out!" = GameHouse Games Collection: Super Bounce Out!
"Super Candy Cruncher" = GameHouse Games Collection: Super Candy Cruncher
"Super Collapse!" = GameHouse Games Collection: Super Collapse!
"Super Collapse! II" = GameHouse Games Collection: Super Collapse! II
"Super Collapse! II Platinum" = GameHouse Games Collection: Super Collapse! II Platinum
"Super Fruit Frolic" = GameHouse Games Collection: Super Fruit Frolic
"Super GameHouse Solitaire Vol. 1" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
"Super GameHouse Solitaire Vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
"Super GameHouse Solitaire Vol. 3" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
"Super Gem Drop" = GameHouse Games Collection: Super Gem Drop
"Super Glinx!" = GameHouse Games Collection: Super Glinx!
"Super Letter Linker" = GameHouse Games Collection: Super Letter Linker
"Super Mah Jong Solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
"Super Nisqually" = GameHouse Games Collection: Super Nisqually
"Super PileUp!" = GameHouse Games Collection: Super PileUp!
"Super Pool" = GameHouse Games Collection: Super Pool
"Super Pop & Drop!" = GameHouse Games Collection: Super Pop & Drop!
"Super Rumble Cube" = GameHouse Games Collection: Super Rumble Cube
"Super SpongeBob Collapse!" = GameHouse Games Collection: Super SpongeBob Collapse!
"Super TextTwist" = GameHouse Games Collection: Super TextTwist
"Super WHATword" = GameHouse Games Collection: Super WHATword
"Super Wild Wild Words" = GameHouse Games Collection: Super Wild Wild Words
"Synergism VI" = Synergism VI
"Tap a Jam" = GameHouse Games Collection: Tap a Jam
"Ten Pin Championship Bowling Pro" = GameHouse Games Collection: Ten Pin Championship Bowling Pro
"Tennis Titans" = GameHouse Games Collection: Tennis Titans
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"Tradewinds 2" = GameHouse Games Collection: Tradewinds 2
"Trivia Machine" = GameHouse Games Collection: Trivia Machine
"Tropical Swaps" = GameHouse Games Collection: Tropical Swaps
"Tumblebugs" = GameHouse Games Collection: Tumblebugs
"Turtle Bay" = GameHouse Games Collection: Turtle Bay
"Twistingo" = GameHouse Games Collection: Twistingo
"Ultimate Dominoes" = GameHouse Games Collection: Ultimate Dominoes
"Varmintz Deluxe" = GameHouse Games Collection: Varmintz Deluxe
"VLC media player" = VideoLAN VLC media player 0.8.4a
"Walls of Jericho, The" = GameHouse Games Collection: Walls of Jericho, The
"Wheel of Fortune" = GameHouse Games Collection: Wheel of Fortune
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Jolt" = GameHouse Games Collection: Word Jolt
"Word Slinger" = GameHouse Games Collection: Word Slinger
"WordJong To Go" = GameHouse Games Collection: WordJong To Go
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zuma Deluxe" = GameHouse Games Collection: Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0.2
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2010 5:22:41 PM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3888, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/11/2010 10:49:23 PM | Computer Name = OWNER-F11689672 | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/22/2010 11:24:44 PM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/25/2010 6:33:38 PM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/1/2010 1:07:28 PM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.2.0.169, faulting module
skype.exe, version 4.2.0.169, fault address 0x000ef1ac.

Error - 10/2/2010 7:02:30 PM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/5/2010 12:13:34 AM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/12/2010 12:18:59 AM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/13/2010 3:42:50 PM | Computer Name = OWNER-F11689672 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/21/2010 9:32:21 PM | Computer Name = OWNER-F11689672 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

[ System Events ]
Error - 10/18/2010 9:51:46 PM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/19/2010 8:34:10 AM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/19/2010 7:14:39 PM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/20/2010 10:03:20 AM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/21/2010 10:48:32 AM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/22/2010 9:27:15 AM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/22/2010 7:15:50 PM | Computer Name = OWNER-F11689672 | Source = DCOM | ID = 10010
Description = The server {A0E35FC2-4A49-4787-9E3B-8E0C8425ED91} did not register
with DCOM within the required timeout.

Error - 10/23/2010 12:33:21 PM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/24/2010 9:52:32 AM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/25/2010 12:21:22 PM | Computer Name = OWNER-F11689672 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyMBAM Post Scan Log

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4963

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/27/2010 9:10:29 AM
mbam-log-2010-10-27 (09-10-29).txt

Scan type: Quick scan
Objects scanned: 152060
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\k9qwvfe5v1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\o5cc6311.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\c8svg5.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tiayb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yforhw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ylhsguwr.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2904665884.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\utt165.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\utt706.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\js8jifgjsoi398i8djgdf.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\jse98frrjushf87sfhdud.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    hotmail sending viagra spam to all of my contacts periodically please help CF_download_FF

    hotmail sending viagra spam to all of my contacts periodically please help CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    hotmail sending viagra spam to all of my contacts periodically please help Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    hotmail sending viagra spam to all of my contacts periodically please help Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
A quick note: I thought I disabled my AV when I ran Combo-Fix, but for some reason it said my AV was enabled during the scan. (The steps to disable my AV were not listed in the link you gave me, so i tried it on my own and apparently failed. I am not sure how or if this affects the final result.

ComboFix 10-10-28.09 - Owner 10/29/2010 17:52:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.552 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: StopSign Antivirus *On-access scanning enabled* (Updated) {3E1D4556-3240-40c8-BBED-64A8690A3FB4}
FW: StopSign Firewall *enabled* {06936B90-CB61-4dcb-AABD-C0E25320F6C3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Dealio
c:\documents and settings\Owner\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Owner\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Owner\Local Settings\Application Data\{A31D46A0-7D59-4A6C-B44E-FD357E680973}
c:\documents and settings\Owner\Local Settings\Application Data\{A31D46A0-7D59-4A6C-B44E-FD357E680973}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{A31D46A0-7D59-4A6C-B44E-FD357E680973}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{A31D46A0-7D59-4A6C-B44E-FD357E680973}\install.rdf
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.1\config.ini
c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\daemon.dll
c:\windows\system32\Adrvsys.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-27 14:40 . 2010-10-27 14:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Search Settings
2010-10-27 14:40 . 2010-10-27 14:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-10-27 14:40 . 2010-10-27 14:40 -------- d-----w- c:\program files\Application Updater
2010-10-27 14:40 . 2010-10-27 14:40 -------- d-----w- c:\program files\Common Files\Spigot
2010-10-13 15:25 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 15:25 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 15:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-07 23:47 . 2010-10-07 23:51 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-07-19 20:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-10 09:15 . 2010-08-10 09:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15 . 2010-08-10 09:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-08 07:51 . 2010-08-08 07:51 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-08-03 16:32 . 2010-07-20 17:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-03 16:32 . 2010-07-20 17:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-07-22 654648]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"OnAccess"="c:\program files\StopSign\OnAccess\onaccess.exe" [2010-07-15 304480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-03 202256]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{42DD0873-5FA9-465D-90DE-0826020416A5}"= "c:\program files\StopSign\OnAccess\onaccess_hk32.dll" [2010-07-15 218464]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-07-22 02:25 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 20:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 03:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2005-03-29 23:28 6815744 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnAccess]
2010-07-15 00:00 304480 ------w- c:\program files\StopSign\OnAccess\onaccess.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 20:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 20:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
2010-06-22 19:33 140624 ------w- c:\program files\eAcceleration\Station\station.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignPopupBlocker]
2010-03-26 00:41 374096 ------w- c:\progra~1\StopSign\POPUPB~1\sspopupblockerctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-03 16:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
2010-06-17 17:20 1406304 ----a-r- c:\program files\Acceleration Software\Anti-Virus\stopsignav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/21/2010 8:10 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/21/2010 8:10 PM 5248]
R0 fwcore;Fwcore Filter;c:\windows\system32\drivers\fwcore.sys [7/21/2010 8:17 PM 109664]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [10/22/2010 4:38 PM 386560]
R2 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [7/21/2010 8:07 PM 111672]
R2 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [7/21/2010 8:07 PM 263504]
R2 FWService;FWService;c:\program files\StopSign\Firewall\FWService.exe -Service --> c:\program files\StopSign\Firewall\FWService.exe -Service [?]
R2 ssfwmonsvc;StopSign Firewall Security Center Provider;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [7/21/2010 8:07 PM 111672]
R2 sstsmonsvc;StopSign Antivirus Security Center Provider;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [7/21/2010 8:07 PM 111672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1647877149-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1647877149-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.iptorrents.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1znsb1a3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 18:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\StopSign\Firewall\FWService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\DllHost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-29 18:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 22:04

Pre-Run: 22,213,816,320 bytes free
Post-Run: 22,757,961,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 70695869DE856E5D6F3BFDB05E563B8A

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitTorrent
    DNA

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
I chose not not delete BitTorrent, but thanks for the heads up. Here is the log from the ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9a1d62b9372f6345b06326339cd13fca
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-30 03:03:50
# local_time=2010-10-30 11:03:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=85959
# found=11
# cleaned=11
# scan_time=3574
C:\backup\Desktop\Crap\New Folder (2)\abba summer night city.wma probably a variant of Win32/Agent.FNYAFOD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\General Shit\Nullsoft.WinAmp.v5.32.Incl.KeyMaker\keygen.exe a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\iPod\Trance\New Israeli Songs\noa (achinoam ninni) - child with pigtails (hebrew - yalda im tzamot).mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\atomica.deluxe.2.52.keygen-tsrh.exe probably a variant of Win32/Agent.BYHVWGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\big.money.deluxe.1.22.keygen-tsrh.exe probably a variant of Win32/Agent.BIGUFPV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\bookworm.deluxe.1.0.keygen-tsrh.exe probably a variant of Win32/Spy.Agent.DDEKVK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\mummy.maze.deluxe.1.1.keygen-tsrh.exe probably a variant of Win32/Hupigon.IYMAPWD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\ningpo.mahjong.deluxe.1.04.keygen-tsrh.exe probably a variant of Win32/Agent.CRYFFWU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\noah.s.ark.deluxe.1.1.keygen-tsrh.exe probably a variant of Win32/Agent.DNPXWLD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\seven.seas.deluxe.1.13.keygen-tsrh.exe probably a variant of Win32/Agent.IZRUBHN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\larfurman\Random Games\Pop Cap\Keygens\tiptop.deluxe.1.1.keygen-tsrh.exe probably a variant of Win32/Agent.CCDOLDQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

This process sure has a lot of steps; I am just curious, what exactly is accomplished with each step? (I am not doubting your work. I just wish know what exactly gets done with each scan.) Finally, what is the next step?

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Malware removal is a long process, there is a lot of areas to check.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
CKScanner - Additional Security Risks - These are not necessarily bad
c:\backup\alcohol 120%\warcraft iii - the frozen throne [disk3] -crack,patch,serial.iso._eac_qt_
c:\backup\j programs\keygen\xp repairpro keygen.exe
c:\backup\j programs\mxskyperecsetup\crack\mxskyperecorder.exe
c:\backup\j programs\poweriso.v3.0.with keymaker\keygen.exe
c:\backup\j programs\xp.repair.pro.v3.5.3.incl.keygen.-=![matantk]!=-\xprepairpro2007.exe
c:\backup\j programs\xp.repair.pro.v3.5.3.incl.keygen.-=![matantk]!=-\keygen\xp repairpro keygen.exe
c:\backup\larfurman\c&c keygen and cracks\install.txt
c:\backup\larfurman\c&c keygen and cracks\keygen.exe
c:\backup\larfurman\c&c keygen and cracks\cracks\command & conquer red alert(tm) ii\ra2\ra2md.exe
c:\backup\larfurman\c&c keygen and cracks\cracks\command & conquer red alert(tm) ii\ra2\yuri.exe
c:\backup\larfurman\c&c keygen and cracks\cracks\command & conquer(tm) generals zero hour\generals.exe
c:\backup\larfurman\random games\cracks\hoyle casino 2006 hack\tnta-hc06.exe
c:\backup\larfurman\random games\cracks\hoyle casino 2006 hack\tnta.nfo
c:\backup\larfurman\random games\cracks\w3 no-cd files\fdx-w3u12a.nfo
c:\backup\larfurman\random games\cracks\w3 no-cd files\war3.exe
c:\backup\larfurman\random games\cracks\w3 no-cd files\worldedit.exe
c:\backup\larfurman\random games\pop cap\all (15) popcap games with keygens 2004.05.04 (alchemy astropop atomica bejeweled big money bookworm dynomite mummy maze ningpo mahjong noah.rar
c:\backup\larfurman\random games\pop cap\keygens\alchemy.deluxe.1.2.keygen-tsrh.exe
c:\backup\larfurman\random games\pop cap\keygens\alchemy.deluxe.1.2.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\astropop.deluxe.1.0.crack.rar
c:\backup\larfurman\random games\pop cap\keygens\atomica.deluxe.2.52.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\big.money.deluxe.1.22.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\bookworm.deluxe.1.0.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\cracks-world.nfo
c:\backup\larfurman\random games\pop cap\keygens\dynomite.deluxe.2.7.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\file_id.diz
c:\backup\larfurman\random games\pop cap\keygens\mummy.maze.deluxe.1.1.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\ningpo.mahjong.deluxe.1.04.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\noahs.ark.deluxe.1.1.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\rocket.mania.deluxe.1.0.keygen-tsrh.exe
c:\backup\larfurman\random games\pop cap\keygens\rocket.mania.deluxe.1.0.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\seven.seas.deluxe.1.13.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\tiptop.deluxe.1.1.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\tsrh.nfo
c:\backup\larfurman\random games\pop cap\keygens\typer.shark.deluxe.1.0.keygen-tsrh.exe
c:\backup\larfurman\random games\pop cap\keygens\typer.shark.deluxe.1.0.keygen-tsrh.zip
c:\backup\larfurman\random games\pop cap\keygens\zuma.deluxe.1.0.crack.exe._eac_qt_
c:\documents and settings\owner\my documents\downloads\[isohunt] degun_-_ms_office_7-0_aio_crack serial_pack_clean.torrent
c:\program files\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg
c:\program files\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml
c:\program files\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg
c:\program files\gamehouse games collection\hamsterball\sounds\crack.ogg
c:\program files\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker1.pnge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
scanner sequence 3.ZZ.11
----- EOF -----

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

I will not help you if you do not remove the keygens and cracks.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
I have removed all of the cracks and keygens CKScanner found and some other ones it did not also. Here is the updated scan list (the word "crack" appears in the file name for these files, but it's just a part of the file name because those are the sounds that recur during the game as you can probably already tell from the file extension):

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg
c:\program files\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml
c:\program files\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg
c:\program files\gamehouse games collection\hamsterball\sounds\crack.ogg
c:\program files\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker1.pnge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
scanner sequence 3.FF.11
----- EOF -----

Thank you again for helping me, and I will do all I can/need to make my computer safe.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Hello.

I see you have VLC player installed. Sadly you are running an old versions and needs updating.

Download and install VLC Player 1.1.4
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
Thank you for the VLC tip.

So far so good. No new Viagra emails sent yet. I'll keep a watchful eye on my hotmail account.

Thank very much for your help.

descriptionhotmail sending viagra spam to all of my contacts periodically please help EmptyRe: hotmail sending viagra spam to all of my contacts periodically please help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum