mail sending out spam messages

View previous topic View next topic Go down

mail sending out spam messages

Post by Tollan on Thu Dec 16, 2010 5:15 pm

Hi,

in the last 2 days facebook informed me that someone tried to hack my accont, and at the same time my hotmail box started getting dozens of messages from the hotmail postmaster saying "Delivery Status Notification (Failure)" to mails i didn't send. i thought this was because someone listed my email as a return adress. but today i found out some mails were actualy sent (that were obvious spam) from my accont, which i guess couldn't happen without someone hacking my mail.
i changed both my facebook and hotmail passwords, and i did a full scan with malwarebytes, which turned up "no malicious items". does this mean my computer is clean? is there anything else i can do to check my computer?

Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Sneakyone on Thu Dec 16, 2010 6:33 pm

Hi,

Welcome to GeekPolice.net!

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Tollan on Thu Dec 16, 2010 10:19 pm

The forum sais the OTL.txt is too long for one post, so i'll split it in two:

OTL.txt part 1:

OTL logfile created on: 16/12/2010 23:29:38 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\מתן\שולחן העבודה
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 14.60 Gb Free Space | 4.90% Space Free | Partition Type: NTFS
Drive D: | 7.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATAN | User Name: מתן | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 23:11:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\מתן\שולחן העבודה\OTL.exe
PRC - [2010/12/09 13:54:12 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/07/28 08:23:20 | 001,107,456 | ---- | M] (PrinterAnywhere) -- C:\Program Files\PrinterShare\paConsole.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/01 22:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2010/02/03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/01/05 17:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/01/05 17:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/01/05 17:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/10/08 11:31:44 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: ) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/29 16:58:46 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2008/04/14 04:17:43 | 001,202,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 15:55:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/12/16 23:11:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\מתן\שולחן העבודה\OTL.exe
MOD - [2010/08/23 18:11:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\014750~1.EXE -- (0147501282686806mcinstcleanup) McAfee Application Installer Cleanup (0147501282686806)
SRV - [2010/12/09 02:01:07 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/05 17:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/01/05 17:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/01/05 17:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/10/08 11:31:44 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/23 13:33:42 | 001,141,200 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/03/06 16:55:24 | 000,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\5F05~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2010/09/28 02:17:50 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/07/28 14:17:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/10 00:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/05 17:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/05 17:04:02 | 000,312,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/01/05 17:04:02 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/05 17:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/05 17:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/01/05 17:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/01/05 17:04:02 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/05 17:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/01/05 17:04:02 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/05 17:04:02 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/22 15:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/03 10:55:36 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/07/03 10:53:44 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/07/03 10:53:33 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/03/06 16:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 16:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 16:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 16:49:20 | 000,491,168 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 07:32:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/28 21:03:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/10 07:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/11 06:16:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 09:57:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 09:57:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/10 07:28:50 | 000,000,000 | ---D | M]

[2010/06/20 12:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\מתן\Application Data\Mozilla\Extensions
[2010/06/27 15:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\4hahkxpy.default\extensions
[2010/06/21 12:54:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\4hahkxpy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 14:46:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\4hahkxpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/25 17:36:58 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\4hahkxpy.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/06/24 12:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\4hahkxpy.default\extensions\firebug@software.joehewitt.com
[2010/12/13 06:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\extensions
[2010/07/03 08:18:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/08 05:55:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/27 13:15:15 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/12/11 07:56:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/11 07:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\extensions\firebug@software.joehewitt.com
[2010/12/13 06:31:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/26 07:32:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/10 07:11:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 06:04:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/05 17:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:10:52 | 000,001,960 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\morfix-dic.xml
[2010/04/01 19:10:52 | 000,001,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-he.xml

O1 HOSTS File: ([2010/12/09 14:14:53 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100622212741.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\מתן\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PrinterShare] C:\Program Files\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\מתן\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk = C:\Documents and Settings\מתן\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} [You must be registered and logged in to see this link.] (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (דף הבית הנוכחי שלי) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\מתן\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\מתן\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/29 05:38:15 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/07 20:56:09 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 01:34:11 | 000,000,046 | RH-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{027cde59-01b4-11e0-9c2b-001cc0799084}\Shell - "" = AutoRun
O33 - MountPoints2\{16de62c1-8d1b-11de-9b54-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{16de62c1-8d1b-11de-9b54-806d6172696f}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010/05/25 01:34:11 | 002,505,256 | R--- | M] ()
O33 - MountPoints2\{5fbbceae-ddb5-11de-9b99-001cc0799084}\Shell - "" = AutoRun
O33 - MountPoints2\{5fbbceae-ddb5-11de-9b99-001cc0799084}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^PHOTOfunSTUDIO.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe - (Panasonic Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\מתן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Nikon Transfer Monitor - hkey= - key= - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Trackstick Manager.exe - hkey= - key= - C:\Program Files\Trackstick Manager\Trackstick Manager.EXE (Telespial Systems)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2CA9323C-E1E6-54B0-7DB9-48B681CDC729} - Microsoft Windows Media Player 6.4
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - יצירת דפים מתקדמת
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - מחלקות Java של DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {986FA94B-D55B-C10C-75A1-A12AB059ECB3} - Microsoft Windows Media Player 6.4
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - מתזמן המשימות
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Labtec Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled


Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Tollan on Thu Dec 16, 2010 10:19 pm

OTL.txt part 2:


========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 23:11:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\מתן\שולחן העבודה\OTL.exe
[2010/12/16 07:05:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/12/10 19:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\מתן\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/12/10 19:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\מתן\Application Data\Adobe Mini Bridge CS5
[2010/12/09 14:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/09 13:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/12/07 05:42:26 | 000,000,000 | ---D | C] -- C:\BrowserPlusPlugins
[2010/12/07 05:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\מתן\Local Settings\Application Data\Yahoo!
[2010/11/27 16:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\מתן\Application Data\pdf995
[2010/11/27 15:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/11/27 15:51:54 | 000,249,856 | ---- | C] (TODO: ) -- C:\WINDOWS\System32\pdfmona.dll
[2010/11/27 15:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\מתן\My Documents\*.tmp files -> C:\Documents and Settings\מתן\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/16 23:27:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/16 23:11:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\מתן\שולחן העבודה\OTL.exe
[2010/12/16 22:54:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-764733703-839522115-1004UA.job
[2010/12/16 17:00:02 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/12/16 15:54:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-764733703-839522115-1004Core.job
[2010/12/16 14:00:10 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/16 12:48:21 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\מתן\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/16 12:42:13 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\מתן\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/12/16 09:50:26 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/12/16 08:27:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/16 04:31:34 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\‎McAfee Total Protection.lnk
[2010/12/16 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MATAN-מתן.job
[2010/12/15 11:29:20 | 000,665,600 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\לכתוב לשבוע הבא.doc
[2010/12/14 22:04:15 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/12/14 09:54:53 | 000,002,272 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\Google Chrome.lnk
[2010/12/14 09:54:53 | 000,002,250 | ---- | M] () -- C:\Documents and Settings\מתן\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/13 09:42:48 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/12/13 07:59:17 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/13 07:59:17 | 000,346,216 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2010/12/13 07:59:17 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/13 07:59:17 | 000,067,868 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2010/12/13 07:54:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/13 06:35:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/12 18:29:29 | 000,031,799 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\1000-subscribers.gif
[2010/12/12 02:54:57 | 003,610,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/12 02:54:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/09 14:02:36 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\Adobe Photoshop CS5.lnk
[2010/12/08 19:20:00 | 000,169,593 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\comic3.png
[2010/12/08 19:16:09 | 000,316,776 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\comic2.png
[2010/12/08 19:15:28 | 000,211,014 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\comic1.png
[2010/12/08 12:56:27 | 000,426,675 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\matan3.png
[2010/12/08 12:55:15 | 000,338,982 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\matan2.png
[2010/12/08 12:51:14 | 000,194,546 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\moral-dilemas-work-file.png
[2010/12/08 12:50:03 | 000,093,872 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\matan1.jpg
[2010/12/08 12:48:58 | 064,861,182 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\moral dilemas work file.psd
[2010/12/07 21:19:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\dropbox.db
[2010/12/07 19:55:05 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\מתן\My Documents\דהמרקר.doc
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 16:01:14 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/11/27 16:00:06 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2010/11/27 15:51:54 | 000,249,856 | ---- | M] (TODO: ) -- C:\WINDOWS\System32\pdfmona.dll
[2010/11/27 15:51:54 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/11/26 08:07:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Adobe Reader 9.lnk
[2010/11/23 13:21:15 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\cv-matan.doc
[2010/11/19 18:23:44 | 007,574,476 | ---- | M] () -- C:\Documents and Settings\מתן\שולחן העבודה\מיקי קם-שיר אהובת הסוכן.mp3
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\מתן\My Documents\*.tmp files -> C:\Documents and Settings\מתן\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/12 18:29:29 | 000,031,799 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\1000-subscribers.gif
[2010/12/09 15:50:00 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\מתן\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/12/09 14:17:19 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MATAN-מתן.job
[2010/12/09 14:02:36 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\מתן\שולחן העבודה\Adobe Photoshop CS5.lnk
[2010/12/08 19:19:57 | 000,169,593 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\comic3.png
[2010/12/08 19:16:07 | 000,316,776 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\comic2.png
[2010/12/08 19:15:27 | 000,211,014 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\comic1.png
[2010/12/08 12:56:26 | 000,426,675 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\matan3.png
[2010/12/08 12:55:15 | 000,338,982 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\matan2.png
[2010/12/08 12:51:10 | 000,194,546 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\moral-dilemas-work-file.png
[2010/12/08 12:49:58 | 000,093,872 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\matan1.jpg
[2010/12/08 12:48:53 | 064,861,182 | ---- | C] () -- C:\Documents and Settings\מתן\שולחן העבודה\moral dilemas work file.psd
[2010/12/07 21:19:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\מתן\שולחן העבודה\dropbox.db
[2010/12/07 13:41:53 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\מתן\My Documents\דהמרקר.doc
[2010/11/27 16:00:06 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/11/27 15:51:55 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/11/27 15:51:54 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/11/23 13:21:14 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\מתן\שולחן העבודה\cv-matan.doc
[2010/11/19 18:07:32 | 007,574,476 | ---- | C] () -- C:\Documents and Settings\מתן\שולחן העבודה\מיקי קם-שיר אהובת הסוכן.mp3
[2010/09/17 06:39:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/08/17 11:14:45 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pdfppt2.dll
[2010/08/17 11:13:24 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/08/17 11:13:18 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2010/06/26 07:45:09 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/05 18:09:37 | 000,000,119 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2010/02/05 18:02:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/15 16:31:14 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/17 21:27:01 | 000,272,739 | ---- | C] () -- C:\Documents and Settings\מתן\Application Data\mdbu.bin
[2009/09/27 23:14:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/20 19:14:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/08/20 19:08:20 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdx.DAT
[2009/08/20 19:08:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\מתן\Application Data\Flange Saw
[2009/08/20 19:07:19 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Fruit
[2009/08/20 19:07:19 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\מתן\Application Data\Font Book
[2009/08/20 19:07:19 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeq.DAT
[2009/08/20 19:06:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\מתן\Application Data\Organic
[2009/08/20 19:06:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2009/08/20 18:48:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book
[2009/08/20 18:48:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\מתן\Application Data\Flanger
[2009/08/20 18:48:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/08/20 18:47:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Folder Actions
[2009/08/20 18:47:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\מתן\Application Data\Flags
[2009/08/20 18:47:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/08/20 14:55:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/20 12:22:27 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/20 12:15:15 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/20 09:09:23 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\מתן\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/20 01:52:57 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/19 23:56:19 | 000,005,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/19 08:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\מתן\Local Settings\Application Data\setup.txt
[2007/11/07 01:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/06 16:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/28 14:17:39 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009/08/20 01:49:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/20 01:49:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/20 01:49:50 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/03/02 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/03/02 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/03/02 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/03/02 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/03/02 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/03/02 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/03/02 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/03/02 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/03/02 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/03/02 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/03/02 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/03/02 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/03/02 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/03/02 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/03/02 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/09/25 21:07:08 | 000,045,056 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\PhDi2.sys
[2008/04/13 20:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/09/01 09:57:21 | 001,852,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 04:17:17 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 04:17:17 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 04:17:17 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 04:17:17 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 04:17:17 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 04:17:17 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 04:17:17 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 04:17:17 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 04:17:17 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 04:17:17 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 04:17:17 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 04:17:17 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 04:17:18 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 04:17:29 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 04:17:30 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/10/29 05:38:15 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/13 09:50:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/04 16:06:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/12 10:24:47 | 000,026,138 | ---- | M] () -- C:\ComboFix.txt
[2009/08/20 00:02:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/20 00:02:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/11 14:24:56 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/08/20 00:02:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/20 08:52:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/13 07:54:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/08/20 00:14:36 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2009/08/20 00:14:36 | 000,000,581 | ---- | M] () -- C:\RHDSetup.log
[2009/09/28 16:48:50 | 001,971,662 | ---- | M] () -- C:\TravelersChoiceAwards2009.pdf
[2010/02/05 18:23:57 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2010/02/20 09:36:40 | 000,000,002 | ---- | M] () -- C:\vdir

< %PROGRAMFILES%\*. >
[2009/10/29 05:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\3ivx
[2010/12/09 14:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/12/09 13:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/05/06 00:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/02/05 18:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/01/02 09:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/10/09 18:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/08/23 21:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/08/28 07:15:53 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/05/23 10:33:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/12/09 12:55:06 | 000,000,000 | R--D | M] -- C:\Program Files\Common Files
[2009/08/20 00:00:03 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/07/28 14:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/08/20 12:17:41 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2010/03/26 12:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/08/20 15:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/11/06 19:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Documents To Go Desktop for Android
[2010/03/28 13:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\FeedDemon
[2009/08/20 09:35:00 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2010/09/18 16:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/09/06 13:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/08/20 00:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/08/19 23:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/10/23 12:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\HTC
[2010/07/28 14:28:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/08/20 00:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/14 03:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/20 06:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/12 19:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Jawbone
[2010/07/18 13:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/06/26 07:44:35 | 000,000,000 | ---D | M] -- C:\Program Files\Labtec
[2010/12/15 10:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/02 23:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\MathType
[2010/04/23 19:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/04/26 12:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/08/20 08:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/08/20 11:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/08/20 12:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/08/20 00:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/09/10 18:06:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/27 14:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/01/27 14:58:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/09/05 19:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/08/13 02:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/12/11 09:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/02/13 13:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mr Tracker Google SMS Tracking
[2009/08/24 10:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/10 18:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/08/19 23:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/10/23 12:34:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/04/17 08:21:18 | 000,000,000 | ---D | M] -- C:\Program Files\Multi-Browser Viewer
[2009/10/29 05:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009/08/19 23:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/08/20 08:55:03 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/11/06 08:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2010/07/10 07:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2010/04/13 23:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2010/07/30 10:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/08/20 00:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 02:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/02/05 18:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2010/07/10 07:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/08/17 11:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\PDF-Convert
[2010/11/27 15:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2009/10/30 11:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\PellesC
[2010/09/16 09:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Pidgin
[2010/04/04 10:41:27 | 000,000,000 | ---D | M] -- C:\Program Files\Poedit
[2010/10/09 18:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\PrinterShare
[2010/08/17 11:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\psconvert
[2010/03/06 17:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/20 00:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/24 10:33:58 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/27 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/06/24 05:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2009/08/30 15:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Runtime Software
[2009/11/20 12:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2009/10/05 17:02:25 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/17 11:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Softland
[2010/10/02 08:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\Spirent Communications
[2010/10/26 19:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/12/04 11:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II
[2010/01/28 19:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Trackstick Manager
[2010/01/06 20:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2009/08/20 00:09:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/23 22:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/11/20 12:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/08/20 11:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/08/20 11:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/10/14 20:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/10/15 03:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/20 08:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/20 00:01:40 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/08/20 10:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/05/27 18:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Xenocode
[2009/08/20 00:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/06/25 10:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Zooma_Heb
[2010/03/03 18:40:58 | 000,000,000 | ---D | M] -- C:\Program Files\Zuma Deluxe

< %appdata%\*.* >
[2009/08/20 01:52:22 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\מתן\Application Data\desktop.ini
[2009/08/20 18:47:14 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\מתן\Application Data\Flags
[2009/08/29 06:37:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\מתן\Application Data\Flange Saw
[2009/08/20 18:48:26 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\מתן\Application Data\Flanger
[2009/08/20 19:07:19 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\מתן\Application Data\Font Book
[2010/11/12 17:55:19 | 000,272,739 | ---- | M] () -- C:\Documents and Settings\מתן\Application Data\mdbu.bin
[2010/04/04 07:02:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\מתן\Application Data\Organic


< MD5 for: AGP440.SYS >
[2006/03/02 14:00:00 | 018,773,911 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 14:00:00 | 018,773,911 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/03/02 14:00:00 | 018,773,911 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/03/02 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\DISK.SYS
[2006/03/02 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=2DCCBF3AF0DE3AB8C8889BD577FFE4E1 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:17:19 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=8BCD6F104BED7F1F1513584E9F56B69E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:17:19 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=8BCD6F104BED7F1F1513584E9F56B69E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:17:19 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=8BCD6F104BED7F1F1513584E9F56B69E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7548247ECB9BBF590430B54E29448B9D -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7548247ECB9BBF590430B54E29448B9D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04:17:25 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=89AC5ED8D0D035A9F9F2B10C51A76706 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:17:25 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=89AC5ED8D0D035A9F9F2B10C51A76706 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:17:25 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=89AC5ED8D0D035A9F9F2B10C51A76706 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 20:46:48 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB06BAF4E42D8EE49DD6D0C6E0141B0D -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/03/02 14:00:00 | 000,182,784 | ---- | M] (Microsoft Corporation) MD5=B1A3BACF38964D06DE7BD42762DB8420 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL
[2006/03/02 14:00:00 | 000,182,784 | ---- | M] (Microsoft Corporation) MD5=B1A3BACF38964D06DE7BD42762DB8420 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:17:28 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E48B4FA40B6952B768A3AE0E9AAC5268 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:17:28 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E48B4FA40B6952B768A3AE0E9AAC5268 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:17:28 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E48B4FA40B6952B768A3AE0E9AAC5268 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2006/03/02 14:00:00 | 018,773,911 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/08/20 08:49:25 | 023,886,227 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2006/03/02 14:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\USBSTOR.SYS
[2006/03/02 14:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 20:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 20:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-11 01:04:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Tollan on Thu Dec 16, 2010 10:20 pm

Extras.txt:


OTL Extras logfile created on: 16/12/2010 23:29:38 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\מתן\שולחן העבודה
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 14.60 Gb Free Space | 4.90% Space Free | Partition Type: NTFS
Drive D: | 7.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATAN | User Name: מתן | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1068:TCP" = 1068:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: )
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: )
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Jawbone\JawboneUpdater.exe" = C:\Program Files\Jawbone\JawboneUpdater.exe:*:Enabled:JawboneUpdater -- ()
"C:\Documents and Settings\מתן\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\מתן\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{035D48BB-503E-4F09-9D52-EC57D3411DDC}" = Windows Live Essentials
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B5EAB9B-3AD2-4FFE-A6A5-A439DCF44B07}_is1" = Version 6.9
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1343E2A5-B072-4B2C-AFC3-CBBEBB09FF2A}" = Multi-Browser Viewer
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.44.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55542221-D20E-45B0-B1EE-34721D086AD7}" = Trackstick Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{601F1CA9-F8C4-462C-91AF-6FBAFE3A9F86}" = PrinterShare 2.3.04
"{634328D0-C948-4C4D-BDE9-58015B941648}" = Windows Live Messenger
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D041B4C-076F-4F16-A2F9-B0F8D7B81033}" = Nero BackItUp 2 Essentials
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{8046A32C-88A7-45DA-B6D7-B6191E261033}" = Nero 7 Essentials
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{885A5214-9CDD-40E0-A89D-7672588748E1}" = Windows Live Call
"{88F7D07F-0351-46AD-ABC2-1D1F14F4C037}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BCBA462D-3E1B-416C-89F8-492020D4BBF4}" = מסייע הכניסה של Windows Live
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F4D50DC5-48FB-48E9-9F02-43296E477450}" = Intel(R) Platform Administration Technology
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = חבילת התקני Windows. - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Browser Defender_is1" = Browser Defender 2.0.6.10
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CSCLIB" = Canon Camera Support Core Library
"DSMT6" = MathType 6
"DTGDesktop-Android" = Documents To Go Desktop for Android
"EOS Utility" = Canon Utilities EOS Utility
"FeedDemon_is1" = FeedDemon
"FileZilla Client" = FileZilla Client 3.2.7
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HECI" = Intel(R) Management Engine Interface
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Intelli-studio" = SAMSUNG Intelli-studio
"Jawbone Updater" = Jawbone Updater
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = ‎McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"novaPDF Lite Desktop 7 printer_is1" = novaPDF Lite Desktop 7.1 printer
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pdf995" = Pdf995
"PE Builder_is1" = PE Builder 3.1.10a
"PellesC" = Pelles C for Windows (remove only)
"Pidgin" = Pidgin
"PPT to PDF Converter_is1" = PPT to PDF Converter 3.00
"QcDrv" = Labtec Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RegCure" = RegCure
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.85
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"StarCraft II" = StarCraft II
"uTorrent" = Torrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zooma_is1" = Zooma
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma Deluxe_is1" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/12/2010 01:57:08 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Our Record 2 won: 4CAE9C20 19 matan._printershare._tcp.local.
SRV 0 0 25654 matan.local.

Error - 13/12/2010 01:57:09 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Pkt Record: 4CAE9C20 19 matan._printershare._tcp.local.
SRV 0 0 25654 matan.local.

Error - 13/12/2010 01:57:09 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Our Record 3 lost: 4CAE9C20 19 matan._printershare._tcp.local.
SRV 0 0 13924 matan.local.

Error - 13/12/2010 01:57:09 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Pkt Record: 4CAE9C20 19 matan._printershare._tcp.local.
SRV 0 0 25654 matan.local.

Error - 13/12/2010 01:57:09 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Our Record 3 lost: 4CAE9C20 19 matan._printershare._tcp.local.
SRV 0 0 13924 matan.local.

Error - 13/12/2010 01:57:09 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
began probing: 19 matan._printershare._tcp.local. SRV 0 0 13924 matan.local.

Error - 13/12/2010 01:57:10 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 10.0.0.1:1050 19 matan._printershare._tcp.local.
SRV 0 0 25654 matan.local.

Error - 13/12/2010 01:57:10 | Computer Name = MATAN | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 19 matan._printershare._tcp.local.
SRV 0 0 13924 matan.local.

Error - 16/12/2010 17:29:03 | Computer Name = MATAN | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב OTL.exe, גירסה 3.2.17.3, מודול חוסר תגובה hungapp,
גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 16/12/2010 17:59:01 | Computer Name = MATAN | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום hpwucli.exe, גירסה 5.0.9.0, תקלה במודול kernel32.dll,
גירסה 5.1.2600.5781, כתובת התקלה 0x00009823‏.

[ System Events ]
Error - 12/12/2010 04:01:10 | Computer Name = MATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/12/2010 11:52:58 | Computer Name = MATAN | Source = Service Control Manager | ID = 7022
Description = The שירות HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/12/2010 11:52:58 | Computer Name = MATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 13/12/2010 01:54:48 | Computer Name = MATAN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
001CC0799084 has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent
a DHCPNACK message).

Error - 13/12/2010 01:57:00 | Computer Name = MATAN | Source = Service Control Manager | ID = 7022
Description = The שירות HP CUE DeviceDiscovery Service service hung on starting.

Error - 13/12/2010 01:57:00 | Computer Name = MATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 16/12/2010 17:13:12 | Computer Name = MATAN | Source = SRService | ID = 104
Description = ‏‏תהליך האתחול של שחזור המערכת נכשל.

Error - 16/12/2010 17:13:12 | Computer Name = MATAN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 16/12/2010 17:30:06 | Computer Name = MATAN | Source = SRService | ID = 104
Description = ‏‏תהליך האתחול של שחזור המערכת נכשל.

Error - 16/12/2010 17:30:06 | Computer Name = MATAN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Sneakyone on Fri Dec 17, 2010 3:20 pm

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


===================

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

================

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Tollan on Mon Dec 20, 2010 9:58 am

okay, here is the combo fix log:



ComboFix 10-12-18.02 - מתן 12/20/2010 11:33:28.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1255.972.1037.18.3068.2293 [GMT 2:00]
Running from: c:\documents and settings\מתן\שולחן העבודה\commy.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\XSxS

.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-16 05:05 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 05:04 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-10 17:01 . 2010-12-10 17:01 -------- d-----w- c:\documents and settings\מתן\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-10 17:01 . 2010-12-10 17:01 -------- d-----w- c:\documents and settings\מתן\Application Data\Adobe Mini Bridge CS5
2010-12-09 12:02 . 2010-12-09 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-12-09 11:59 . 2010-12-09 11:59 -------- d-----w- c:\program files\Adobe Media Player
2010-12-07 03:42 . 2010-12-07 03:42 -------- d-----w- C:\BrowserPlusPlugins
2010-12-07 03:42 . 2010-12-07 03:42 -------- d-----w- c:\documents and settings\מתן\Local Settings\Application Data\Yahoo!
2010-11-27 14:00 . 2010-11-27 14:00 -------- d-----w- c:\documents and settings\מתן\Application Data\pdf995
2010-11-27 13:51 . 2010-11-27 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-11-27 13:51 . 2010-11-27 14:01 59 ----a-w- c:\windows\wpd99.drv
2010-11-27 13:51 . 2010-11-27 13:53 -------- d-----w- c:\program files\pdf995
2010-11-27 13:51 . 2010-11-27 13:51 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-11-27 13:51 . 2010-11-27 13:51 249856 ----a-w- c:\windows\system32\pdfmona.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 15:42 . 2009-08-22 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 15:42 . 2009-08-22 13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:15 . 2009-08-19 22:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 15:55 . 2009-10-17 19:27 272739 ----a-w- c:\documents and settings\מתן\Application Data\mdbu.bin
2010-11-06 00:21 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:08 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853184 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 00:17 . 2010-09-28 00:17 37376 ----a-w- c:\windows\system32\libusb0.dll
2010-09-28 00:17 . 2010-09-28 00:17 20992 ----a-w- c:\windows\system32\drivers\libusb0.sys
2010-01-05 15:04 . 2010-06-22 18:27 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PrinterShare"="c:\program files\PrinterShare\paConsole.exe" [2010-07-28 1107456]
"Octoshape Streaming Services"="c:\documents and settings\מתן\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\מתן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16862720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-05-29 479232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-09 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Žš\š šŒ\šš\Œ\
Dropbox.lnk - c:\documents and settings\Žš\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 00:10 136176 ----atw- c:\documents and settings\מתן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-03-06 14:48 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-03-06 14:58 1060376 ----a-w- c:\program files\Labtec\WebCam10\WebCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:17 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 13:43 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-05-29 14:58 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 09:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-29 14:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trackstick Manager.exe]
2010-01-06 15:51 2809856 ----a-w- c:\program files\Trackstick Manager\Trackstick Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
"c:\\Documents and Settings\\מתן\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15/11/2009 16:27 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/08/2009 12:15 691696]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23/04/2010 19:39 82952]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [02/03/2006 14:00 14336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [15/11/2009 16:31 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/08/2009 04:35 88176]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/04/2010 19:39 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [23/04/2010 19:39 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [23/04/2010 19:39 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [23/04/2010 19:39 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23/04/2010 19:39 55456]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [20/08/2009 00:17 244368]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23/04/2010 19:39 312584]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [23/04/2010 19:39 88480]
S2 0147501282686806mcinstcleanup;McAfee Application Installer Cleanup (0147501282686806);c:\windows\TEMP\014750~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\014750~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1ca28b79fb728ac;שירות Google Update (gupdate1ca28b79fb728ac);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2009 16:47 133104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [02/10/2010 08:44 24576]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [28/09/2010 02:17 20992]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [23/04/2010 19:39 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23/04/2010 19:39 83496]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/11/2009 16:26 358600]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-MATAN-מתן.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-09 11:54]

2010-12-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 14:46]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 14:47]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 14:47]

2010-12-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-12-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-12-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Firebug: [You must be registered and logged in to see this link.] - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-20 11:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-764733703-839522115-1004\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\devmgmt.msc"
"File2"="c:\\WINDOWS\\system32\\services.msc"

[HKEY_USERS\S-1-5-21-436374069-764733703-839522115-1004\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Settings]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5360)
c:\windows\system32\WININET.dll
c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-20 11:44:53
ComboFix-quarantined-files.txt 2010-12-20 09:44
ComboFix2.txt 2010-06-12 08:24

Pre-Run: 6,860,120,064 bytes free
Post-Run: 7,542,484,992 bytes free

- - End Of File - - E9AA2A7A1C53223F3C099DEF1790A4F8




here is the Mbytes log:

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/12/2010 11:57:51
mbam-log-2010-12-20 (11-57-51).txt

Scan type: Quick scan
Objects scanned: 144660
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




here is the MBRCheck log:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spub.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6E000 ACPI.sys
0xB7E4E000 fltmgr.sys
0xB7E3D000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E1E000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E06000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DCF000 PCTCore.sys
0xB7D73000 mfehidk.sys
0xB7D5C000 KSecDD.sys
0xB7D49000 WudfPf.sys
0xB7CBC000 Ntfs.sys
0xB7C8F000 NDIS.sys
0xB7C75000 Mup.sys
0xB6A5F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6A4B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7557000 \SystemRoot\system32\DRIVERS\HECI.sys
0xB6A0D000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xB8458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB69E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB69C1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7547000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB7527000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7C35000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8128000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8478000 \SystemRoot\system32\drivers\Afc.sys
0xB8138000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8148000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB699E000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8480000 \SystemRoot\system32\drivers\InCDPass.sys
0xB8158000 \SystemRoot\system32\drivers\InCDRm.sys
0xB6965000 \SystemRoot\System32\Drivers\a2s8ignb.SYS
0xB8168000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8703000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB6951000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C19000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB693A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6929000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB6905000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB68BA000 \SystemRoot\system32\drivers\mfefirek.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB64EA000 \SystemRoot\system32\DRIVERS\update.sys
0xB855C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8602000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3EE5000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB3EC1000 \SystemRoot\system32\drivers\portcls.sys
0xB8258000 \SystemRoot\system32\drivers\drmk.sys
0xB8606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86D8000 \SystemRoot\System32\Drivers\Null.SYS
0xB8608000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83E8000 \SystemRoot\System32\drivers\vga.sys
0xB860A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB860C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB43DE000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB3E0D000 \SystemRoot\system32\drivers\InCDFs.sys
0xB83F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB43DA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3DFA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3DA1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3D8E000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB3D68000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3D40000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3D1E000 \SystemRoot\System32\drivers\afd.sys
0xB8278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3CF3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3C83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8298000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3EB9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3EB5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
0xB3EA9000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8408000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8410000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB8418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3EA1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB3E81000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB3BAA000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB3B92000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8652000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3E65000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8430000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86FC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB374E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB357D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB33AC000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3304000 \SystemRoot\system32\DRIVERS\srv.sys
0xB32B4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2E6B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB31BC000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2EC8000 \SystemRoot\system32\drivers\cfwids.sys
0x9F021000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9EFF9000 \SystemRoot\system32\DRIVERS\sr.sys
0xA5E1C000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB8388000 \??\C:\DOCUME~1\5F05~1\LOCALS~1\Temp\catchme.sys
0x9EFCE000 \SystemRoot\system32\drivers\kmixer.sys
0x9EFB8000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB1DC8000 \SystemRoot\system32\drivers\mfebopk.sys
0x7C950000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 57):
0 System Idle Process
4 System
1056 C:\WINDOWS\system32\smss.exe
1120 csrss.exe
1144 C:\WINDOWS\system32\winlogon.exe
1192 C:\WINDOWS\system32\services.exe
1204 C:\WINDOWS\system32\lsass.exe
1372 C:\WINDOWS\system32\nvsvc32.exe
1444 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1644 C:\WINDOWS\system32\svchost.exe
1688 C:\WINDOWS\system32\svchost.exe
1848 svchost.exe
1988 svchost.exe
252 C:\WINDOWS\system32\spoolsv.exe
376 svchost.exe
412 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
424 C:\WINDOWS\system32\svchost.exe
440 C:\Program Files\Bonjour\mDNSResponder.exe
468 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
148 C:\WINDOWS\system32\svchost.exe
1208 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
1468 C:\Program Files\Java\jre6\bin\jqs.exe
1832 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1944 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
556 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
572 C:\WINDOWS\system32\svchost.exe
924 C:\WINDOWS\system32\svchost.exe
1844 C:\WINDOWS\system32\svchost.exe
2068 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2180 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2584 C:\Program Files\Canon\CAL\CALMAIN.exe
3632 C:\WINDOWS\RTHDCPL.exe
3688 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
3720 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3960 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
4016 C:\Program Files\McAfee.com\Agent\mcagent.exe
1612 C:\WINDOWS\system32\rundll32.exe
2120 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2988 C:\WINDOWS\system32\ctfmon.exe
796 C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
3052 alg.exe
2332 C:\WINDOWS\system32\svchost.exe
1744 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
5336 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
5360 C:\WINDOWS\explorer.exe
5668 C:\WINDOWS\system32\notepad.exe
3728 C:\Documents and Settings\
2316 C:\Documents and Settings\
4496 C:\Documents and Settings\
6128 C:\Documents and Settings\
2648 C:\Documents and Settings\
3908 C:\Documents and Settings\
5804 C:\Documents and Settings\
5876 C:\Documents and Settings\
5584 C:\Documents and Settings\
4380 C:\Documents and Settings\

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-00YGA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!





Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Sneakyone on Tue Dec 21, 2010 12:29 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Tollan on Tue Dec 21, 2010 10:41 am

here is the ESET log file:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=43f34490a151ec4796c43e86dbf1a7b2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-21 10:37:23
# local_time=2010-12-21 12:37:23 )
# country="Israel"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777173 100 75 20877071 24721574 0 0
# compatibility_mode=8192 67108863 100 0 3954 3954 0 0
# scanned=148889
# found=7
# cleaned=7
# scan_time=6273
C:\Documents and Settings\מתן\My Documents\Downloads\PDF_Creator_Setup.exe a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Matan Files\לימודים\סמסטר א\תכנות\תרגיל 10\prime.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Matan Files\תוכנות\MusicMaster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Matan Files\תוכנות\MusicStation.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{94B1FCAC-0D2F-4BBE-A4EB-7E44DC01AB74}\RP1\A0000103.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{94B1FCAC-0D2F-4BBE-A4EB-7E44DC01AB74}\RP1\A0000104.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{94B1FCAC-0D2F-4BBE-A4EB-7E44DC01AB74}\RP1\A0000105.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Sneakyone on Wed Dec 22, 2010 7:59 am

Hi,

How is your computer running now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Tollan on Sun Dec 26, 2010 9:36 am

it seems to be running fine. are the logs showing it's clean?

Tollan
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-15
OS : Windows XP

View user profile

Back to top Go down

Re: mail sending out spam messages

Post by Sneakyone on Sun Dec 26, 2010 11:33 pm

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade

Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===============

Staying Protected

If you don't have a Anti-Virus I recommend to download these free Anti-Virus programs:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]
3. [You must be registered and logged in to see this link.]

If you don't have a good firewall I recommend these free firewalls:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]

I recommend using [You must be registered and logged in to see this link.] for a anti-malware program.

If you don't have a anti-spyware I recommend to download these free programs to help keep you spyware free:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]

Please don't download more than one Anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

4. Always make sure you have the latest [You must be registered and logged in to see this link.].

5. Use a Site Advisor so you don't go to sites that will infect you. [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

6. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] to keep you more safe.

7. Always keep your [You must be registered and logged in to see this link.] and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum