My computer is sending spam to people in my e-mailing list.

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Sun 09 Jan 2011, 12:26 pm

First topic message reminder :

Basically what is happening is a ran Malwarebyte's anti malware and combofix on my computer and it could not find any malicious software. what happens is every day, I receive 24 e-mails abuot delivery failed notice, because my computer is sending spam to everyone in my e-mailing lists in the form of e-mails. After that I get 1 last e-mail from myself!? My friends have told me the e-mails they receive from me is spam. After Malwarebytes anti malware and combifix have failed to fix the problem, I have no idea what to do. Thank you in advance.


OTL logfile created on: 1/8/2011 8:07:23 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Maxim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 106.37 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive F: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAXIM-9C1E76C15 | User Name: Maxim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 20:04:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.com
PRC - [2010/12/10 18:58:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/06 09:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/04/16 17:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/09 17:35:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/13 18:51:24 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 18:49:22 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/10/28 08:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/10/21 12:28:40 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2003/06/24 01:31:35 | 000,442,368 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe


========== Modules (SafeList) ==========

MOD - [2011/01/08 20:04:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/28 08:27:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/05/16 01:01:51 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/01/04 20:54:45 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/09/17 11:13:10 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Maxim\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/08/09 17:35:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Maxim\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/11/03 17:00:25 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/21 15:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/17 08:38:37 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/05 12:23:27 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/02 04:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/10/21 12:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 12:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 12:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 12:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/14 02:27:50 | 000,018,838 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/07/23 14:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 18:58:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 18:58:54 | 000,000,000 | ---D | M]

[2008/08/26 15:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Extensions
[2011/01/08 13:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions
[2010/05/14 16:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/24 14:01:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/05 16:16:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/07 01:12:17 | 000,000,000 | ---D | M] (Veoh Web Player Toolbar) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2010/01/02 23:17:37 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\firefox@tvunetworks.com
[2010/05/09 20:48:45 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\searchplugins\AOL Search.xml
[2010/07/25 01:57:04 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\searchplugins\bing.xml
[2010/06/29 17:22:34 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\searchplugins\conduit.xml
[2011/01/08 13:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/22 15:38:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/12/13 20:50:58 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2010/07/13 10:44:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/04/29 14:51:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/02 12:50:33 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2007/08/15 19:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/06/23 01:21:33 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2008/11/11 01:54:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/05/09 20:48:45 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2010/05/05 14:36:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
O4 - HKLM..\Run: [OfficeKB] C:\PROGRA~1\OfficeKB\OfficeKB.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKCU..\Run: [Mikogo] C:\Documents and Settings\Maxim\Application Data\Mikogo\Mikogo-Host.exe (Mikogo)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Maxim\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Maxim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maxim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/20 23:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/30 05:03:45 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/06/25 01:50:03 | 000,152,848 | R--- | M] (KOEI Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/01 05:35:52 | 000,914,704 | R--- | M] (KOEI Co., Ltd.) - F:\AutoRunInstall.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\system32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 20:04:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.com
[2011/01/08 03:03:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/08 02:51:59 | 000,000,000 | ---D | C] -- C:\Combo-Fix2296C
[2011/01/07 16:24:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\49471DB87F3C42DB89C2AC50FA0C5290.TMP
[2011/01/03 14:46:10 | 000,463,360 | ---- | C] (Dino Chiesa) -- C:\Documents and Settings\Maxim\Desktop\Ionic.Zip.dll
[2011/01/03 14:46:10 | 000,037,888 | ---- | C] (lolbase.net) -- C:\Documents and Settings\Maxim\Desktop\LoLBaseUploader.exe
[2010/12/24 20:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Application Data\Armagetron
[2010/12/24 20:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Armagetron Advanced
[2010/12/24 20:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2010/12/19 22:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2010/12/19 16:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Local Settings\Application Data\TechSmith
[2010/12/19 16:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\My Documents\Camtasia Studio
[2010/12/19 16:19:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/12/19 16:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2010/12/19 16:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/12/19 16:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/12/19 16:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/12/18 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Ultramarines
[2010/12/15 20:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Start Menu\Programs\PokerTracker 3
[2010/12/15 19:52:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 19:51:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/08 20:04:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.com
[2011/01/08 14:18:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/08 13:32:52 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/08 02:38:56 | 004,150,017 | R--- | M] () -- C:\Documents and Settings\Maxim\Desktop\Combo-Fix.exe
[2011/01/08 02:07:17 | 016,566,343 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\zeru's stuff.zip
[2011/01/07 17:12:34 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\Maxim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 16:11:37 | 183,055,872 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\camtasia.msi
[2011/01/05 08:58:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/05 08:58:39 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/01/05 08:58:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/29 19:59:51 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\Lag pf ranges.doc
[2010/12/23 17:19:11 | 000,606,387 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\1. The Learning Framework.pdf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 22:15:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2010/12/19 16:19:26 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/12/18 16:52:25 | 023,239,510 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\agro player Strategy F.wmv
[2010/12/18 15:59:08 | 018,251,828 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\Tight Player Lesson F.wmv
[2010/12/17 17:41:33 | 015,737,260 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\Station Lesson F.wmv
[2010/12/16 10:32:18 | 000,107,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 03:04:16 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 20:23:06 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\PokerTracker 3.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/08 02:04:00 | 016,566,343 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\zeru's stuff.zip
[2011/01/07 16:08:43 | 183,055,872 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\camtasia.msi
[2010/12/29 19:59:51 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\Lag pf ranges.doc
[2010/12/23 17:19:03 | 000,606,387 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\1. The Learning Framework.pdf
[2010/12/19 22:15:21 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2010/12/19 16:19:26 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/12/18 16:47:06 | 023,239,510 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\agro player Strategy F.wmv
[2010/12/18 15:55:12 | 018,251,828 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\Tight Player Lesson F.wmv
[2010/12/17 17:37:08 | 015,737,260 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\Station Lesson F.wmv
[2010/12/15 20:23:06 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\PokerTracker 3.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/09/16 02:17:58 | 001,628,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/22 18:45:00 | 000,005,077 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[2010/04/20 23:05:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/08/24 17:00:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/24 17:00:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/24 17:00:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/10 13:31:47 | 000,000,286 | ---- | C] () -- C:\Program Files\qjhnfze.txt
[2009/07/03 13:31:54 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/06/06 01:32:36 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNat.gif
[2009/06/06 01:32:36 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNzn.gif
[2009/06/06 01:32:36 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNby.gif
[2009/04/16 02:01:55 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/02 17:59:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/11 13:58:00 | 000,002,908 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/15 18:04:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/06 02:03:38 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\Maxim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/03 01:05:51 | 000,008,272 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/23 18:48:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SetSel.INI
[2007/06/21 19:48:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/21 00:01:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/06/21 00:01:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/06/21 00:01:35 | 000,024,816 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/06/21 00:01:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/06/21 00:01:25 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/13 13:43:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2000/04/27 14:14:02 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/06/20 23:56:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/08/10 13:31:47 | 000,000,286 | ---- | M] () -- C:\Program Files\qjhnfze.txt

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/03 23:17:10 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/06/20 23:59:33 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Maxim\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/06/20 23:59:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/08/09 19:44:14 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Maxim\Desktop\1234.exe
[2011/01/08 02:38:56 | 004,150,017 | R--- | M] () -- C:\Documents and Settings\Maxim\Desktop\Combo-Fix.exe
[2010/02/11 15:09:30 | 000,037,888 | ---- | M] (lolbase.net) -- C:\Documents and Settings\Maxim\Desktop\LoLBaseUploader.exe
[2010/02/27 12:25:00 | 001,498,968 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\LoLInstaller.exe
[2010/09/14 18:19:54 | 001,676,592 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\mikogo-starter.exe
[2008/03/02 21:19:06 | 125,892,318 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\OOo_2.3.1_Win32Intel_install_wJRE_en-US.exe
[2010/05/05 07:21:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.exe
[2009/08/10 21:26:58 | 000,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTM.exe
[2010/04/16 15:07:40 | 002,178,224 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\TestRealmInstallerDownloader.04_05_2010.exe
[2010/05/11 21:33:25 | 003,249,480 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Maxim\Desktop\UnityWebPlayer.exe
[2010/04/10 14:11:12 | 011,048,840 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\veetle-0.9.17.exe
[2010/11/16 16:25:09 | 012,958,736 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\VeohWebPlayerSetup_eng.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/10 18:58:50 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/10 18:58:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/10 18:58:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/10 18:58:52 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2007/10/13 17:59:13 | 140,202,521 | ---- | M] () -- C:\Program Files\Mozilla Firefox\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe
[2008/02/11 22:41:51 | 141,909,560 | ---- | M] () -- C:\Program Files\Mozilla Firefox\WoW-2.3.3.7799-to-0.4.0.7897-enUS-patch.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/06/20 23:59:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Maxim\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/06/21 19:45:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/21 19:45:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/21 19:45:27 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/02/28 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2009/09/18 10:25:18 | 000,003,911 | ---- | M] () -- C:\ATMA_config.ini
[2007/06/20 23:56:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/10 13:46:39 | 000,000,293 | ---- | M] () -- C:\Boot.bak
[2010/09/21 06:54:19 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2007/12/17 23:30:41 | 000,001,249 | ---- | M] () -- C:\ClientLog.txt
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/08 02:59:20 | 000,180,333 | ---- | M] () -- C:\ComboFix.txt
[2007/06/20 23:56:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/06/20 23:56:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/20 20:38:33 | 000,001,101 | -H-- | M] () -- C:\IPH.PH
[2010/05/04 19:07:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/06/20 23:56:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 23:12:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/05 08:58:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/10/02 11:23:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/06/21 19:49:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/10/02 11:23:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/21 19:49:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm


Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down


Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Sat 15 Jan 2011, 10:01 am

Hi,

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent and uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.
======

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: [You must be registered and logged in to see this link.]

Additional info: [You must be registered and logged in to see this link.]

I suggest you remove the program now.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Sat 15 Jan 2011, 11:26 am

I have removed both file sharing software like you suggested and viewpoint media player.

However, I am greatly confused as to why peer to peer haring is bad, as most free stuff I have gotten came from file sharing using peer to peer.

Free games for exemple, frees softwares (Gimp, open office) also DLL or softwares related to my outdated hardwares that I cannot find anywhere else. Also the new video games that I got cannot be update without the use of peer to peer (World of warcraft, all my steam games.) So without all these peer to peer how can I remedy to certain problems I encounter. (Like I bought some times ago a copy of Diablo 2, the game but we wanted me and my friends to play an older version of a certain patch instead of the new version that we don't like, so we needed to download the specific patches up to this one because if we logged online it would auto patch the new one. Those are hard problems to solve without peer to peer)


I don't use peer to peer to not have to buy music or stuff like that, I still buy cds and I got a big DvD collection. The thing is, when you want something out of print or something like our problem above, or e-books that I purchase and are given to me via peer to peer. What are the alternatives besides peer to peer file sharing? Sorry if I burden you with this question, im just confused about all this. Thank you for your time.

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Sat 15 Jan 2011, 12:10 pm

Hi,

Well, in the end it's your choice whether or not you want to keep your P2P programs. The risk is quite high when using them that you will get an infected download since you can't verify the author or the source of the files, even if you are downloading perfectly legal things like patches etc.

Steam is a different service from P2P programs like Limewire, Frostwire, BitTorrent etc simply because they offer that ability to download patches and such or even pay for games.

As I said, it's up to you I simply caution you since the odds aren't exactly in your favor.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Sat 15 Jan 2011, 12:53 pm

I have removed them as per your suggestion, but the problems have not yet been solved concerning receiving batches of spam from my computer(My friends have confirmed) Is there anything I could hope to do, or is it damaged beyond repair?

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Sat 15 Jan 2011, 3:01 pm

Your email was likely harvested. Have you changed your password from a known clean machine since this started happening?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Sat 15 Jan 2011, 3:20 pm

Nope

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Sat 15 Jan 2011, 5:14 pm

I ran ESET again and it found 4 more infections it had not previously found. Hope this is of any help:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=0654487f7391264794caf0e90d4cd848
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-10 01:53:53
# local_time=2011-01-09 08:53:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 43834356 43834356 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177606
# found=37
# cleaned=37
# scan_time=3416
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Update\googleupdate.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\jodpehbio\tsawndytssd .exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\jodpehbio\tsawndytssd.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\wngpefagk\ttsmqkktssd .exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\wngpefagk\ttsmqkktssd.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\temp\7913dc72.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\temp\lcibai.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\temp\system.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\temp\xxtxx2yz.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\B3W5W0V2\fwevpovto[1].htm Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Maxim\Local Settings\Application Data\jodpehbio\tsawndytssd .exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Maxim\Local Settings\Application Data\wngpefagk\ttsmqkktssd .exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Maxim\Local Settings\Application Data\Google\Update\googleupdate.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Analog Devices\Core\smax4pnp.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Common Files\Adobe\ARM\1.0\adobearm.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Common Files\Ahead\Lib\nerocheck.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Common Files\Ahead\Lib\nmbgmonitor.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\CyberLink\PowerDVD\pdvdserv.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\CyberLink\PowerDVD\Language\language.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\iTunes\ituneshelper.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\khalmnpr.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\rundll32 .exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\NVIDIA Corporation\nView\nwiz.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Pando Networks\Media Booster\pmb.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\PROGRA~1\OfficeKB\officekb.exe.vir Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\isapnp.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038959.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038960.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038961.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038962.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038963.exe Win32/TrojanDownloader.Unruy.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038964.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{67B3C756-D887-4359-B4D9-A09C29921E96}\RP245\A0038965.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=0654487f7391264794caf0e90d4cd848
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-15 06:10:54
# local_time=2011-01-15 01:10:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 44279256 44279256 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 362243 362243 0 0
# scanned=205329
# found=4
# cleaned=4
# scan_time=5938
C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-20171b78 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Maxim\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-20171b78 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-20171b78 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_qnzdbec_.sys.zip Win32/Bubnix.AO trojan (deleted - quarantined) 00000000000000000000000000000000 C

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Sun 16 Jan 2011, 4:49 am

Hi,

Please change your password ASAP. Do you still have HA_Meb_Check on your desktop? Please run that once more and post its log here.

Finally, please don't run any scans unless asked to do so by a member of staff here

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Sun 16 Jan 2011, 7:45 am

C:\Documents and Settings\Maxim\Desktop\HAMeb_check.exe
Sat 01/15/2011 at 15:45:30.79

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Sun 16 Jan 2011, 2:42 pm

Hi,

It seems the MBR has stood up to disinfection. I will be back asap with a fix for you

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Tue 18 Jan 2011, 5:50 am

Okay, sounds great.

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Tue 18 Jan 2011, 8:47 am

Hi Uthanak,

Unfortunately the only way to remedy that malicious code in the MBR is a reformat and a reinstall of your operating system. Occasionally it comes down to this when malware does a lot of damage to a machine.

If you would like help backing up your data and reformatting I would be happy to help

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Tue 18 Jan 2011, 11:03 am

Can we give help assist mbr root fix another try before that? Maybe i did not do it correctly the first time.

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Tue 18 Jan 2011, 2:18 pm

Sure, go ahead. The MBR looks fine though. It's just the leftover malicious code.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Wed 19 Jan 2011, 11:41 pm

Well even so it has not done it ever since, here to hoping.



C:\Documents and Settings\Maxim\Desktop\HelpAsst_mebroot_fix.exe
Wed 01/19/2011 at 3:50:29.44

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Wed 01/19/2011 at 7:39:50.76

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Thu 20 Jan 2011, 5:38 am

Yeah just as I thought. Everything else has been remedied but that malicious code remains. A reformat is the way to go here unfortunately

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Uthanak on Thu 20 Jan 2011, 12:40 pm

Well okay, thanks for your help.

Uthanak

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2009-08-10
Operating System : windows xp

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Crush on Thu 20 Jan 2011, 12:47 pm

No problem. Glad to help. Sorry it had to come to this

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: My computer is sending spam to people in my e-mailing list.

Post by Sponsored content Today at 1:00 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum