Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hotmail sending spam emails

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hotmail sending spam emails

Unread postby Zaphod » November 1st, 2010, 3:36 pm

Hello. My hotmail account has sent spam emails to my contact list a number of times over the last week. I have AVG (which found nothing) and have also run Malware Bytes (again hasn't found anything).

Thanks in advance for your assistance.

Below is the other requested info:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:33:28 PM, on 11/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8851 bytes


Uninstall list:

Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Akamai NetSession Interface
AVG 2011
AVG 2011
AVG 2011
D3DX10
ESU for Microsoft Vista
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0086
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Malwarebytes' Anti-Malware
Memeo Backup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SpywareBlaster 4.4
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
Yahoo! Toolbar for Internet Explorer
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm
Advertisement
Register to Remove

Re: Hotmail sending spam emails

Unread postby Cypher » November 2nd, 2010, 3:31 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
How to backup your data - Vista



Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Java(TM) SE Runtime Environment 6
SUPERAntiSpyware


Next.

Malwarebytes Anti-Malware:

You mentioned you ran MBAM but i would like you to run it again.

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 12:55 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5024

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/2/2010 4:38:38 PM
mbam-log-2010-11-02 (16-38-38).txt

Scan type: Quick scan
Objects scanned: 139390
Time elapsed: 13 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 12:56 am

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ron at 2010-11-02 16:45:07
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 42 GB (39%) free of 106 GB
Total RAM: 2038 MB (29% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773262968-4200875264-556786824-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773262968-4200875264-556786824-1000UA.job
C:\Windows\tasks\HPCeeScheduleForRon.job
C:\Windows\tasks\User_Feed_Synchronization-{FC29251C-CE18-491C-8484-6C28F8941163}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-09-15 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-28 1721640]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-06-09 7539232]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Memeo Backup"=C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [2010-07-28 136416]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-10-29 329096]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-02 16:42:06 ----D---- C:\rsit
2010-11-01 14:25:24 ----D---- C:\Program Files\SpywareBlaster
2010-11-01 14:22:11 ----D---- C:\Users\Ron\AppData\Roaming\WinPatrol
2010-11-01 14:22:06 ----D---- C:\ProgramData\InstallMate
2010-11-01 14:22:06 ----D---- C:\Program Files\BillP Studios
2010-11-01 13:39:53 ----D---- C:\Program Files\Trend Micro
2010-11-01 11:53:44 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-27 08:11:32 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 08:11:29 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 08:11:28 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-24 17:09:48 ----D---- C:\Program Files\Common Files\Adobe
2010-10-24 17:04:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-10-21 15:07:26 ----D---- C:\Users\Ron\AppData\Roaming\Windows Live Writer
2010-10-21 14:36:56 ----A---- C:\Windows\system32\webservices.dll
2010-10-20 12:02:49 ----A---- C:\Windows\system32\javaws.exe
2010-10-20 12:02:49 ----A---- C:\Windows\system32\javaw.exe
2010-10-20 12:02:49 ----A---- C:\Windows\system32\java.exe
2010-10-20 11:41:55 ----AD---- C:\ProgramData\TEMP
2010-10-20 09:02:33 ----D---- C:\Users\Ron\AppData\Roaming\AVG10
2010-10-20 09:01:17 ----HD---- C:\ProgramData\Common Files
2010-10-20 08:59:18 ----D---- C:\Windows\system32\drivers\AVG
2010-10-20 08:59:17 ----D---- C:\ProgramData\AVG10
2010-10-20 08:39:11 ----D---- C:\ProgramData\MFAData
2010-10-19 17:15:08 ----D---- C:\Users\Ron\AppData\Roaming\TeamViewer
2010-10-19 13:26:52 ----D---- C:\Users\Ron\AppData\Roaming\PeerNetworking
2010-10-19 12:44:18 ----D---- C:\Users\Ron\AppData\Roaming\Intel Corporation
2010-10-19 12:35:27 ----D---- C:\Program Files\Intel
2010-10-19 12:34:43 ----A---- C:\Windows\system32\drivers\iaStor.sys
2010-10-19 12:34:40 ----D---- C:\Users\Ron\AppData\Roaming\InstallShield
2010-10-18 11:00:59 ----D---- C:\Program Files\Adobe
2010-10-16 09:02:26 ----D---- C:\Users\Ron\AppData\Roaming\Malwarebytes
2010-10-16 09:02:05 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-16 09:02:03 ----D---- C:\ProgramData\Malwarebytes
2010-10-16 09:02:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-16 09:02:00 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-10-13 19:53:34 ----D---- C:\ProgramData\LightScribe
2010-10-13 19:45:28 ----D---- C:\Users\Ron\AppData\Roaming\Roxio
2010-10-12 16:01:25 ----A---- C:\Windows\system32\mshtml.dll
2010-10-12 16:01:24 ----A---- C:\Windows\system32\ieframe.dll
2010-10-12 16:01:23 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-12 16:01:23 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-12 16:01:22 ----A---- C:\Windows\system32\wininet.dll
2010-10-12 16:01:22 ----A---- C:\Windows\system32\urlmon.dll
2010-10-12 16:01:22 ----A---- C:\Windows\system32\mstime.dll
2010-10-12 16:01:22 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-12 16:01:22 ----A---- C:\Windows\system32\iertutil.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\occache.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-12 16:01:21 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-12 16:01:21 ----A---- C:\Windows\system32\ieui.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\iesetup.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\iernonce.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\iepeers.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-12 16:01:21 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-12 16:01:19 ----A---- C:\Windows\system32\ole32.dll
2010-10-12 16:01:18 ----A---- C:\Windows\system32\t2embed.dll
2010-10-12 16:01:17 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-12 16:01:17 ----A---- C:\Windows\system32\mfc40.dll
2010-10-12 16:01:08 ----A---- C:\Windows\system32\wmp.dll
2010-10-12 16:01:06 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-12 16:00:56 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-12 16:00:56 ----A---- C:\Windows\system32\netevent.dll
2010-10-12 16:00:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-12 16:00:56 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-12 16:00:56 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-12 16:00:52 ----A---- C:\Windows\system32\schannel.dll
2010-10-12 16:00:51 ----A---- C:\Windows\system32\win32k.sys
2010-10-12 16:00:51 ----A---- C:\Windows\system32\msshsq.dll
2010-10-12 16:00:14 ----A---- C:\Windows\system32\comctl32.dll
2010-10-12 16:00:13 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-12 13:04:49 ----ASH---- C:\hiberfil.sys
2010-10-10 08:31:22 ----A---- C:\Windows\system32\drivers\SETABEE.tmp
2010-10-07 16:18:11 ----D---- C:\Users\Ron\AppData\Roaming\HP
2010-10-06 11:42:26 ----D---- C:\AdobeSetup
2010-10-06 11:39:14 ----D---- C:\Program Files\Common Files\Akamai
2010-10-05 10:01:31 ----D---- C:\Program Files\Common Files\Memeo
2010-10-05 10:01:26 ----D---- C:\Program Files\Memeo

======List of files/folders modified in the last 1 months======

2010-11-02 16:45:12 ----D---- C:\Windows\Prefetch
2010-11-02 16:45:02 ----D---- C:\Windows\Temp
2010-11-02 16:22:25 ----RD---- C:\Program Files
2010-11-02 16:21:28 ----SHD---- C:\Windows\Installer
2010-11-02 16:21:25 ----D---- C:\Program Files\Java
2010-11-02 16:21:24 ----D---- C:\Program Files\Common Files\Java
2010-11-02 16:21:17 ----D---- C:\Windows\System32
2010-11-02 16:20:08 ----SHD---- C:\System Volume Information
2010-11-02 15:57:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-02 15:57:20 ----D---- C:\Windows\inf
2010-11-02 13:03:45 ----D---- C:\Windows\system32\Tasks
2010-11-02 13:03:44 ----D---- C:\Windows\Tasks
2010-11-02 13:01:56 ----D---- C:\ProgramData\Hewlett-Packard
2010-11-02 08:00:13 ----D---- C:\Windows\SMINST
2010-11-01 14:22:06 ----HD---- C:\ProgramData
2010-11-01 13:39:54 ----SD---- C:\Users\Ron\AppData\Roaming\Microsoft
2010-11-01 08:19:58 ----D---- C:\Windows\system32\WDI
2010-10-29 08:36:39 ----D---- C:\Program Files\Mozilla Firefox
2010-10-27 09:43:14 ----D---- C:\Windows\AppPatch
2010-10-27 08:40:08 ----D---- C:\Windows\winsxs
2010-10-27 08:07:50 ----D---- C:\Windows\system32\catroot
2010-10-27 08:07:46 ----D---- C:\Windows\system32\catroot2
2010-10-26 13:17:40 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-26 13:17:37 ----RSD---- C:\Windows\assembly
2010-10-26 13:17:22 ----D---- C:\Program Files\Hewlett-Packard
2010-10-26 13:14:08 ----D---- C:\SwSetup
2010-10-24 17:43:56 ----D---- C:\Users\Ron\AppData\Roaming\Macromedia
2010-10-24 17:10:52 ----D---- C:\ProgramData\Adobe
2010-10-24 17:09:48 ----D---- C:\Program Files\Common Files
2010-10-24 17:04:31 ----D---- C:\Users\Ron\AppData\Roaming\Adobe
2010-10-24 16:49:22 ----D---- C:\Program Files\AVG
2010-10-22 08:37:02 ----D---- C:\Windows\system32\drivers
2010-10-21 15:36:28 ----D---- C:\Windows\rescache
2010-10-21 14:44:22 ----D---- C:\Program Files\Windows Live
2010-10-21 14:42:25 ----SD---- C:\ProgramData\Microsoft
2010-10-21 14:42:24 ----RSD---- C:\Windows\Fonts
2010-10-21 14:41:40 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-21 14:37:36 ----D---- C:\Windows\system32\en-US
2010-10-20 09:00:07 ----D---- C:\Program Files\Windows Sidebar
2010-10-20 08:52:32 ----D---- C:\ProgramData\avg9
2010-10-20 08:49:52 ----D---- C:\WINDOWS
2010-10-19 17:38:14 ----D---- C:\Quickbooks Backup
2010-10-19 12:41:37 ----D---- C:\Windows\system32\Lang
2010-10-19 12:29:05 ----D---- C:\Windows\Minidump
2010-10-13 19:47:54 ----D---- C:\ProgramData\Roxio
2010-10-13 19:45:34 ----D---- C:\ProgramData\Sonic
2010-10-12 17:13:58 ----D---- C:\Program Files\Windows Media Player
2010-10-12 17:13:56 ----D---- C:\Windows\system32\migration
2010-10-12 17:13:56 ----D---- C:\Program Files\Internet Explorer
2010-10-12 17:02:51 ----D---- C:\ProgramData\Microsoft Help
2010-10-12 16:10:15 ----A---- C:\Windows\system32\mrt.exe
2010-10-12 12:58:10 ----A---- C:\Windows\ntbtlog.txt
2010-10-10 08:31:16 ----D---- C:\Windows\system32\RTCOM
2010-10-10 08:23:46 ----A---- C:\Windows\DIFxAPI.dll
2010-10-10 08:23:25 ----D---- C:\Program Files\Realtek
2010-10-08 11:14:15 ----D---- C:\Windows\Debug
2010-10-07 16:18:11 ----D---- C:\ProgramData\HP
2010-10-06 10:39:58 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-06 07:47:53 ----D---- C:\Windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 435736]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-06-09 2366752]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-28 245936]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-07-28 25824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 12:57 am

info.txt logfile of random's system information tool 1.08 2010-11-02 16:45:24

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{0323CB96-221A-4042-84A3-93EDE47099FC}
AVG 2011-->MsiExec.exe /I{1A258E63-8DF5-4ADB-9832-38A0121D65EB}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
ESU for Microsoft Vista-->MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor-->MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0086-->MsiExec.exe /I{0805F6E3-68E5-48DC-8903-A9F644E4B394}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memeo Backup-->C:\Program Files\Memeo\AutoBackup\uninstall.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2410711)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {BB5A2EB0-4515-4C6B-A618-A6F6B0AB7BAA}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
WinPatrol-->C:\PROGRA~2\INSTAL~1\{00781~1\Setup.exe /remove /q0
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: Rons
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 960803-28_neutral_PACKAGE from package KB960803(Security Update) into Staging(Staging) state
Record Number: 26692
Source Name: Microsoft-Windows-Servicing
Time Written: 20100925192449.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rons
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 960803-27_neutral_PACKAGE from package KB960803(Security Update) into Staging(Staging) state
Record Number: 26691
Source Name: Microsoft-Windows-Servicing
Time Written: 20100925192449.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rons
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 960803-26_neutral_PACKAGE from package KB960803(Security Update) into Staging(Staging) state
Record Number: 26690
Source Name: Microsoft-Windows-Servicing
Time Written: 20100925192449.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rons
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 960803-25_neutral_PACKAGE from package KB960803(Security Update) into Staging(Staging) state
Record Number: 26689
Source Name: Microsoft-Windows-Servicing
Time Written: 20100925192449.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rons
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 960803-15_neutral_PACKAGE from package KB960803(Security Update) into Resolving(Resolving) state
Record Number: 26682
Source Name: Microsoft-Windows-Servicing
Time Written: 20100925192447.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Rons
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Record Number: 150
Source Name: .NET Runtime Optimization Service
Time Written: 20100925172019.000000-000
Event Type: Error
User:

Computer Name: Rons
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Record Number: 149
Source Name: .NET Runtime Optimization Service
Time Written: 20100925171930.000000-000
Event Type: Error
User:

Computer Name: Rons
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16386, time stamp 0x4549b133, faulting module yt.dll, version 2006.11.29.1, time stamp 0x456e0198, exception code 0xc0000005, fault offset 0x00008944, process id 0x1630, application start time 0x01cb5cc630f600b8.
Record Number: 102
Source Name: Application Error
Time Written: 20100925155202.000000-000
Event Type: Error
User:

Computer Name: Rons
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16386, time stamp 0x4549b133, faulting module mshtml.dll, version 7.0.6000.16397, time stamp 0x45750ab2, exception code 0xc0000005, fault offset 0x0003c295, process id 0x1630, application start time 0x01cb5cc630f600b8.
Record Number: 101
Source Name: Application Error
Time Written: 20100925155153.000000-000
Event Type: Error
User:

Computer Name: Rons
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3773262968-4200875264-556786824-1000:
Process 592 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3773262968-4200875264-556786824-1000

Record Number: 11
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100925021229.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Rons
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100925015522.913471-000
Event Type: Audit Failure
User:

Computer Name: Rons
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100925015522.913471-000
Event Type: Audit Failure
User:

Computer Name: Rons
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x215807

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100925015013.352471-000
Event Type: Audit Success
User:

Computer Name: Rons
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x215807
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: LH-I6OLA79EIIY5
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100925014956.720471-000
Event Type: Audit Success
User:

Computer Name: Rons
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3773262968-4200875264-556786824-1000
Account Name: Ron
Domain Name: Rons
Logon ID: 0xcd5bc
Record Number: 1
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100925014741.926071-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=F:
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 12:59 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C407000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C0E000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81C0E000 PnpManager 3903488 bytes
0x81C0E000 RAW 3903488 bytes
0x81C0E000 WMIxWDM 3903488 bytes
0x8CC01000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8EC06000 C:\Windows\system32\drivers\RTKVHDA.sys 2363392 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x97C40000 Win32k 2109440 bytes
0x97C40000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BC00000 C:\Windows\System32\Drivers\dump_iaStor.sys 1789952 bytes
0x87A02000 C:\Windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86)
0x88009000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x87C7D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x87E08000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D4000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAC480000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F721000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CAC2000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x87F0D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x87C0C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82203000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8060A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAB654000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x87F9A000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAC40F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8232B000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D17A000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8EF45000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x82282000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80693000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D00F000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CB7A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F664000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8F607000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87DB3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x807B4000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xAB74C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88119000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D12B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81FC7000 ACPI_HAL 208896 bytes
0x81FC7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAC5BD000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8239A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EF8D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x823CC000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EE47000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87D88000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D0EA000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAB60D000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAC57E000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xDCE04000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAB79D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88169000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x822D9000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8EE74000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D07D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D1D5000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes
0x881A1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAB70C000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F6B7000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8EEC8000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAB72D000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x87BBF000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAB6C1000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87EF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F6FE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8CFBF000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAB6DE000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x881E6000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAB785000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F64D000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D05B000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CF8A000 C:\Windows\system32\DRIVERS\Rtlh86.sys 94208 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8F6A0000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAC45D000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EFBF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EF1B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAB6F7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D0C3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D0AF000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8CFE8000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8EF31000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8CBDE000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAB641000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D1C2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88190000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D169000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87BDD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8CBC7000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8F7D1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8238A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CFA1000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D0D8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8BDE4000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8F6EF000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8815A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82300000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D0A0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CFD9000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8CBB8000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8231C000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CFB1000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97E80000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EFDE000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EF04000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8237C000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x82274000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F6D8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D11E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8EE99000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xAC568000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xAC5B1000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8EEBC000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CB63000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xAC475000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8CBF1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BDF3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8EEF9000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D072000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D050000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xAC5A6000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8BDC3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CB6F000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xAC574000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x82312000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F6E5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D114000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB637000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F643000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAC55E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x881D0000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x881C2000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8EEA5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8EFD5000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D160000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xDCE34000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x87BED000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8EF12000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97E60000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BDCE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BDDB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x822C8000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x87BB7000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8068B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xDCE2C000 C:\Windows\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8D1F7000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x822D1000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EEE9000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EEF1000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88152000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8EEB5000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CBD7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80603000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8EFEE000 C:\Windows\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x8EEAE000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x82375000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8EFF5000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes
0x881CB000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8BDD7000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8230F000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CFFC000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x8EFEC000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0x8D0E8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8CBFC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x047B0000 Hidden Image-->IntelVisualDesign.dll [ EPROCESS 0xAA03C288 ] PID: 3344, 1069056 bytes
0x00AC0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84196020 ] PID: 512, 110592 bytes
0x002F0000 Hidden Image-->IAStorUtil.dll [ EPROCESS 0xAA03C288 ] PID: 3344, 151552 bytes
0x00810000 Hidden Image-->IAStorUtil.dll [ EPROCESS 0x84589D90 ] PID: 3176, 151552 bytes
0x03E90000 Hidden Image-->IAStorUIHelper.dll [ EPROCESS 0xAA03C288 ] PID: 3344, 184320 bytes
0x03210000 Hidden Image-->msvcm90.dll [ EPROCESS 0x84589D90 ] PID: 3176, 270336 bytes
0x0C2F0000 Hidden Image-->DevComponents.DotNetBar2.dll [ EPROCESS 0x84527020 ] PID: 4792, 3280896 bytes
0x06490000 Hidden Image-->Interop.eWebControl.dll [ EPROCESS 0x84527020 ] PID: 4792, 36864 bytes
0x06B80000 Hidden Image-->Interop.ProfMan.dll [ EPROCESS 0x84527020 ] PID: 4792, 36864 bytes
0x085B0000 Hidden Image-->Interop.Outlook.dll [ EPROCESS 0x84527020 ] PID: 4792, 405504 bytes
0x00990000 Hidden Image-->IsdiInterop.dll [ EPROCESS 0x84589D90 ] PID: 3176, 73728 bytes
0x00840000 Hidden Image-->IAStorDataMgr.dll [ EPROCESS 0x84589D90 ] PID: 3176, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\AVG10\log\avgrs.log.7
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
!-->[Hidden] C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH0GQO5G\Default[1].aspx
!-->[Hidden] C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH0GQO5G\io[1].xml
!-->[Hidden] C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX6YQXRX\rss[1].xml
!-->[Hidden] C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX6YQXRX\rss[3].xml
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\01E59860d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\0920E979d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\10021813d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\15657D0Bd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\198167B9d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\1DDE887Cd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\1E693C99d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\234F99FDd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\282DA8B9d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\2B724BF9d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\3A21E84Dd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\3CDC879Bd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\3CFE220Cd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\46B70DA1d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\50D83118d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\594203E8d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\5A4D6FBCd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\5ABB6452d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\5FBF965Cd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\60CBAA48d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\6DD05649d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\70091F77d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\75CA37F7d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\78EF4059d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\7A3B694Fd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\7A3F1176d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\7A8B18ABd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\7B2DD606d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\7EC5F69Bd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\800AFAB1d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\85EA6AC4d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\87A6C085d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\887EDD8Ad01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\8BE40FADd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\8C8E9537d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\901197F3d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\A021DD22d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\A0E5BF53d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\A26B8501d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\A657F6EBd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\A839C85Dd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\A90941EBd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\AEDB2E18d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\AF59D132d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\AF657F03d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\B60DCAE1d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\B8AF5AABd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\B921774Ed01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\B94F1DBEd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\BC140556d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\BCA19FD0d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\C08D8B84d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\C3D57AD5d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\C57CF6D8d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\D090FFD7d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\D09F7AF9d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\D0AD4DABd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\E4D84058d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\EAF1D009d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\EDD61344d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\F33F3219d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\F62C596Fd01
!-->[Hidden] C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\FD40F759d01
!-->[Hidden] C:\Users\Ron\AppData\Local\Temp\plugtmp-17\plugin-UberPlayer.swf
!-->[Hidden] C:\Users\Ron\AppData\Local\Temp\~DFED47.tmp
!-->[Hidden] C:\Users\Ron\AppData\Local\Temp\~DFED57.tmp
!-->[Hidden] C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Recent\Winpatrol alert.lnk
!-->[Hidden] C:\Users\Ron\Desktop\Winpatrol alert.txt
!-->[Hidden] C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp\sqmdata01.sqm
!-->[Hidden] C:\WINDOWS\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{4ddc83b3-93ff-4e21-8caf-c3ddaca1cec2}\krundown.etl
!-->[Hidden] C:\WINDOWS\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{4ddc83b3-93ff-4e21-8caf-c3ddaca1cec2}\ksnapshot.etl
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Microsoft\Feeds\.FeedsStore@2010-11-02T23;49;18.feedsdb-ms.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Microsoft\Feeds\.FeedsStore@2010-11-02T23;54;24.feedsdb-ms.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\.Web Slice Gallery~@2010-11-02T22;49;30.feed-ms.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.04E1CC70d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.0E7FED54d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.15148F44d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.180EEC2Cd01@2010-11-01T23;26;55.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.1DDE157Dd01@2010-11-02T23;30;31.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.1DDE157Dd01@2010-11-02T23;40;37.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.1F8C55A2d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.205D22D9d01@2010-11-01T15;56;07.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.2A4A6B6Ed01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.3A279218d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.3D638370d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.50C4D459d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.52747B9Bd01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.5FD045F5d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.694137D6d01@2010-11-01T18;00;49.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.78C5F9C5d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.7AE871DCd01@2010-11-02T23;09;53.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.7E418BE8d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.800AFAB1d01@2010-11-02T23;10;01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.9FC88482d01@2010-11-02T01;03;17.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.A68FD1C9d01@2010-11-02T15;10;41.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.AA19B5CDd01@2010-10-29T15;11;46.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.B3FB0874d01@2010-11-01T18;00;49.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.D1A60519d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.E5B11641d01@2010-10-30T15;18;15.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.E8D0D136d01.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.F0852D18d01@2010-11-01T20;09;19.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.FC27ACF1d01@2010-11-01T23;26;54.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\.FC27ACF1d01@2010-11-02T23;54;10.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\._CACHE_001_@2010-11-02T22;49;56.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\._CACHE_002_@2010-11-02T22;49;16.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\wx9jhj7r.default\Cache\._CACHE_003_@2010-11-02T22;48;49.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\wx9jhj7r.default\.cookies@2010-11-02T21;36;35.sqlite.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\wx9jhj7r.default\.places@2010-11-02T23;59;52.sqlite.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\wx9jhj7r.default\.places@2010-11-03T00;01;30.sqlite.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\wx9jhj7r.default\.sessionstore@2010-11-02T23;59;01.js.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\wx9jhj7r.default\.sessionstore@2010-11-03T00;01;29.js.dcm
!-->[Hidden] D:\Ron Backup\Memeo\Ron Backup\_dcm\C_\Users\Ron\Desktop\.Winpatrol alert@2010-11-02T21;59;29.txt.dcm
!-->[Hidden] D:\Ron Backup\Memeo\_store\#fUA9#v\G#r#n8#m\UY#h7#s\I3#g#d#h\#aIM#bN\#h8.refcount.3
!-->[Hidden] D:\Ron Backup\Memeo\_store\#fUA9#v\G#r#n8#m\UY#h7#s\I3#g#d#h\#aIM#bN\#h8.refcount.3
!-->[Hidden] D:\Ron Backup\Memeo\_store\#hK#iX#u\#wP98#h\4Y+CG\BW#rY#n\8#a+#nC\XA.refcount.4
!-->[Hidden] D:\Ron Backup\Memeo\_store\#hK#iX#u\#wP98#h\4Y+CG\BW#rY#n\8#a+#nC\XA.refcount.5
!-->[Hidden] D:\Ron Backup\Memeo\_store\#iTANF\#h3#iB#v\#g#h#a#eU\#g#s#rF#l\D#tBG#a\L#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#iTANF\#h3#iB#v\#g#h#a#eU\#g#s#rF#l\D#tBG#a\L#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#iTANF\#h3#iB#v\#g#h#a#eU\#g#s#rF#l\D#tBG#a\L#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#iTANF\#h3#iB#v\#g#h#a#eU\#g#s#rF#l\D#tBG#a\L#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#j2YH4\#hT#gES\#r#s#w2#x\UJI6#j\6#rW#k#t\A0.refcount.8
!-->[Hidden] D:\Ron Backup\Memeo\_store\#jV#z#aY\7#i#iJ#w\#nN#q#e#i\U#r#e#t#s\YPBA8\HU
!-->[Hidden] D:\Ron Backup\Memeo\_store\#jV#z#aY\7#i#iJ#w\#nN#q#e#i\U#r#e#t#s\YPBA8\HU
!-->[Hidden] D:\Ron Backup\Memeo\_store\#jV#z#aY\7#i#iJ#w\#nN#q#e#i\U#r#e#t#s\YPBA8\HU.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#jV#z#aY\7#i#iJ#w\#nN#q#e#i\U#r#e#t#s\YPBA8\HU.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#k#hI#y#k\E#nE#fQ\X#iFI_\#n_8JV\2TZVA\9M.refcount.2
!-->[Hidden] D:\Ron Backup\Memeo\_store\#k#hI#y#k\E#nE#fQ\X#iFI_\#n_8JV\2TZVA\9M.refcount.2
!-->[Hidden] D:\Ron Backup\Memeo\_store\#n#a#i#e#n\N#rWZ#d\8#xHA#m\6NSA#y\_#hHK#z\#xQ.refcount.24
!-->[Hidden] D:\Ron Backup\Memeo\_store\#nBZV#n\#oT8#oN\OZ#e#n#s\WL#zR8\XF1CP\#g#c
!-->[Hidden] D:\Ron Backup\Memeo\_store\#nBZV#n\#oT8#oN\OZ#e#n#s\WL#zR8\XF1CP\#g#c.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#o#g19#d\ZK#qXZ\8#x#vEC\#f31PC\#pU#tPR\1#w.refcount.24
!-->[Hidden] D:\Ron Backup\Memeo\_store\#o#g19#d\ZK#qXZ\8#x#vEC\#f31PC\#pU#tPR\1#w.refcount.24
!-->[Hidden] D:\Ron Backup\Memeo\_store\#oF#c+#f\4G#hL#w\#f#c#n#t#q\TXEMI\O#u#nF#a\I0.refcount.4
!-->[Hidden] D:\Ron Backup\Memeo\_store\#oF#c+#f\4G#hL#w\#f#c#n#t#q\TXEMI\O#u#nF#a\I0.refcount.4
!-->[Hidden] D:\Ron Backup\Memeo\_store\#q#n#h#a+\#u5+B_\#fQH#q#s\W#dC4#t\OZ7#b2\YA
!-->[Hidden] D:\Ron Backup\Memeo\_store\#q#n#h#a+\#u5+B_\#fQH#q#s\W#dC4#t\OZ7#b2\YA.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#s4#g#iJ\3#r+#nM\ECNL_\B#q+O#z\ODRCQ\S#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#s4#g#iJ\3#r+#nM\ECNL_\B#q+O#z\ODRCQ\S#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#sCYTR\#yR7NN\#u#eP8#t\W#g2#a2\#t#hE5#k\N8
!-->[Hidden] D:\Ron Backup\Memeo\_store\#sCYTR\#yR7NN\#u#eP8#t\W#g2#a2\#t#hE5#k\N8
!-->[Hidden] D:\Ron Backup\Memeo\_store\#sCYTR\#yR7NN\#u#eP8#t\W#g2#a2\#t#hE5#k\N8.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#sCYTR\#yR7NN\#u#eP8#t\W#g2#a2\#t#hE5#k\N8.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#u#x#d#g#t\#q#f7R#n\#j#q#mW#u\#hYZ+#x\AO#s+6\#v#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#u#x#d#g#t\#q#f7R#n\#j#q#mW#u\#hYZ+#x\AO#s+6\#v#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#u#x#d#g#t\#q#f7R#n\#j#q#mW#u\#hYZ+#x\AO#s+6\#v#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#u#x#d#g#t\#q#f7R#n\#j#q#mW#u\#hYZ+#x\AO#s+6\#v#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#uF0#p6\GY#a6I\+#h+3L\NF#n#h#j\#mX#r6#p\7#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#uF0#p6\GY#a6I\+#h+3L\NF#n#h#j\#mX#r6#p\7#g
!-->[Hidden] D:\Ron Backup\Memeo\_store\#uF0#p6\GY#a6I\+#h+3L\NF#n#h#j\#mX#r6#p\7#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#uF0#p6\GY#a6I\+#h+3L\NF#n#h#j\#mX#r6#p\7#g.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#u_#f#mK\#x1O4#a\#x#i_2#d\ONE#uZ\#f3C#q#m\5I.refcount.3
!-->[Hidden] D:\Ron Backup\Memeo\_store\#wR1R#i\XLQ#bB\OS6#w#u\#aDW71\SZ#v0#u\KY
!-->[Hidden] D:\Ron Backup\Memeo\_store\#wR1R#i\XLQ#bB\OS6#w#u\#aDW71\SZ#v0#u\KY
!-->[Hidden] D:\Ron Backup\Memeo\_store\#wR1R#i\XLQ#bB\OS6#w#u\#aDW71\SZ#v0#u\KY.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\#wR1R#i\XLQ#bB\OS6#w#u\#aDW71\SZ#v0#u\KY.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\+#m#uW0\U#k6_9\#v#bGE2\#m4ZQ#t\9#s#j#x#q\5#s
!-->[Hidden] D:\Ron Backup\Memeo\_store\+#m#uW0\U#k6_9\#v#bGE2\#m4ZQ#t\9#s#j#x#q\5#s
!-->[Hidden] D:\Ron Backup\Memeo\_store\+#m#uW0\U#k6_9\#v#bGE2\#m4ZQ#t\9#s#j#x#q\5#s.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\+#m#uW0\U#k6_9\#v#bGE2\#m4ZQ#t\9#s#j#x#q\5#s.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\0BG+#x\#v#g#wEQ\7#j6QE\#i#hOT0\7#fVQ#c\#fA
!-->[Hidden] D:\Ron Backup\Memeo\_store\0BG+#x\#v#g#wEQ\7#j6QE\#i#hOT0\7#fVQ#c\#fA.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\1#hGU#e\T#w+#gR\#hM#mXZ\QJ+#s#i\8#r8#y2\#c#s.refcount.3
!-->[Hidden] D:\Ron Backup\Memeo\_store\2#j#m#j7\#l5#rS#w\0#yV#b_\#v#lWAY\#kK_YB\#w#k.refcount.64
!-->[Hidden] D:\Ron Backup\Memeo\_store\5UKSY\1#s3N#d\#u962#w\K56NI\#eP#a4#d\M#s
!-->[Hidden] D:\Ron Backup\Memeo\_store\5UKSY\1#s3N#d\#u962#w\K56NI\#eP#a4#d\M#s
!-->[Hidden] D:\Ron Backup\Memeo\_store\5UKSY\1#s3N#d\#u962#w\K56NI\#eP#a4#d\M#s.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\5UKSY\1#s3N#d\#u962#w\K56NI\#eP#a4#d\M#s.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\BHNM7\V#z#lO2\_1G#xH\#y#qSQ#l\Z23H#q\P4.refcount.3
!-->[Hidden] D:\Ron Backup\Memeo\_store\D#c_#f#j\#dGOQ#s\#iL#lYS\#rO#fU#l\#k#gD#h#u\E8
!-->[Hidden] D:\Ron Backup\Memeo\_store\D#c_#f#j\#dGOQ#s\#iL#lYS\#rO#fU#l\#k#gD#h#u\E8
!-->[Hidden] D:\Ron Backup\Memeo\_store\D#c_#f#j\#dGOQ#s\#iL#lYS\#rO#fU#l\#k#gD#h#u\E8.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\D#c_#f#j\#dGOQ#s\#iL#lYS\#rO#fU#l\#k#gD#h#u\E8.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\EWMH#t\#t+#p#c#t\RYE#kK\W5#j#t5\7Z#xVX\#d#o
!-->[Hidden] D:\Ron Backup\Memeo\_store\EWMH#t\#t+#p#c#t\RYE#kK\W5#j#t5\7Z#xVX\#d#o.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\E_T#c#n\#gV#e#tF\#f#sBK4\B#jJDP\6#m#t#l#f\RQ
!-->[Hidden] D:\Ron Backup\Memeo\_store\E_T#c#n\#gV#e#tF\#f#sBK4\B#jJDP\6#m#t#l#f\RQ
!-->[Hidden] D:\Ron Backup\Memeo\_store\E_T#c#n\#gV#e#tF\#f#sBK4\B#jJDP\6#m#t#l#f\RQ.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\E_T#c#n\#gV#e#tF\#f#sBK4\B#jJDP\6#m#t#l#f\RQ.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\H#s#tZ#z\#jI#qD#f\YEZ#f#h\J#h9#i#o\#w#sW#y#f\GU
!-->[Hidden] D:\Ron Backup\Memeo\_store\H#s#tZ#z\#jI#qD#f\YEZ#f#h\J#h9#i#o\#w#sW#y#f\GU
!-->[Hidden] D:\Ron Backup\Memeo\_store\H#s#tZ#z\#jI#qD#f\YEZ#f#h\J#h9#i#o\#w#sW#y#f\GU.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\H#s#tZ#z\#jI#qD#f\YEZ#f#h\J#h9#i#o\#w#sW#y#f\GU.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\I#t++W\7WWN#g\M5#dN#g\#v#tG#e5\#e#sQJ#p\#y#k
!-->[Hidden] D:\Ron Backup\Memeo\_store\I#t++W\7WWN#g\M5#dN#g\#v#tG#e5\#e#sQJ#p\#y#k.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\R#d#o#a6\#bFJS2\#o#r3E#v\#fU#a#yU\PER1#a\#a0
!-->[Hidden] D:\Ron Backup\Memeo\_store\R#d#o#a6\#bFJS2\#o#r3E#v\#fU#a#yU\PER1#a\#a0.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\S#gQ#w#t\0#yWH1\#sNBSB\6#bOS#z\#kH#y#zK\T#c
!-->[Hidden] D:\Ron Backup\Memeo\_store\S#gQ#w#t\0#yWH1\#sNBSB\6#bOS#z\#kH#y#zK\T#c
!-->[Hidden] D:\Ron Backup\Memeo\_store\S#gQ#w#t\0#yWH1\#sNBSB\6#bOS#z\#kH#y#zK\T#c.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\S#gQ#w#t\0#yWH1\#sNBSB\6#bOS#z\#kH#y#zK\T#c.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\S_#a_U\#tKS7I\RY#eA#i\0EG#g#v\TA77K\QQ
!-->[Hidden] D:\Ron Backup\Memeo\_store\S_#a_U\#tKS7I\RY#eA#i\0EG#g#v\TA77K\QQ
!-->[Hidden] D:\Ron Backup\Memeo\_store\S_#a_U\#tKS7I\RY#eA#i\0EG#g#v\TA77K\QQ.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\S_#a_U\#tKS7I\RY#eA#i\0EG#g#v\TA77K\QQ.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\WM#i#b#i\6#n#i#uQ\U#lNKJ\#b8#j#mJ\X#p#rH#d\#oI.refcount.1
!-->[Hidden] D:\Ron Backup\Memeo\_store\_B#k8U\#u+#yR4\9#kKP#r\#hZ#w#m#g\6#iLXX\5#s
!-->[Hidden] D:\Ron Backup\Memeo\_store\_B#k8U\#u+#yR4\9#kKP#r\#hZ#w#m#g\6#iLXX\5#s.refcount.1
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81CB67AA-->81CB67B1 [WMIxWDM]
ntkrnlpa.exe+0x000ACDE4, Type: Inline - RelativeJump 0x81CBADE4-->81CBAE63 [WMIxWDM]
[3460]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x772B9390-->00000000 [firefox.exe]
[4792]MemeoBackup.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4792]MemeoBackup.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[4792]MemeoBackup.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[4792]MemeoBackup.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[4792]MemeoBackup.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4792]MemeoBackup.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4940]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x769414F3-->00000000 [xul.dll]
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 1:05 am

wow...that took a while to run the rku scan.

While the RKUnhooker program was running (early in the process), WinPatrol came up with the following New Program Alert:

...has detected a new Windows Services has been installed

c:\windows\system32\0AC09E05.exe

No description found

Startup Status: Manual
Active Status: Running

Is it ok to allow this service to be installed with those settings? yes/no

I selected yes based on your earlier comment re "any links are safe".

Also, as you warned it took a long time (6+ hours) for the RKu scan to run. It scanned the C and D drives and then "hung" for an hour or so. At that point I hit cancel - it then did something with the "hooks" and then generated the above report. Do I need to rerun the RKu scan?


As for status on computer performance, I deliberately have not turned on windows live mail since I sent in the request for assistance (yesterday afternoon). However, I am informed that spam emails continue to be received by my contacts. Until this problem is solved the only thing I can think of is to open up live mail make a screen capture of my contacts and then delete them all. Once the problem is solved i will then re add my contacts. Not a perfect solution but better than continuous spam emails coming from me. Your thoughts?

Thanks again for your assistance.
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Cypher » November 3rd, 2010, 6:00 am

Hi Zaphod.
Thanks again for your assistance.

You're welcome.
I am informed that spam emails continue to be received by my contacts.

This issue might not be malware related.
Your email credentials may be stolen and those spams are being sent from another remote computer.
This usually happen when you click a link spammed by another contact, this is why it is very important not to click any unknown links.

Here is what i would like you to do:

  • Change your email Password.
  • Change you Secret Question & Answer.
  • Change your alternative email.

Lets take a closer look at your system.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Disable AVG

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

Next.

Disable Winpatrol

  • Right-click the running icon of Winpatrol ( Scotty the dog ) in the sytem tray and choose exit programe.
  • Note: Dont forget to Re-inable it after the fix

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 11:13 am

Hello. latest update:

changed hotmail info (password, etc.) as suggested.
backed up registry with erunt
disabled avg, winpatrol and windows firewall

downloaded combofix from link 1
Note - i did NOT receive the notice that windows recovery console needed to be installed.

combofix began to run. it got to completed task 50, and shortly thereafter i got the dreaded "blue screen of death"

so... after rebooting i took a look for a program called Microsoft Recovery Console - can't find it either by looking at installed programs or searching on "recovery console"

Also, after rebooting winpatrol informs me that my internet explorer home page has been changed, do i want to accept it. I choose no. Also I noticed that a new Internet Explorer icon has been added to the desktop. FYI - primary browser is firefox, not IE. I moved the new icon to the recycle bin and attempted to empty the trash (surprise - there's nothing in the recycle bin).

Winpatrol is also notifying me (on a regular and irritating basis) that "a new auto startup programme has been detected. This program will run each time you logon or restart your machine. Do you approve? There is no name, no icon and no description attached. I select NO every time, but winpatrol keeps telling me about it. grrrrrrrr

anyway, I was able to run combofix again. The log file will be in the next reply.
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 11:18 am

ComboFix 10-11-02.05 - Ron 11/03/2010 10:10:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.913 [GMT -4:00]
Running from: c:\users\Ron\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-11-03 14:23 . 2010-11-03 14:38 -------- d-----w- c:\users\Ron\AppData\Local\temp
2010-11-03 14:23 . 2010-11-03 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-03 13:29 . 2010-11-03 13:29 -------- d-----w- c:\program files\ERUNT
2010-11-02 20:42 . 2010-11-02 20:45 -------- d-----w- C:\rsit
2010-11-01 18:25 . 2010-11-01 18:28 -------- d-----w- c:\program files\SpywareBlaster
2010-11-01 18:22 . 2010-11-01 18:22 -------- d-----w- c:\users\Ron\AppData\Roaming\WinPatrol
2010-11-01 18:22 . 2010-11-01 18:22 -------- d-----w- c:\programdata\InstallMate
2010-11-01 18:22 . 2010-11-01 18:22 -------- d-----w- c:\program files\BillP Studios
2010-11-01 17:39 . 2010-11-01 17:39 388096 ----a-r- c:\users\Ron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 17:39 . 2010-11-02 20:45 -------- d-----w- c:\program files\Trend Micro
2010-11-01 15:53 . 2010-11-01 15:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-27 12:11 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 12:11 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 12:11 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-24 21:09 . 2010-10-24 21:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-24 21:04 . 2010-10-24 21:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-21 19:07 . 2010-10-22 20:28 -------- d-----w- c:\users\Ron\AppData\Roaming\Windows Live Writer
2010-10-21 19:07 . 2010-10-21 19:07 -------- d-----w- c:\users\Ron\AppData\Local\Windows Live Writer
2010-10-21 18:38 . 2010-11-03 12:58 -------- d-----w- c:\users\Ron\AppData\Local\Windows Live
2010-10-21 18:36 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 13:02 . 2010-10-20 13:02 -------- d-----w- c:\users\Ron\AppData\Roaming\AVG10
2010-10-20 13:01 . 2010-10-20 13:01 -------- d--h--w- c:\programdata\Common Files
2010-10-20 12:59 . 2010-11-03 12:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-20 12:59 . 2010-10-20 13:01 -------- d-----w- c:\programdata\AVG10
2010-10-20 12:39 . 2010-10-20 12:48 -------- d-----w- c:\programdata\MFAData
2010-10-19 21:15 . 2010-10-19 21:15 -------- d-----w- c:\users\Ron\AppData\Roaming\TeamViewer
2010-10-19 17:26 . 2010-10-19 17:26 -------- d-----w- c:\users\Ron\AppData\Roaming\PeerNetworking
2010-10-19 16:44 . 2010-10-19 16:44 -------- d-----w- c:\users\Ron\AppData\Roaming\Intel Corporation
2010-10-19 16:35 . 2010-10-19 16:35 -------- d-----w- c:\program files\Intel
2010-10-19 16:34 . 2010-03-03 23:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-10-19 16:34 . 2010-10-19 16:34 -------- d-----w- c:\users\Ron\AppData\Roaming\InstallShield
2010-10-16 13:02 . 2010-10-16 13:02 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2010-10-16 13:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 13:02 . 2010-10-16 13:02 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 13:02 . 2010-10-16 13:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 13:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 23:53 . 2010-10-13 23:53 -------- d-----w- c:\programdata\LightScribe
2010-10-13 23:49 . 2010-10-13 23:49 -------- d-----w- c:\users\Ron\AppData\Local\MicroVision Applications
2010-10-13 23:45 . 2010-10-13 23:45 -------- d-----w- c:\users\Ron\AppData\Roaming\Roxio
2010-10-12 20:00 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 20:00 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-12 20:00 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 20:00 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 20:00 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 20:00 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 20:00 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 20:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-12 20:00 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 20:00 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-10 12:31 . 2007-03-12 19:29 1747936 ----a-w- c:\windows\system32\drivers\SETABEE.tmp
2010-10-07 20:18 . 2010-10-07 20:18 -------- d-----w- c:\users\Ron\AppData\Roaming\HP
2010-10-06 15:42 . 2010-10-06 15:48 -------- d-----w- C:\AdobeSetup
2010-10-06 15:39 . 2010-11-03 14:02 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-05 14:01 . 2010-10-05 14:01 -------- d-----w- c:\program files\Common Files\Memeo
2010-10-05 14:01 . 2010-10-05 14:01 -------- d-----w- c:\program files\Memeo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-10 12:23 . 2007-08-21 09:08 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-25 22:43 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-09-25 22:43 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-25 19:38 . 2010-09-25 19:38 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-25 19:38 . 2010-09-25 19:38 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-25 19:38 . 2010-09-25 19:38 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-25 19:34 . 2010-09-25 19:34 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-09-25 19:34 . 2010-09-25 19:34 272896 ----a-w- c:\windows\system32\polstore.dll
2010-09-25 19:31 . 2010-09-25 19:31 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-25 19:31 . 2010-09-25 19:31 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-25 19:31 . 2010-09-25 19:31 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-25 19:31 . 2010-09-25 19:31 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-25 19:31 . 2010-09-25 19:31 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-25 19:31 . 2010-09-25 19:31 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-25 19:31 . 2010-09-25 19:31 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-25 19:31 . 2010-09-25 19:31 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-25 19:29 . 2010-09-25 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-25 19:29 . 2010-09-25 19:29 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-25 19:29 . 2010-09-25 19:29 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-25 19:29 . 2010-09-25 19:29 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-25 19:29 . 2010-09-25 19:29 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-09-25 19:29 . 2010-09-25 19:29 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-25 19:29 . 2010-09-25 19:29 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-09-25 19:29 . 2010-09-25 19:29 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-09-25 19:29 . 2010-09-25 19:29 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-09-25 19:29 . 2010-09-25 19:29 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-09-25 19:28 . 2010-09-25 19:28 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-25 19:27 . 2010-09-25 19:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-25 19:27 . 2010-09-25 19:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-25 19:27 . 2010-09-25 19:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-25 19:26 . 2010-09-25 19:26 98816 ----a-w- c:\windows\system32\mfps.dll
2010-09-25 19:26 . 2010-09-25 19:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-09-25 19:26 . 2010-09-25 19:26 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-25 19:26 . 2010-09-25 19:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-09-25 19:26 . 2010-09-25 19:26 2048 ----a-w- c:\windows\system32\mferror.dll
2010-09-25 19:23 . 2010-09-25 19:23 71680 ----a-w- c:\windows\system32\atl.dll
2010-09-25 19:20 . 2010-09-25 19:20 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-09-25 19:19 . 2010-09-25 19:19 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-09-25 19:19 . 2010-09-25 19:19 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-09-25 19:19 . 2010-09-25 19:19 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-09-25 19:17 . 2010-09-25 19:17 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-25 19:13 . 2010-09-25 19:13 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-09-25 19:10 . 2010-09-25 19:10 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-25 19:09 . 2010-09-25 19:09 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-25 19:09 . 2010-09-25 19:09 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-25 19:09 . 2010-09-25 19:09 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-25 19:09 . 2010-09-25 19:09 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-25 19:09 . 2010-09-25 19:09 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-25 19:09 . 2010-09-25 19:09 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-09-25 19:09 . 2010-09-25 19:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-25 19:07 . 2010-09-25 19:07 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-09-25 19:07 . 2010-09-25 19:07 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-09-25 19:07 . 2010-09-25 19:07 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-09-25 19:07 . 2010-09-25 19:07 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-09-25 19:07 . 2010-09-25 19:07 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-09-25 19:07 . 2010-09-25 19:07 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-09-25 19:07 . 2010-09-25 19:07 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-09-25 19:07 . 2010-09-25 19:07 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-09-25 19:07 . 2010-09-25 19:07 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-09-25 19:07 . 2010-09-25 19:07 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-09-25 19:07 . 2010-09-25 19:07 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-09-25 19:07 . 2010-09-25 19:07 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-09-25 19:07 . 2010-09-25 19:07 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-09-25 19:07 . 2010-09-25 19:07 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-09-25 19:07 . 2010-09-25 19:07 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-09-25 19:07 . 2010-09-25 19:07 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-09-25 19:07 . 2010-09-25 19:07 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-09-25 19:07 . 2010-09-25 19:07 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-09-25 19:07 . 2010-09-25 19:07 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-09-25 19:07 . 2010-09-25 19:07 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-09-25 19:07 . 2010-09-25 19:07 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-09-25 19:07 . 2010-09-25 19:07 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-09-25 19:07 . 2010-09-25 19:07 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-09-25 19:07 . 2010-09-25 19:07 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-09-25 19:07 . 2010-09-25 19:07 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-09-25 19:07 . 2010-09-25 19:07 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-09-25 19:07 . 2010-09-25 19:07 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-09-25 19:07 . 2010-09-25 19:07 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-09-25 19:07 . 2010-09-25 19:07 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-09-25 19:07 . 2010-09-25 19:07 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-09-25 19:07 . 2010-09-25 19:07 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-09-25 19:07 . 2010-09-25 19:07 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-09-25 19:07 . 2010-09-25 19:07 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-09-25 19:07 . 2010-09-25 19:07 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-09-25 19:07 . 2010-09-25 19:07 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-09-25 19:07 . 2010-09-25 19:07 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-09-25 19:07 . 2010-09-25 19:07 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-09-25 19:07 . 2010-09-25 19:07 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-09-25 19:07 . 2010-09-25 19:07 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-09-25 19:07 . 2010-09-25 19:07 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-09-25 19:07 . 2010-09-25 19:07 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-09-25 19:07 . 2010-09-25 19:07 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-09-25 19:07 . 2010-09-25 19:07 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-09-25 19:07 . 2010-09-25 19:07 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-09-25 19:07 . 2010-09-25 19:07 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-09-25 19:07 . 2010-09-25 19:07 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-09-25 19:07 . 2010-09-25 19:07 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2010-09-25 19:07 . 2010-09-25 19:07 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
2010-09-25 19:07 . 2010-09-25 19:07 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2010-09-25 19:07 . 2010-09-25 19:07 2657280 ----a-w- c:\windows\system32\NlsData0011.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Memeo Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-07-28 136416]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-29 329096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-07-28 25824]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 27216]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773262968-4200875264-556786824-1000Core.job
- c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-26 19:04]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773262968-4200875264-556786824-1000UA.job
- c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-26 19:04]

2010-11-03 c:\windows\Tasks\HPCeeScheduleForRon.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-21 21:23]

2010-11-03 c:\windows\Tasks\User_Feed_Synchronization-{FC29251C-CE18-491C-8484-6C28F8941163}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theglobeandmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\wx9jhj7r.default\
FF - prefs.js: browser.startup.homepage - hxxp://theglobeandmail.com/
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Ron\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 10:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"
.
Completion time: 2010-11-03 10:42:05
ComboFix-quarantined-files.txt 2010-11-03 14:42

Pre-Run: 47,533,113,344 bytes free
Post-Run: 47,255,629,824 bytes free

- - End Of File - - 503A66A851E0EA041E309EA6839570FA
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Cypher » November 3rd, 2010, 12:12 pm

Hi Zaphod.
My apologies your OS is vista so there was no Recovery Console to install.
So far your logs appear to be clean so lets run another scan.


Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

Please disable AVG and Winpatrol again before running this scan.


Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.


Logs/Information to Post in your Next Reply

  • Kaspersky log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 8:18 pm

Hi Cypher

Was able to download and run the Kaspersky scan. Will add the report in the next post. After completing that i restarted the machine and made sure the anti-virus and firewalls are back up and running.

Winpatrol continues to inform me about the new auto startup program that has been detected.

When I open Firefox my home page (the globeandmail.com) no longer loads properly. All i'm getting is the text, no pictures/normal formatting etc.

When i open internet explorer, it opens properly to the globeandmail site, as does google chrome.
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Zaphod » November 3rd, 2010, 8:19 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 3, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 03, 2010 14:41:34
Records in database: 4207297
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 236757
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:15:56


File name / Threat / Threats count
C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune-WT.exe Infected: Trojan-Mailfinder.Win32.Blen.ys 1
C:\SwSetup\HPGame\games\wheeloffortune-setup.exe Infected: Trojan-Mailfinder.Win32.Blen.ys 1

Selected area has been scanned.
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Hotmail sending spam emails

Unread postby Cypher » November 4th, 2010, 7:11 am

Hi Zaphod.
Winpatrol continues to inform me about the new auto startup program that has been detected.

Can you tell me what the startup program is that Winpatrol is warning you about?
When I open Firefox my home page (the globeandmail.com) no longer loads properly.

See if this solves the problem.

In the Firfox browser go to Tools > Options > General.
Just below where is says Show my home page click Restore to default > Ok.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hotmail sending spam emails

Unread postby Zaphod » November 4th, 2010, 8:09 am

Hi Cypher

Re: Can you tell me what the startup program is that Winpatrol is warning you about?
This is the same item as I noted yesterday - i.e. "The Winpatrol is also notifying me (on a regular and irritating basis) that "a new auto startup programme has been detected. This program will run each time you logon or restart your machine. Do you approve? There is no name, no icon and no description attached. I select NO every time, but winpatrol keeps telling me about it."

...so I still don't know what the program is.

As for the home page issue, last night i uninstalled Firefox and then reinstalled it. No change - home page still text only. I restored to the default this morning as suggested. Then I opened a new window, surfed to the page manually - still text only. I AM able to click through to the sections and eventually get the site complete with proper formatting/ pics, etc.

I'll send this note, restart machine and see if any improvement (not holding my breath).
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware