Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Emails are being sent from my email account

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Emails are being sent from my email account

Unread postby shuger » November 9th, 2011, 12:06 pm

Hi I am having problems with emails being sent from my email address to people in my contacts list, was wondering ifsomeone could help me with this. I have provide the log from HijackThis below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:31, on 09/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - http://208.0.229.146/SysCamInst.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - http://www.shopandscan.com/TNSClickrc.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c987bf7f0663a0) (gupdate1c987bf7f0663a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 11231 bytes
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am
Advertisement
Register to Remove

Re: Emails are being sent from my email account

Unread postby Cypher » November 10th, 2011, 3:15 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

First i would like you to do the following:

  • Change your email Password.
  • Change your Secret Question & Answer.
  • Change your alternative email.

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Emails are being sent from my email account

Unread postby shuger » November 12th, 2011, 6:00 pm

alwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8124

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/11/2011 21:45:29
mbam-log-2011-11-12 (21-45-29).txt

Scan type: Quick scan
Objects scanned: 182330
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby shuger » November 12th, 2011, 6:06 pm

OTL logfile created on: 12/11/2011 21:49:09 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.21% Memory free
6.19 Gb Paging File | 3.59 Gb Available in Paging File | 57.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.48 Gb Total Space | 399.45 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/12 21:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2011/11/12 01:48:40 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/28 17:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 17:52:02 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 15:46:38 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/13 02:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/05/05 18:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/09/08 10:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 10:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/08/30 17:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2007/03/20 19:56:52 | 000,077,824 | ---- | M] () -- C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
PRC - [2006/12/01 05:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/17 09:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/14 13:52:43 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/04 01:26:14 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/01/13 01:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/13 01:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 21:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 23:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 22:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 22:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 22:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 22:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 22:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 22:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 22:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 22:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 22:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2007/08/30 17:43:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\Xmltok.dll
MOD - [2007/08/30 16:21:06 | 001,290,240 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
MOD - [2007/08/30 16:21:06 | 000,757,760 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
MOD - [2007/08/30 16:21:06 | 000,041,472 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YIniDom.dll
MOD - [2007/08/30 16:21:04 | 000,499,712 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\P2PCE.dll
MOD - [2007/08/30 16:17:42 | 000,053,248 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\XMLParse.dll
MOD - [2007/08/28 09:22:44 | 000,108,544 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2007/05/28 10:28:02 | 000,069,120 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
MOD - [2007/03/20 19:56:52 | 000,077,824 | ---- | M] () -- C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/11/12 18:09:09 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll -- (Akamai)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/28 17:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/01/18 17:31:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/04/29 18:38:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/09/08 10:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 10:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/08/25 14:37:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/28 17:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/28 17:52:02 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/14 13:52:43 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2011/02/23 07:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/05/05 20:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 20:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 20:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 20:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 20:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 20:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 20:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/05/05 20:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 20:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 20:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 20:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/08/18 11:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/18 17:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 11:51:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/15 16:23:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2008/07/15 16:23:22 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2008/07/15 16:22:46 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2008/02/29 16:03:48 | 000,008,944 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/29 16:03:46 | 000,051,440 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/02/25 08:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 08:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 08:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 08:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2008/02/25 08:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2008/02/25 08:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2008/02/25 08:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2008/02/25 08:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2008/01/19 06:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/19 03:31:56 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/04/20 13:34:54 | 000,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/11/02 08:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/10/30 03:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/10/18 19:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2006/02/07 11:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-813452675-1282793062-151359363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKU\S-1-5-21-813452675-1282793062-151359363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-813452675-1282793062-151359363-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-813452675-1282793062-151359363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-813452675-1282793062-151359363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 13:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/05 14:42:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/01 09:22:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 13:35:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter


O1 HOSTS File: ([2009/03/30 14:31:32 | 000,303,871 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10469 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-813452675-1282793062-151359363-1000..\Run: [Akamai NetSession Interface] C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-813452675-1282793062-151359363-1000..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-813452675-1282793062-151359363-1000..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKU\S-1-5-21-813452675-1282793062-151359363-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://208.0.229.146/SysCamInst.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1959AE1-AFC8-478C-941A-8EF2494678C9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{92f6db4e-e154-11e0-9c69-aa69ae32db9e}\Shell - "" = AutoRun
O33 - MountPoints2\{92f6db4e-e154-11e0-9c69-aa69ae32db9e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{a85b0c49-e5e6-11e0-9f15-8484b8e9019e}\Shell - "" = AutoRun
O33 - MountPoints2\{a85b0c49-e5e6-11e0-9f15-8484b8e9019e}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a85b0c6d-e5e6-11e0-9f15-8484b8e9019e}\Shell - "" = AutoRun
O33 - MountPoints2\{a85b0c6d-e5e6-11e0-9f15-8484b8e9019e}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 21:47:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2011/11/12 18:43:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D904D508-9CD4-46E6-A1A1-611D478B3F85}
[2011/11/12 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{885ACB43-BA97-4161-A61A-0DD3806E4BB3}
[2011/11/12 00:46:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{38039A0E-4F1A-4270-A512-0B1C1345D923}
[2011/11/12 00:46:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{849285E3-797A-4A65-8BE5-F107CFF2922F}
[2011/11/10 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2011/11/10 18:26:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CC6B28D2-71DB-40EE-B857-90755C4DB5FB}
[2011/11/10 18:25:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A67B5204-D6A8-4343-B0ED-40C8DCA964D4}
[2011/11/10 17:32:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Akamai
[2011/11/09 15:42:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/09 15:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/09 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A23CAC28-84D3-41F2-A8E0-6F385C26E579}
[2011/11/09 15:08:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6AF1B1F3-8D05-4152-A520-DA9D434A2E4C}
[2011/11/08 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EF222308-C4EC-49EE-B35E-91BAD94E2772}
[2011/11/08 16:35:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{FD27AADF-33A9-4175-B119-3FCD0FA4D962}
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/07 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5DFA08CB-1A25-4B52-AD18-0D3F5537B761}
[2011/11/07 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{324B4BD2-3116-429D-8C2B-4C487871506E}
[2011/11/06 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D6C22428-6FEA-4898-8832-58BEDF1623EE}
[2011/11/06 15:49:43 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7102C03E-93D2-4794-AF76-E11C43534C09}
[2011/11/05 15:18:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5A7FD7F9-8F26-499B-8823-38DAE12E44AC}
[2011/11/05 15:18:28 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{2195A6AD-DB89-4EE8-B0CA-4BC91744F369}
[2011/11/03 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F34C520B-019C-4A60-9CB0-F58B43BC8D49}
[2011/11/03 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F1E4E918-89BE-408E-89B7-9C7F504DEFE1}
[2011/11/02 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{18F65507-4E68-422C-82E4-BE59C461CCB5}
[2011/11/02 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D4A14420-23AD-497B-B09E-D7ADB4D8BD2C}
[2011/11/01 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{AA442ED1-182B-4E03-A686-A5BE14707694}
[2011/11/01 14:02:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B213EB9D-B177-4742-9324-C650FABFBEE0}
[2011/10/31 14:08:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{716715A3-A189-4D0B-89A8-36B75CE45B0E}
[2011/10/31 14:08:28 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{260C7E3D-3C7B-4831-A166-FA94332CF66E}
[2011/10/30 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4725A41A-753E-47B9-91D0-E27021FCCBB4}
[2011/10/30 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{BDFEDA76-EF2B-4500-B094-75BA866EDB2F}
[2011/10/30 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{705D5638-EA34-4D20-9A80-16C75C384B81}
[2011/10/30 00:23:00 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{16268287-0A59-41BE-B491-778F744505E9}
[2011/10/28 15:02:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0F4B240A-8DB4-4C61-9798-8E095F5E50BF}
[2011/10/28 15:02:23 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{24E1E2A9-90F9-4481-8C44-19B485D5B712}
[2011/10/27 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{11AD192E-62C2-436C-A360-835247DA7A26}
[2011/10/27 16:29:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C7318D2-9FDB-4FCE-BFB4-77C703FBD1E2}
[2011/10/26 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4896DDA1-A288-42DA-9707-B0E36A625DBA}
[2011/10/26 12:29:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{66EB016B-75EC-4E5E-A798-6C5D87A98DE0}
[2011/10/25 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DDE9A041-B567-4EB6-A76D-A3D4BAA16667}
[2011/10/25 14:20:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8EBF8509-09AD-4199-B46A-DEBA3C6388B0}
[2011/10/24 14:47:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4FBD9F03-EF29-4267-B6B3-C5427FA4C00E}
[2011/10/24 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{92B8F7D2-5E8A-432B-B09B-5ADAF37CA6DF}
[2011/10/23 13:44:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DF50F562-2476-4391-88F7-D00E6557B121}
[2011/10/23 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{62388C01-98D6-4B4B-A420-C6FF7E3571B1}
[2011/10/22 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EE2348BE-C585-43F6-87C0-087ADCE4930A}
[2011/10/22 23:18:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{929C0908-7CF0-4186-A196-C8DBA2C2836D}
[2011/10/21 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8D364B1F-52EB-410A-9563-87D072F1031B}
[2011/10/21 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D4BA33D9-1AB0-4AE9-BBC7-FD1716904B38}
[2011/10/20 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{82034118-6970-4628-AFCA-0F66EB1186C3}
[2011/10/20 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DA955E07-CAF6-4CB7-9BEE-6737E8859981}
[2011/10/19 17:55:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{14191A9A-E2FE-4648-8840-107FC3993728}
[2011/10/19 17:54:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6F7C4A17-13E1-436B-8CF8-B97C609C9571}
[2011/10/19 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/19 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/19 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/19 13:54:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0369512F-A3C7-4D4B-8CF8-DE767B0FA371}
[2011/10/18 16:20:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{30B6AF64-05CE-4ABE-97EA-289FE8C4E671}
[2011/10/18 16:19:53 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{07C67F24-C592-4BA0-A641-7D4CC17A6250}
[2011/10/17 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{9EDC1422-CB76-402D-BCBD-F5F91C8B8C13}
[2011/10/17 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D8256A35-5C04-4618-B830-0D319B000905}
[2011/10/16 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Asda
[2011/10/16 19:24:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{367F9468-3D02-4AB3-A9EC-73ABAE57C065}
[2011/10/16 19:23:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A7B36555-DD33-423D-8098-E79E3ED083AE}
[2011/10/16 15:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/16 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\AVG2012
[2011/10/16 15:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/16 00:57:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{58F27ABC-6F20-46DC-93CF-916C052562B2}
[2011/10/15 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6326E40E-C299-440E-9EE1-B8412A046DBA}
[2011/10/15 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4ACD0233-D43B-48DB-A1BA-14A6580B8B5F}
[2011/10/14 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{1C7000F6-9210-42CF-8186-AE8B54106E0B}
[2011/10/14 22:35:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3ECD6B98-19BF-48BF-AFF5-97CAB9788C2C}
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/05/05 18:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/12 21:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2011/11/12 21:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/12 21:22:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/12 20:08:52 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 20:08:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 18:15:58 | 000,674,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/12 18:15:58 | 000,133,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/12 18:13:17 | 109,500,619 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/12 18:11:37 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/12 18:09:46 | 000,056,021 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/12 18:09:45 | 000,056,021 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/12 18:09:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/12 18:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/12 18:08:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/11/12 01:28:52 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00311102}.rfx
[2011/11/12 01:28:52 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-00311102}.rfx
[2011/11/12 01:28:52 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-00311102}.rfx
[2011/11/12 00:46:09 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/11/12 00:46:09 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/11/09 16:07:30 | 000,190,509 | ---- | M] () -- C:\Users\Andrew\Desktop\MalWare Removal • View topic - Emails are being sent from my email account_php.mht
[2011/11/09 15:42:34 | 000,001,950 | ---- | M] () -- C:\Users\Andrew\Desktop\HiJackThis.lnk
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/07 15:49:57 | 000,071,582 | ---- | M] () -- C:\Users\Andrew\Desktop\IMG_0652.JPG
[2011/11/03 16:24:31 | 294,832,668 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 16:39:52 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/10/28 17:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/19 17:23:04 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/18 16:50:48 | 000,002,033 | ---- | M] () -- C:\Users\Andrew\Desktop\Sky Go Desktop.lnk
[2011/10/18 15:46:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/14 22:30:25 | 002,416,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/12 18:11:33 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/09 16:07:27 | 000,190,509 | ---- | C] () -- C:\Users\Andrew\Desktop\MalWare Removal • View topic - Emails are being sent from my email account_php.mht
[2011/11/09 15:42:34 | 000,001,950 | ---- | C] () -- C:\Users\Andrew\Desktop\HiJackThis.lnk
[2011/11/07 15:49:57 | 000,071,582 | ---- | C] () -- C:\Users\Andrew\Desktop\IMG_0652.JPG
[2011/10/19 17:23:04 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/18 16:50:48 | 000,002,063 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Desktop.lnk
[2011/10/18 16:50:48 | 000,002,033 | ---- | C] () -- C:\Users\Andrew\Desktop\Sky Go Desktop.lnk
[2011/10/05 20:46:24 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/09/18 20:20:07 | 000,024,064 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\UserTile.png
[2011/05/16 13:07:30 | 000,003,584 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 09:14:13 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/13 09:14:13 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/10/15 15:01:48 | 000,164,775 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2010/10/15 15:01:48 | 000,000,844 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/09/28 12:34:12 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2010/05/11 20:54:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/05/11 20:54:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/05/11 20:54:01 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/05/11 20:51:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/05/11 20:51:49 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/05/05 18:41:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/05/05 18:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/02/08 12:02:02 | 000,000,131 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2010/01/12 13:35:01 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/22 10:47:55 | 000,077,377 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/09/14 17:13:39 | 000,056,021 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/14 17:11:07 | 000,056,021 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/11 13:04:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 13:04:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/02/10 21:59:56 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2008/12/02 21:33:42 | 000,164,874 | ---- | C] () -- C:\Windows\hpoins30.dat
[2008/08/11 10:04:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/11 15:22:30 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008/07/11 14:40:54 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2008/07/11 14:40:54 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2008/06/18 06:22:38 | 000,000,844 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/02/20 20:00:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2008/02/20 19:58:46 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2008/02/20 19:46:20 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2008/02/20 19:44:34 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2008/02/20 19:44:26 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2008/02/20 19:44:26 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2008/02/20 19:44:10 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2008/02/20 19:44:10 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2008/02/04 21:59:29 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/24 17:50:08 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/01/21 18:58:00 | 000,002,478 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2008/01/18 22:45:43 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll
[2008/01/18 12:35:26 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/01/18 11:27:43 | 000,001,324 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2008/01/18 11:27:12 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2008/01/18 10:53:04 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008/01/18 10:53:04 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/01/18 10:53:01 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2008/01/18 10:53:01 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2008/01/17 21:47:22 | 000,000,907 | R--- | C] () -- C:\Windows\System32\AsusSetup.ini
[2008/01/17 21:47:22 | 000,000,263 | R--- | C] () -- C:\Windows\System32\raidmgmt.ini
[2008/01/17 21:45:50 | 000,008,307 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/17 21:45:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/01/17 21:45:44 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/01/17 21:21:14 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/01/17 21:20:04 | 000,108,544 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/01/17 21:20:04 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007/10/11 09:01:42 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 002,416,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,674,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,133,164 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby shuger » November 12th, 2011, 6:07 pm

OTL Extras logfile created on: 12/11/2011 21:49:09 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.21% Memory free
6.19 Gb Paging File | 3.59 Gb Available in Paging File | 57.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.48 Gb Total Space | 399.45 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28712EB7-5C81-486A-A835-D497D94C212E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F1592BF-1E77-4C6B-8AD9-2BEE20432F20}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{39A9D4DB-B1F8-4E82-9445-B9BE91370E8D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3D64B62B-7E79-45FF-BA9B-C8DF2341575D}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E60E5C8-A06A-4117-9689-999EDF1F23DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F4915C6-F32E-46DA-835B-B153FBBE1A45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{70CDF6E8-04A8-4CD7-856A-47EAB76E23ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7FCD2C61-7278-4F79-A1BE-DDFA4D2630C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8C014989-A5B2-41D4-BD9F-BEB1270A38C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D86D98A-84F3-4A21-B347-51A2076F7EC0}" = lport=9100 | protocol=6 | dir=in | name=192.168.1.3. |
"{9C28E13E-9531-4BD7-9A59-B1FA0E5B7E13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A6E35578-8B14-4B7A-BB55-E37A31B284B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{A95FDCFB-D687-4EBB-8770-8ACF06042F8A}" = rport=139 | protocol=6 | dir=out | app=system |
"{AAF07896-80B2-4173-A459-AAEAB7183057}" = lport=139 | protocol=6 | dir=in | app=system |
"{BA0EF1FD-0A0E-4F04-B7F6-1704C5B2266D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C06E8128-7F09-4800-88EC-34E2E24E2759}" = lport=138 | protocol=17 | dir=in | app=system |
"{D21F6A87-CE4B-4060-BC7F-ED32CB7583CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{E1E21081-8F0B-4BC9-ABB2-E8347C3E2E78}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE46D024-73E2-46F0-BA37-0016C0766578}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F1FA6867-8172-43F6-B684-967F8B70EC8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F6320D34-41C5-4AD2-8CAC-ED882DC9A291}" = lport=1035 | protocol=6 | dir=in | name=akamai netsession interface |
"{FD7EE2C0-0D38-4403-8767-14507384625C}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E05F68A-92B7-4AEF-ABE6-16A4EC8F3077}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{10B66A48-B67C-453D-B248-FD0315FB06B4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{18D48C94-69A5-434A-A127-58D473D87230}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2397D810-5CFC-4F66-A53B-5749E65785DE}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe |
"{26B33D1E-C4E0-4CA2-AED5-8CB63C7C6EE6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2AE72858-3956-4074-8485-FD93E552BD2A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2F455D4F-877E-440F-8870-5C6B63212375}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2FB6EAEA-8B23-4F3E-8119-22DF57E97BBB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30A60CEA-A3C2-4EAE-88FB-9933D6F4B36F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{36D4E0FE-EDFA-4194-A7F5-8F0463855677}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{37EC4FF2-2293-42EC-9AA4-C061F5BBA4E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{3C5F94A0-6105-450E-BF1E-3DEBD779A21B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3C9B51E1-AA1C-4E17-991A-1E4192517BE6}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{3CE73B07-C274-492C-9A62-E15B04DA0C2F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{3D0558A9-827F-4F0A-9C98-260F79853698}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{3D3654C8-5193-4B33-B380-14E8870EC36C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{43B111B0-89FF-4D74-9168-A040A6DEC035}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{45C1006E-0D60-4084-898E-51AEC1A5C8F1}" = protocol=6 | dir=in | app=d:\x86\ibiscont.exe |
"{4685F1C1-1446-495A-85C1-4B2D85673B90}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{47C303AB-F6B9-4ADC-A439-CCA96626D800}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4CCBE928-69BB-4458-95F1-85E07EA40003}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbchannelscan.exe |
"{4DF8824F-2B67-425C-BA42-6CFC0AFD2362}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4FBED82A-053D-4B9B-BC52-3E7A3DD56770}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{534AD9CE-3DB2-4A40-AD0D-5BAA2D6C48C0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{56548C6A-B642-4C08-BDCA-94D5769FB689}" = protocol=17 | dir=in | app=d:\x86\ibiscont.exe |
"{5A1BEA94-5A04-4913-A616-21212A0D4070}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5F8168C0-8AC9-4270-B1EC-0BAA1260B542}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{60DF2200-4628-4249-BFD5-AF94863A2799}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbchannelscan.exe |
"{6117BF31-3D38-4B4B-B2A4-FB40CFB7CBBA}" = protocol=6 | dir=in | app=c:\users\andrew\appdata\local\akamai\netsession_win.exe |
"{6601501B-40FE-4962-BCA5-7A2FEA43D640}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{66FD92AC-FC7C-4F9C-BDE3-C0B3E5ADF705}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{691845A6-4BC7-479D-8951-E1455FBA9320}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{69D66A7C-6026-4E17-834F-9D870B3AF86D}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{6F6BC323-7715-45AD-AA98-C9B8FB816BBF}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbrmstreamerclient.exe |
"{71085759-59B8-4358-92F3-20301EB5E71B}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbrmstreamerclient.exe |
"{72157205-396C-48DD-9A2F-E47901731FCA}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{754F34C2-6768-4C3E-8BCB-347EF197D3A7}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{767D388B-67D4-42A0-80E7-BC4367B33274}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{77BC3461-24AA-4217-B65E-6DABD49A8AED}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"{7AE05E86-2058-4F00-B829-490658FA1A4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8771C2FC-9ACE-4FEC-8A3B-6489D71B1A71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{950E121A-A3FA-42B9-A368-F6550FEAB485}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{97513C5E-95CF-41B7-B28B-3D311D75AF2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9826B537-4CF7-44EE-810F-A44258DA6D2A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9B5D09AF-F112-41B2-9719-5A479F96F5C5}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orb3gpstreamerclient.exe |
"{9C6371C0-E9B7-4587-8863-26F94A184459}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{9D2AA72E-048D-429F-8BC4-55DA9BAE8EE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A44C8E68-3724-49AC-9561-50A6497D2B27}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe |
"{A4AC3B49-216E-41AD-984D-0687DF159E42}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{A4D7C0CD-B776-4493-9D02-7BF9D87A91FA}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A6A0489E-7C2E-4B35-A41F-FA31A410D66E}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"{A8139929-2C30-4283-A422-C6F4599B1675}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{A819E93C-DF9A-4638-81E9-C76A8202B0F1}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{AC397D83-41C0-4E76-8462-7FBEC5F15F3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B07A3B36-A03A-438A-8AA9-A2C1C8D84B19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{B1D62290-7070-4C55-9D00-27866D6889A9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B3C713B7-C843-4A59-8EC2-8CF76228BA66}" = dir=in | app=d:\setup\hpznui01.exe |
"{B4C78EF5-B10F-4BB6-98CA-14B3AAF2ADB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B81C61A6-33AB-4826-A442-8BC9260961CA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B9C6CC28-837B-47C2-9CF4-F21117BCE323}" = protocol=17 | dir=in | app=c:\users\andrew\appdata\local\akamai\netsession_win.exe |
"{BDBDE46E-A925-4E27-AB74-0E3761F25AC8}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{BE91F537-AFF2-4DEB-B013-28BB8F0800F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C41BFD4A-0146-4A50-90B4-C9A5C8630DCC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D59F43F1-37EF-4972-A30D-C4E0F895DBA7}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe |
"{D650D955-4388-4F0A-B776-11158BFD079F}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe |
"{E412B45D-13B7-4EC8-B3D2-C47917342264}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{EBBD1F49-E593-4B6A-93AA-EEB2E61D1767}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EC677F74-1F84-46B8-9430-A6A0D9F91474}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EDF8ECA0-B299-46A2-B6AC-FC26A246A4AA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F0F36691-B0C7-467B-BC7C-1E95872BC22B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F278ED6E-8F40-4E09-86D4-77BD600B7702}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orb3gpstreamerclient.exe |
"{F31396FD-EE24-4E57-871B-2F805282EE23}" = protocol=6 | dir=out | app=system |
"{F3B6423E-583B-4F40-8A45-CB40B576E8B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F93C3648-29B2-4B63-B66A-13D7B54E9C98}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{F9DD480F-CA19-4A6A-B225-645413D72062}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{FBAD00A3-A575-4ED6-A251-E3B220548A82}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{FDE64C6E-1792-4FF1-9E5A-BC3B1085266C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FE17AA80-1FFB-4B4B-9C5E-FDEB3CE9D50B}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"TCP Query User{227F2F6C-7C69-4C78-8BE1-7F6C025A701A}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{39D47A2B-156D-4605-9403-A070E344F566}C:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\0ep9hxaf\downloadsonicsegaallstarsracing.exe" = protocol=6 | dir=in | app=c:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\0ep9hxaf\downloadsonicsegaallstarsracing.exe |
"TCP Query User{51F809B8-6124-4454-9E03-3AF984B01813}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7E739A6D-A9D3-4E84-BF36-72EEE2E958EC}C:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\hg51sb0o\downloadsegamegadrivecollection1uk.exe" = protocol=6 | dir=in | app=c:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\hg51sb0o\downloadsegamegadrivecollection1uk.exe |
"TCP Query User{9F30C869-E8F1-4CCF-8D48-9DF0F7B84A43}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{A384EAD2-1D6F-4A96-8CB0-998273C55780}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{ADEBBB31-A294-4A59-B00A-BA854D3A9357}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F00758D9-447A-4319-8774-8123B389EB32}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{F4C1A636-235C-4689-9B08-6B0108C4903B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{FDA61D9F-DD7B-439D-AAE7-85EF4BEE32ED}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{03E72144-6DC5-4729-9F1A-7EE38908DFEE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4B104B23-A41A-457F-8B38-54CBEA4A47E8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4D65895B-1FA9-415D-B6B5-EF339B548D40}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{51680EDC-374E-4BD7-BF40-D070751D99FD}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{7FBFE3F3-4116-4FC9-A090-1D4F0746C806}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{86AC2FB7-7A02-4CA3-B68A-999B8933C671}C:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\hg51sb0o\downloadsegamegadrivecollection1uk.exe" = protocol=17 | dir=in | app=c:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\hg51sb0o\downloadsegamegadrivecollection1uk.exe |
"UDP Query User{A3DF8F2A-F8B8-4A4D-A6FE-6BACA59197C4}C:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\0ep9hxaf\downloadsonicsegaallstarsracing.exe" = protocol=17 | dir=in | app=c:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\0ep9hxaf\downloadsonicsegaallstarsracing.exe |
"UDP Query User{BD2D0EBD-54CE-400C-BF00-DE99E9F25C75}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D115221D-CC24-4B03-8857-C3D2A55EACD3}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{E20A9ACF-D725-48A7-92C9-388079AFE0CD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = KWorld TV Tuner Card Utilities
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AE9A059-6372-435D-A5FE-0568A3B67F19}" = HyperMediaCenter
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{74DAA2E2-A7DB-4CA3-8F99-62EB23BA3377}" = TV Tuner Card Teletext
"{7641710F-A4AD-4EAE-889C-4958BE3F169C}" = C4580
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4580_ProductContext
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D23E2520-0EAA-4AC3-A47E-A551C70D4FED}" = C4580_Help
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFD8CAB3-D64D-462A-B6EE-5DF8B652B2E5}" = Editing Tools
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Akamai" = Akamai NetSession Interface Service
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"AVG" = AVG 2012
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"Camfrog 5.1" = Camfrog Video Chat 5.1
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Console Launcher" = Creative Console Launcher
"Coupon Printer2.0" = Coupon Printer
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Creative Volume Panel" = Volume Panel
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"Nmap" = Nmap 4.60
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Orb" = Orb
"PokerStars" = PokerStars
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"SEGAMegaDriveClassics" = SEGA Mega Drive Classics
"SFBM" = SoundFont Bank Manager
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Recorder" = Creative Smart Recorder
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"TVP3XDrv" = KWorld TV713X BDA Driver
"VISPRO" = Microsoft Office Visio Professional 2007
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"Wisdom-soft AutoScreenRecorder 3.0 Pro" = Wisdom-soft AutoScreenRecorder 3.0 Pro
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-813452675-1282793062-151359363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1128254232.go.sky.com" = Sky Go Desktop
"Akamai" = Akamai NetSession Interface
"Sonic SEGA AllStars Racing" = Sonic SEGA AllStars Racing

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby Cypher » November 13th, 2011, 8:08 am

Hi shuger,

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Emails are being sent from my email account

Unread postby shuger » November 13th, 2011, 1:47 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\kuma games\kumacontent\materials\detail\detail_cracks.vtf
scanner sequence 3.AP.11.GCCPCO
----- EOF -----
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby Cypher » November 13th, 2011, 2:38 pm

Hi shuger,
Continue with the instructions below.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Ad-Aware
Coupon Printer2.0
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) 6 Update 26


Next.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 7u1.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-813452675-1282793062-151359363-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://208.0.229.146/SysCamInst.cab (Reg Error: Key error.)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (Reg Error: Key error.)
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (Reg Error: Key error.)
    [2011/11/12 18:43:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D904D508-9CD4-46E6-A1A1-611D478B3F85}
    [2011/11/12 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{885ACB43-BA97-4161-A61A-0DD3806E4BB3}
    [2011/11/12 00:46:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{38039A0E-4F1A-4270-A512-0B1C1345D923}
    [2011/11/12 00:46:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{849285E3-797A-4A65-8BE5-F107CFF2922F}
    [2011/11/10 18:26:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CC6B28D2-71DB-40EE-B857-90755C4DB5FB}
    [2011/11/10 18:25:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A67B5204-D6A8-4343-B0ED-40C8DCA964D4}
    [2011/11/09 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A23CAC28-84D3-41F2-A8E0-6F385C26E579}
    [2011/11/09 15:08:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6AF1B1F3-8D05-4152-A520-DA9D434A2E4C}
    [2011/11/08 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EF222308-C4EC-49EE-B35E-91BAD94E2772}
    [2011/11/08 16:35:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{FD27AADF-33A9-4175-B119-3FCD0FA4D962}
    [2011/11/07 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5DFA08CB-1A25-4B52-AD18-0D3F5537B761}
    [2011/11/07 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{324B4BD2-3116-429D-8C2B-4C487871506E}
    [2011/11/06 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D6C22428-6FEA-4898-8832-58BEDF1623EE}
    [2011/11/06 15:49:43 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7102C03E-93D2-4794-AF76-E11C43534C09}
    [2011/11/05 15:18:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5A7FD7F9-8F26-499B-8823-38DAE12E44AC}
    [2011/11/05 15:18:28 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{2195A6AD-DB89-4EE8-B0CA-4BC91744F369}
    [2011/11/03 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F34C520B-019C-4A60-9CB0-F58B43BC8D49}
    [2011/11/03 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F1E4E918-89BE-408E-89B7-9C7F504DEFE1}
    [2011/11/02 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{18F65507-4E68-422C-82E4-BE59C461CCB5}
    [2011/11/02 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D4A14420-23AD-497B-B09E-D7ADB4D8BD2C}
    [2011/11/01 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{AA442ED1-182B-4E03-A686-A5BE14707694}
    [2011/11/01 14:02:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B213EB9D-B177-4742-9324-C650FABFBEE0}
    [2011/10/31 14:08:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{716715A3-A189-4D0B-89A8-36B75CE45B0E}
    [2011/10/31 14:08:28 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{260C7E3D-3C7B-4831-A166-FA94332CF66E}
    [2011/10/30 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4725A41A-753E-47B9-91D0-E27021FCCBB4}
    [2011/10/30 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{BDFEDA76-EF2B-4500-B094-75BA866EDB2F}
    [2011/10/30 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{705D5638-EA34-4D20-9A80-16C75C384B81}
    [2011/10/30 00:23:00 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{16268287-0A59-41BE-B491-778F744505E9}
    [2011/10/28 15:02:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0F4B240A-8DB4-4C61-9798-8E095F5E50BF}
    [2011/10/28 15:02:23 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{24E1E2A9-90F9-4481-8C44-19B485D5B712}
    [2011/10/27 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{11AD192E-62C2-436C-A360-835247DA7A26}
    [2011/10/27 16:29:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C7318D2-9FDB-4FCE-BFB4-77C703FBD1E2}
    [2011/10/26 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4896DDA1-A288-42DA-9707-B0E36A625DBA}
    [2011/10/26 12:29:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{66EB016B-75EC-4E5E-A798-6C5D87A98DE0}
    [2011/10/25 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DDE9A041-B567-4EB6-A76D-A3D4BAA16667}
    [2011/10/25 14:20:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8EBF8509-09AD-4199-B46A-DEBA3C6388B0}
    [2011/10/24 14:47:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4FBD9F03-EF29-4267-B6B3-C5427FA4C00E}
    [2011/10/24 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{92B8F7D2-5E8A-432B-B09B-5ADAF37CA6DF}
    [2011/10/23 13:44:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DF50F562-2476-4391-88F7-D00E6557B121}
    [2011/10/23 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{62388C01-98D6-4B4B-A420-C6FF7E3571B1}
    [2011/10/22 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EE2348BE-C585-43F6-87C0-087ADCE4930A}
    [2011/10/22 23:18:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{929C0908-7CF0-4186-A196-C8DBA2C2836D}
    [2011/10/21 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8D364B1F-52EB-410A-9563-87D072F1031B}
    [2011/10/21 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D4BA33D9-1AB0-4AE9-BBC7-FD1716904B38}
    [2011/10/20 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{82034118-6970-4628-AFCA-0F66EB1186C3}
    [2011/10/20 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DA955E07-CAF6-4CB7-9BEE-6737E8859981}
    [2011/10/19 17:55:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{14191A9A-E2FE-4648-8840-107FC3993728}
    [2011/10/19 17:54:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6F7C4A17-13E1-436B-8CF8-B97C609C9571}
    [2011/10/19 13:54:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0369512F-A3C7-4D4B-8CF8-DE767B0FA371}
    [2011/10/18 16:20:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{30B6AF64-05CE-4ABE-97EA-289FE8C4E671}
    [2011/10/18 16:19:53 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{07C67F24-C592-4BA0-A641-7D4CC17A6250}
    [2011/10/17 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{9EDC1422-CB76-402D-BCBD-F5F91C8B8C13}
    [2011/10/17 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D8256A35-5C04-4618-B830-0D319B000905}
    [2011/10/16 19:24:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{367F9468-3D02-4AB3-A9EC-73ABAE57C065}
    [2011/10/16 19:23:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A7B36555-DD33-423D-8098-E79E3ED083AE}
    [2011/10/16 00:57:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{58F27ABC-6F20-46DC-93CF-916C052562B2}
    [2011/10/15 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6326E40E-C299-440E-9EE1-B8412A046DBA}
    [2011/10/15 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4ACD0233-D43B-48DB-A1BA-14A6580B8B5F}
    [2011/10/14 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{1C7000F6-9210-42CF-8186-AE8B54106E0B}
    [2011/10/14 22:35:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3ECD6B98-19BF-48BF-AFF5-97CAB9788C2C}
    [10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2011/11/12 18:11:33 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • OTL log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Emails are being sent from my email account

Unread postby shuger » November 13th, 2011, 6:40 pm

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-813452675-1282793062-151359363-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Starting removal of ActiveX control {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}
C:\Windows\Downloaded Program Files\install.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}\ not found.
Starting removal of ActiveX control {1E54D648-B804-468d-BC78-4AFFED8E262F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Starting removal of ActiveX control {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
C:\Windows\Downloaded Program Files\DownloadManagerV2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {B1E2B96C-12FE-45E2-BEF1-44A219113CDD}
C:\Windows\Downloaded Program Files\sabspx.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {EBB176D2-AF75-4706-832F-4C8448F72757}
C:\Windows\Downloaded Program Files\TNSClickrc.INF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EBB176D2-AF75-4706-832F-4C8448F72757}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBB176D2-AF75-4706-832F-4C8448F72757}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EBB176D2-AF75-4706-832F-4C8448F72757}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBB176D2-AF75-4706-832F-4C8448F72757}\ not found.
C:\Users\Andrew\AppData\Local\{D904D508-9CD4-46E6-A1A1-611D478B3F85} folder moved successfully.
C:\Users\Andrew\AppData\Local\{885ACB43-BA97-4161-A61A-0DD3806E4BB3} folder moved successfully.
C:\Users\Andrew\AppData\Local\{38039A0E-4F1A-4270-A512-0B1C1345D923} folder moved successfully.
C:\Users\Andrew\AppData\Local\{849285E3-797A-4A65-8BE5-F107CFF2922F} folder moved successfully.
C:\Users\Andrew\AppData\Local\{CC6B28D2-71DB-40EE-B857-90755C4DB5FB} folder moved successfully.
C:\Users\Andrew\AppData\Local\{A67B5204-D6A8-4343-B0ED-40C8DCA964D4} folder moved successfully.
C:\Users\Andrew\AppData\Local\{A23CAC28-84D3-41F2-A8E0-6F385C26E579} folder moved successfully.
C:\Users\Andrew\AppData\Local\{6AF1B1F3-8D05-4152-A520-DA9D434A2E4C} folder moved successfully.
C:\Users\Andrew\AppData\Local\{EF222308-C4EC-49EE-B35E-91BAD94E2772} folder moved successfully.
C:\Users\Andrew\AppData\Local\{FD27AADF-33A9-4175-B119-3FCD0FA4D962} folder moved successfully.
C:\Users\Andrew\AppData\Local\{5DFA08CB-1A25-4B52-AD18-0D3F5537B761} folder moved successfully.
C:\Users\Andrew\AppData\Local\{324B4BD2-3116-429D-8C2B-4C487871506E} folder moved successfully.
C:\Users\Andrew\AppData\Local\{D6C22428-6FEA-4898-8832-58BEDF1623EE} folder moved successfully.
C:\Users\Andrew\AppData\Local\{7102C03E-93D2-4794-AF76-E11C43534C09} folder moved successfully.
C:\Users\Andrew\AppData\Local\{5A7FD7F9-8F26-499B-8823-38DAE12E44AC} folder moved successfully.
C:\Users\Andrew\AppData\Local\{2195A6AD-DB89-4EE8-B0CA-4BC91744F369} folder moved successfully.
C:\Users\Andrew\AppData\Local\{F34C520B-019C-4A60-9CB0-F58B43BC8D49} folder moved successfully.
C:\Users\Andrew\AppData\Local\{F1E4E918-89BE-408E-89B7-9C7F504DEFE1} folder moved successfully.
C:\Users\Andrew\AppData\Local\{18F65507-4E68-422C-82E4-BE59C461CCB5} folder moved successfully.
C:\Users\Andrew\AppData\Local\{D4A14420-23AD-497B-B09E-D7ADB4D8BD2C} folder moved successfully.
C:\Users\Andrew\AppData\Local\{AA442ED1-182B-4E03-A686-A5BE14707694} folder moved successfully.
C:\Users\Andrew\AppData\Local\{B213EB9D-B177-4742-9324-C650FABFBEE0} folder moved successfully.
C:\Users\Andrew\AppData\Local\{716715A3-A189-4D0B-89A8-36B75CE45B0E} folder moved successfully.
C:\Users\Andrew\AppData\Local\{260C7E3D-3C7B-4831-A166-FA94332CF66E} folder moved successfully.
C:\Users\Andrew\AppData\Local\{4725A41A-753E-47B9-91D0-E27021FCCBB4} folder moved successfully.
C:\Users\Andrew\AppData\Local\{BDFEDA76-EF2B-4500-B094-75BA866EDB2F} folder moved successfully.
C:\Users\Andrew\AppData\Local\{705D5638-EA34-4D20-9A80-16C75C384B81} folder moved successfully.
C:\Users\Andrew\AppData\Local\{16268287-0A59-41BE-B491-778F744505E9} folder moved successfully.
C:\Users\Andrew\AppData\Local\{0F4B240A-8DB4-4C61-9798-8E095F5E50BF} folder moved successfully.
C:\Users\Andrew\AppData\Local\{24E1E2A9-90F9-4481-8C44-19B485D5B712} folder moved successfully.
C:\Users\Andrew\AppData\Local\{11AD192E-62C2-436C-A360-835247DA7A26} folder moved successfully.
C:\Users\Andrew\AppData\Local\{7C7318D2-9FDB-4FCE-BFB4-77C703FBD1E2} folder moved successfully.
C:\Users\Andrew\AppData\Local\{4896DDA1-A288-42DA-9707-B0E36A625DBA} folder moved successfully.
C:\Users\Andrew\AppData\Local\{66EB016B-75EC-4E5E-A798-6C5D87A98DE0} folder moved successfully.
C:\Users\Andrew\AppData\Local\{DDE9A041-B567-4EB6-A76D-A3D4BAA16667} folder moved successfully.
C:\Users\Andrew\AppData\Local\{8EBF8509-09AD-4199-B46A-DEBA3C6388B0} folder moved successfully.
C:\Users\Andrew\AppData\Local\{4FBD9F03-EF29-4267-B6B3-C5427FA4C00E} folder moved successfully.
C:\Users\Andrew\AppData\Local\{92B8F7D2-5E8A-432B-B09B-5ADAF37CA6DF} folder moved successfully.
C:\Users\Andrew\AppData\Local\{DF50F562-2476-4391-88F7-D00E6557B121} folder moved successfully.
C:\Users\Andrew\AppData\Local\{62388C01-98D6-4B4B-A420-C6FF7E3571B1} folder moved successfully.
C:\Users\Andrew\AppData\Local\{EE2348BE-C585-43F6-87C0-087ADCE4930A} folder moved successfully.
C:\Users\Andrew\AppData\Local\{929C0908-7CF0-4186-A196-C8DBA2C2836D} folder moved successfully.
C:\Users\Andrew\AppData\Local\{8D364B1F-52EB-410A-9563-87D072F1031B} folder moved successfully.
C:\Users\Andrew\AppData\Local\{D4BA33D9-1AB0-4AE9-BBC7-FD1716904B38} folder moved successfully.
C:\Users\Andrew\AppData\Local\{82034118-6970-4628-AFCA-0F66EB1186C3} folder moved successfully.
C:\Users\Andrew\AppData\Local\{DA955E07-CAF6-4CB7-9BEE-6737E8859981} folder moved successfully.
C:\Users\Andrew\AppData\Local\{14191A9A-E2FE-4648-8840-107FC3993728} folder moved successfully.
C:\Users\Andrew\AppData\Local\{6F7C4A17-13E1-436B-8CF8-B97C609C9571} folder moved successfully.
C:\Users\Andrew\AppData\Local\{0369512F-A3C7-4D4B-8CF8-DE767B0FA371} folder moved successfully.
C:\Users\Andrew\AppData\Local\{30B6AF64-05CE-4ABE-97EA-289FE8C4E671} folder moved successfully.
C:\Users\Andrew\AppData\Local\{07C67F24-C592-4BA0-A641-7D4CC17A6250} folder moved successfully.
C:\Users\Andrew\AppData\Local\{9EDC1422-CB76-402D-BCBD-F5F91C8B8C13} folder moved successfully.
C:\Users\Andrew\AppData\Local\{D8256A35-5C04-4618-B830-0D319B000905} folder moved successfully.
C:\Users\Andrew\AppData\Local\{367F9468-3D02-4AB3-A9EC-73ABAE57C065} folder moved successfully.
C:\Users\Andrew\AppData\Local\{A7B36555-DD33-423D-8098-E79E3ED083AE} folder moved successfully.
C:\Users\Andrew\AppData\Local\{58F27ABC-6F20-46DC-93CF-916C052562B2} folder moved successfully.
C:\Users\Andrew\AppData\Local\{6326E40E-C299-440E-9EE1-B8412A046DBA} folder moved successfully.
C:\Users\Andrew\AppData\Local\{4ACD0233-D43B-48DB-A1BA-14A6580B8B5F} folder moved successfully.
C:\Users\Andrew\AppData\Local\{1C7000F6-9210-42CF-8186-AE8B54106E0B} folder moved successfully.
C:\Users\Andrew\AppData\Local\{3ECD6B98-19BF-48BF-AFF5-97CAB9788C2C} folder moved successfully.
C:\Windows\System32\SET1245.tmp deleted successfully.
C:\Windows\System32\SET1267.tmp deleted successfully.
C:\Windows\System32\SET2FEE.tmp deleted successfully.
C:\Windows\System32\SET305E.tmp deleted successfully.
C:\Windows\System32\SET4E2C.tmp deleted successfully.
C:\Windows\System32\SET4EDE.tmp deleted successfully.
C:\Windows\System32\SET725D.tmp deleted successfully.
C:\Windows\System32\SET72AD.tmp deleted successfully.
C:\Windows\System32\SET8CD8.tmp deleted successfully.
C:\Windows\System32\SET8E03.tmp deleted successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrew\Desktop\cmd.bat deleted successfully.
C:\Users\Andrew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Andrew
->Flash cache emptied: 21917 bytes

User: Default
->Flash cache emptied: 56509 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Andrew
->Temp folder emptied: 82023988 bytes
->Temporary Internet Files folder emptied: 478978119 bytes
->Java cache emptied: 1381328 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22859619 bytes
RecycleBin emptied: 20395607 bytes

Total Files Cleaned = 578.00 mb


[EMPTYJAVA]

User: Andrew
->Java cache emptied: 0 bytes

User: Default

User: Public

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11132011_192707

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Andrew\AppData\Local\Trusteer\Rapport\user\logs\koan.1288.log moved successfully.
File\Folder C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPV1XV0V\viewtopic[1].htm not found!

Registry entries deleted on Reboot...
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby shuger » November 13th, 2011, 6:40 pm

C:\MicroGaming\Casino\GoldenTiger\install.exe Win32/PrimeCasino application
C:\Users\Andrew\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110308204355318.rsc a variant of Java/TrojanDownloader.OpenStream.NBF trojan
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby Cypher » November 14th, 2011, 7:02 am

Hi shuger,
Hi I am having problems with emails being sent from my email address to people in my contacts list,

Can you give me an update on these emails please, are any being sent now?

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :files
    C:\MicroGaming\Casino\GoldenTiger\install.exe
    C:\Users\Andrew\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110308204355318.rsc 
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Emails are being sent from my email account

Unread postby shuger » November 14th, 2011, 11:04 am

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\MicroGaming\Casino\GoldenTiger\install.exe moved successfully.
C:\Users\Andrew\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110308204355318.rsc moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrew\Desktop\cmd.bat deleted successfully.
C:\Users\Andrew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Andrew
->Flash cache emptied: 878 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 54030208 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12529 bytes
RecycleBin emptied: 36307 bytes

Total Files Cleaned = 52.00 mb


[EMPTYJAVA]

User: Andrew
->Java cache emptied: 0 bytes

User: Default

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11142011_145655

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Andrew\AppData\Local\Trusteer\Rapport\user\logs\koan.2284.log moved successfully.

Registry entries deleted on Reboot...
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby shuger » November 14th, 2011, 11:07 am

The computer seems to be running ok. I deleted my contacts list in my email address yahoo before we did these scans fixes. It was sending the emails just to the people in my contact list so this has now stopped. If I add people back to my contact list will the email start sending again?
shuger
Active Member
 
Posts: 9
Joined: November 9th, 2011, 11:58 am

Re: Emails are being sent from my email account

Unread postby Cypher » November 14th, 2011, 11:44 am

Hi shuger,
I deleted my contacts list in my email address yahoo before we did these scans fixes. It was sending the emails just to the people in my contact list so this has now stopped. If I add people back to my contact list will the email start sending again?
Your computer appears to be clean, so i think you are safe to add everyone back to your contact list.

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Emails are being sent from my email account

Unread postby Cypher » November 15th, 2011, 1:54 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware