Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

email sending spam

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

email sending spam

Unread postby Magenta » January 24th, 2013, 4:51 pm

Hello

My email account (via outlook express) is sending spam. I have also been getting an unusual amount of spam in my inbox.

Here are my logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Elizabeth Gries at 12:04:59 on 2013-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2076 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\smtb_updater.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\checkt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN102 ... cale=en_CA
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\youtube to mp3 converter\browserextensions\ie\YouTubeDownloaderExtension.dll
BHO: My Smart Tabs: {E7190CBA-EF64-4CBC-AE5F-44d9930D8CEC} - c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\my smart tabs\browserextensions\ie\MySmartTabs.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [AdobeBridge] <no file>
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Sevas-SSoftwareDefender] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\defender\defender.exe
mRun: [Sevas-SSoftwareUpdater] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\updater\updater.exe
mRun: [YouTube to MP3 Converter Updater] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\youtube to mp3 converter\yt2mp3_updater.exe
mRun: [My Smart Tabs Updater] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\my smart tabs\smtb_updater.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\elizab~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\elizabeth gries\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{14868C30-7CCE-47F0-8B81-B47EBCFA260F} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\elizabeth gries\application data\mozilla\firefox\profiles\1zkfajhr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... Y%5ECA&&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmysmarttabnpapi.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-8 36552]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2012-11-8 400160]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-8 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-8 109344]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-11-8 565024]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-8 83944]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-22 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-2 682344]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-15 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-2 21104]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
.
=============== Created Last 30 ================
.
2013-01-14 00:42:19 -------- d-----w- c:\documents and settings\elizabeth gries\local settings\application data\DoNotTrackPlus
2013-01-14 00:42:12 -------- d-----w- c:\documents and settings\elizabeth gries\application data\AskToolbar
2013-01-09 17:56:31 -------- d-----w- c:\program files\Plants vs Zombies
2013-01-09 17:54:23 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2013-01-09 17:54:22 -------- d-----w- c:\program files\bfgclient
2013-01-09 17:53:34 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 15:55:08 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-13 17:05:59 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:10:32.70 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/28/2011 3:47:41 PM
System Uptime: 1/24/2013 10:51:57 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 0A54h
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | XU1 PROCESSOR | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 783.413 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&696F438&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&696F438&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP445: 10/26/2012 11:50:17 PM - System Checkpoint
RP446: 10/28/2012 12:24:49 AM - System Checkpoint
RP447: 10/29/2012 10:02:42 AM - System Checkpoint
RP448: 10/30/2012 9:07:27 PM - System Checkpoint
RP449: 10/31/2012 9:48:52 PM - System Checkpoint
RP450: 11/1/2012 11:56:40 PM - System Checkpoint
RP451: 11/3/2012 10:58:22 AM - System Checkpoint
RP452: 11/4/2012 10:09:06 AM - System Checkpoint
RP453: 11/5/2012 10:24:11 AM - System Checkpoint
RP454: 11/6/2012 6:00:18 PM - System Checkpoint
RP455: 11/7/2012 6:16:57 PM - System Checkpoint
RP456: 11/8/2012 6:53:49 PM - System Checkpoint
RP457: 11/9/2012 7:50:01 PM - System Checkpoint
RP458: 11/10/2012 8:37:17 PM - System Checkpoint
RP459: 11/11/2012 9:07:43 PM - System Checkpoint
RP460: 11/12/2012 11:10:45 PM - System Checkpoint
RP461: 11/13/2012 11:53:05 PM - System Checkpoint
RP462: 11/15/2012 12:15:52 AM - System Checkpoint
RP463: 11/16/2012 9:12:30 AM - Software Distribution Service 3.0
RP464: 11/17/2012 11:26:31 AM - System Checkpoint
RP465: 11/18/2012 12:42:16 PM - System Checkpoint
RP466: 11/19/2012 1:17:56 PM - System Checkpoint
RP467: 11/20/2012 2:15:14 PM - System Checkpoint
RP468: 11/21/2012 6:20:59 PM - System Checkpoint
RP469: 11/22/2012 7:07:56 PM - System Checkpoint
RP470: 11/23/2012 7:41:58 PM - System Checkpoint
RP471: 11/24/2012 8:16:59 PM - System Checkpoint
RP472: 11/25/2012 9:26:34 PM - System Checkpoint
RP473: 11/26/2012 9:35:05 PM - System Checkpoint
RP474: 11/27/2012 11:50:17 PM - System Checkpoint
RP475: 11/29/2012 12:08:44 AM - System Checkpoint
RP476: 11/30/2012 10:15:42 AM - System Checkpoint
RP477: 12/1/2012 10:18:09 AM - System Checkpoint
RP478: 12/2/2012 10:44:54 AM - System Checkpoint
RP479: 12/3/2012 12:30:15 PM - System Checkpoint
RP480: 12/4/2012 1:14:13 PM - System Checkpoint
RP481: 12/5/2012 6:23:42 PM - System Checkpoint
RP482: 12/6/2012 8:50:10 PM - System Checkpoint
RP483: 12/7/2012 10:01:45 PM - System Checkpoint
RP484: 12/8/2012 10:35:59 PM - System Checkpoint
RP485: 12/9/2012 11:40:03 PM - System Checkpoint
RP486: 12/11/2012 12:14:43 AM - System Checkpoint
RP487: 12/12/2012 8:34:53 AM - System Checkpoint
RP488: 12/13/2012 7:03:36 AM - Software Distribution Service 3.0
RP489: 12/14/2012 9:55:05 AM - System Checkpoint
RP490: 12/15/2012 10:42:44 AM - System Checkpoint
RP491: 12/16/2012 12:05:21 PM - System Checkpoint
RP492: 12/17/2012 12:18:31 PM - System Checkpoint
RP493: 1/5/2013 6:13:09 PM - System Checkpoint
RP494: 1/6/2013 11:03:30 AM - Software Distribution Service 3.0
RP495: 1/7/2013 12:14:22 PM - System Checkpoint
RP496: 1/8/2013 12:24:40 PM - System Checkpoint
RP497: 1/9/2013 9:14:29 AM - Software Distribution Service 3.0
RP498: 1/10/2013 12:28:01 PM - System Checkpoint
RP499: 1/11/2013 1:02:51 PM - System Checkpoint
RP500: 1/12/2013 4:39:34 PM - System Checkpoint
RP501: 1/13/2013 7:17:52 PM - System Checkpoint
RP502: 1/14/2013 10:31:31 PM - System Checkpoint
RP503: 1/15/2013 10:59:18 PM - System Checkpoint
RP504: 1/16/2013 7:58:39 AM - Software Distribution Service 3.0
RP505: 1/17/2013 1:08:28 PM - System Checkpoint
RP506: 1/18/2013 3:10:20 PM - System Checkpoint
RP507: 1/19/2013 3:43:03 PM - System Checkpoint
RP508: 1/20/2013 7:06:20 PM - System Checkpoint
RP509: 1/21/2013 8:32:03 PM - System Checkpoint
RP510: 1/22/2013 9:41:55 PM - System Checkpoint
RP511: 1/23/2013 10:25:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.5)
Amazon Kindle
Ask Toolbar
Avira Antivirus Premium
Avira SearchFree Toolbar plus Web Protection Updater
Big Fish Games: Game Manager
BufferChm
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Destinations
DocProc
Dropbox
Easy Thumbnails (Remove only)
F.lux
GPBaseService2
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Scanjet G3010
HP Solution Center 13.0
HP Update
hpg3010
HPPhotosmartEssential
HPProductAssistant
Intel(R) Active Management Technology LMS Service and SOL Driver
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 13.0
PDF Settings CS5
Plants vs. Zombies
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SolutionCenter
Spell Checker For OE 2.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit)
YouTube to MP3 Converter
.
==== End Of File ===========================
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm
Advertisement
Register to Remove

Re: email sending spam

Unread postby deltalima » January 25th, 2013, 6:06 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby deltalima » January 25th, 2013, 6:11 pm

Hi Magenta,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

codecheck

  • Please download codecheck from here to your Desktop.
  • Make sure that codecheck.exe is on the your Desktop before running the application!
  • Double-click on codecheck.exe.
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Please let me know if the computer is used for business in any way.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby Magenta » January 28th, 2013, 2:10 pm

The only financial stuff I do on this PC is ebay and paypal.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\documents\fromold\documents and settings\elizabeth\my documents\crack me.doc
c:\documents and settings\all users\documents\fromold\music\itunes\itunes music\stone temple pilots\core\crackerman.m4a
c:\documents and settings\all users\documents\fromold\music\u\uncle cracker\desktop.ini
c:\documents and settings\elizabeth gries\desktop\recipe book\beef\spicy firecracker beef marinade.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\bread no knead.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\cheese crackers.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\cheese sticks.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\cheese straws.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\cheese thins.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\ciabatta.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\cinnamon buns.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\cinnamon pecan sticky buns.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\pita.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\pizza bianca.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\rosemary focaccia.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\rustic dinner rolls.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\sourdough how to.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\sprouted bread recipes.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\sticky buns larry smith.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\the harlem tea room scones.doc
c:\documents and settings\elizabeth gries\desktop\recipe book\breads& crackers\thin crust pizza.docx
c:\documents and settings\elizabeth gries\desktop\recipe book\pork\roast pork with crackling.docx
c:\documents and settings\elizabeth gries\my documents\my garmin\ableton\presets\audio effects\vinyl distortion\crack.adv
c:\documents and settings\elizabeth gries\my documents\my writing\poem-story\crack me.doc
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
scanner sequence 3.ZZ.11.GNNAWH
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-Q8Y3X-8TJ8D-KK4QW
Windows Product Key Hash: J+JexB6Fqbm6RpBVzt4JJFyu6bM=
Windows Product ID: 76487-OEM-2253637-49407
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {C262DC6B-2B4F-4B5F-8379-186683D6CE2D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C262DC6B-2B4F-4B5F-8379-186683D6CE2D}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KK4QW</PKey><PID>76487-OEM-2253637-49407</PID><PIDType>3</PIDType><SID>S-1-5-21-4028432042-3930133924-1828962668</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc7700p Small Form Factor</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786E1 v02.10</Version><SMBIOSVersion major="2" minor="4"/><Date>20070413000000.000000+000</Date></BIOS><HWID>4EF43CDF0184607A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>7953DFEBA3E7DB6</Val><Hash>BorcdByXEVZLtQ1jCwLy1yHz/qk=</Hash><Pid>81602-OEM-6873146-32217</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 7619:Compaq Computer Corporation|1190C:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|B978:Compaq Computer Corporation|11933:Compaq Computer Corporation|11933:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|B978:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Codecheck Version 1.0

01028
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email sending spam

Unread postby deltalima » January 28th, 2013, 2:18 pm

Hi Magenta,

There are signs that you are using an unlicensed (cracked) version of Adobe Photoshop CS5.1.

If you wish to continue to receive help please unistall that program and any other software that you do not posses a valid license then let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby Magenta » January 29th, 2013, 9:21 pm

OK, I have removed Photoshop from my computer
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email sending spam

Unread postby deltalima » January 30th, 2013, 4:31 am

Hi Magenta,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby Magenta » February 1st, 2013, 2:06 am

OTL logfile created on: 1/31/2013 4:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elizabeth Gries\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.63% Memory free
4.29 Gb Paging File | 3.15 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 784.38 Gb Free Space | 84.21% Space Free | Partition Type: NTFS

Computer Name: MAGENTA-ANGEL | User Name: Elizabeth Gries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Elizabeth Gries\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe (Sevas-S)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\smtb_updater.exe (Sevas-S)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3converter.exe (Sevas-S)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (atchksrv) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CA&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CA&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN102 ... cale=en_CA
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes\{C6475BDE-AE45-4879-9CA6-8E935592C4FA}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B36C563FF-1D8E-47FA-8E69-4C4E29302B45%7D:1.1.0
FF - prefs.js..extensions.enabledAddons: %7BB18B1E5C-4D81-11E1-9C00-AFEB4824019B%7D:1.1.4
FF - prefs.js..extensions.enabledAddons: %7BE90FA778-C2B7-41D0-9FA9-3FEC1CA54D66%7D:1.0.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10266&locale=en_CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_ptnrs=%5EAGX&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530&apn_dtid=%5EYYYYYY%5EYY%5ECA&&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 12:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 14:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 14:25:51 | 000,000,000 | ---D | M]

[2011/07/02 21:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Extensions
[2012/11/11 10:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions
[2012/08/04 15:41:08 | 000,000,000 | ---D | M] ("Youtube to MP3 Converter") -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}
[2012/10/24 23:36:18 | 000,302,826 | ---- | M] () (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions\{36C563FF-1D8E-47FA-8E69-4C4E29302B45}.xpi
[2012/06/14 07:28:44 | 000,236,651 | ---- | M] () (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions\{E90FA778-C2B7-41D0-9FA9-3FEC1CA54D66}.xpi
[2012/11/08 07:52:21 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\searchplugins\askcom.xml
[2013/01/18 14:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 14:25:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/13 04:37:24 | 000,099,136 | ---- | M] (SEVAS-S LLC) -- C:\Program Files\mozilla firefox\plugins\npmysmarttabnpapi.dll
[2012/08/30 07:30:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 09:55:34 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/07/02 21:57:13 | 000,001,926 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O2 - BHO: (My Smart Tabs) - {E7190CBA-EF64-4CBC-AE5F-44d9930D8CEC} - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\BrowserExtensions\IE\MySmartTabs.dll (SEVAS-S LLC)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [My Smart Tabs Updater] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\smtb_updater.exe (Sevas-S)
O4 - HKLM..\Run: [Sevas-SSoftwareDefender] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\Defender\defender.exe File not found
O4 - HKLM..\Run: [Sevas-SSoftwareUpdater] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\Updater\updater.exe (Sevas-S)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouTube to MP3 Converter Updater] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe (Sevas-S)
O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [F.lux] C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\Elizabeth Gries\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14868C30-7CCE-47F0-8B81-B47EBCFA260F}: DhcpNameServer = 192.168.1.254 75.153.176.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/28 14:21:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 16:05:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Gries\Desktop\OTL.exe
[2013/01/28 10:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/01/25 14:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Desktop\papercuts
[2013/01/18 14:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/13 16:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\DoNotTrackPlus
[2013/01/13 16:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Application Data\AskToolbar
[2013/01/10 18:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Desktop\Preg line
[2013/01/09 09:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/09 09:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2013/01/09 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plants vs Zombies
[2013/01/09 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/01/09 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013/01/09 09:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2013/01/09 09:53:02 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Documents and Settings\Elizabeth Gries\Desktop\bigfishgames_p168348252_s1_l1.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp files -> C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/31 16:12:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/01/31 16:05:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Gries\Desktop\OTL.exe
[2013/01/31 15:41:43 | 000,329,215 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0002.jpg
[2013/01/31 15:39:47 | 000,208,267 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0001.jpg
[2013/01/31 08:08:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2013/01/31 08:00:50 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/31 08:00:50 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/31 07:56:40 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4028432042-3930133924-1828962668-1004.job
[2013/01/31 07:56:34 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2013/01/31 07:56:32 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/31 07:56:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/30 07:50:41 | 000,001,058 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/30 07:50:13 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Dropbox.lnk
[2013/01/29 21:15:13 | 000,242,720 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\ferry receipt0001.pdf
[2013/01/28 21:32:24 | 000,052,253 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\old couple.jpg
[2013/01/27 16:45:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4028432042-3930133924-1828962668-1004.job
[2013/01/23 19:52:06 | 000,078,875 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\tn_208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:51:25 | 000,080,160 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:46:21 | 004,441,288 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.jpg
[2013/01/23 19:36:02 | 010,143,731 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.psd
[2013/01/22 19:02:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:25:24 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:17:12 | 000,170,091 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin Gries.JPG
[2013/01/15 20:16:30 | 000,048,143 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\liam gangam style.jpg
[2013/01/14 14:18:26 | 002,131,364 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\My Documents\optimal_breathing.pdf
[2013/01/11 22:14:29 | 000,008,332 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Zombatar_1.jpg
[2013/01/09 09:56:43 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Plants vs Zombies.lnk
[2013/01/09 09:56:43 | 000,001,200 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2013/01/09 09:55:01 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2013/01/09 09:55:01 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2013/01/09 09:53:02 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Elizabeth Gries\Desktop\bigfishgames_p168348252_s1_l1.exe
[2013/01/09 09:17:43 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 11:14:47 | 003,812,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/05 21:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp files -> C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/31 15:41:46 | 000,329,215 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0002.jpg
[2013/01/31 15:41:46 | 000,208,267 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0001.jpg
[2013/01/29 21:15:17 | 000,242,720 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\ferry receipt0001.pdf
[2013/01/28 21:32:24 | 000,052,253 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\old couple.jpg
[2013/01/23 19:52:06 | 000,078,875 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\tn_208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:51:24 | 000,080,160 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:37:48 | 004,441,288 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.jpg
[2013/01/23 19:36:00 | 010,143,731 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.psd
[2013/01/22 19:02:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:25:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:17:12 | 000,170,091 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin Gries.JPG
[2013/01/15 20:16:29 | 000,048,143 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\liam gangam style.jpg
[2013/01/14 14:18:26 | 002,131,364 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\My Documents\optimal_breathing.pdf
[2013/01/11 22:14:29 | 000,008,332 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Zombatar_1.jpg
[2013/01/09 09:56:43 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Plants vs Zombies.lnk
[2013/01/09 09:56:43 | 000,001,200 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2013/01/09 09:55:01 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2013/01/09 09:55:01 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2013/01/09 09:54:31 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2013/01/09 09:54:27 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/02/15 09:01:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 13:21:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/01/15 13:21:30 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/01/15 13:21:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/07/02 23:16:54 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/07/02 21:56:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/07/02 21:36:00 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 21:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/28 14:38:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/03/28 14:37:21 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011/03/28 14:37:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2011/03/28 14:34:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/28 14:33:43 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2011/03/28 14:22:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/28 14:19:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/28 14:09:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/03/28 14:09:12 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 14:09:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/03/28 14:09:12 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/28 14:09:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/03/28 14:09:11 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/03/28 14:09:11 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/03/28 14:09:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/03/28 14:09:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/03/28 14:09:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/03/28 14:09:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/03/28 14:09:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/03/28 06:15:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/28 06:15:01 | 003,812,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/07/30 18:50:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 14:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 21:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09

< End of report >


OTL Extras logfile created on: 1/31/2013 4:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elizabeth Gries\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.63% Memory free
4.29 Gb Paging File | 3.15 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 784.38 Gb Free Space | 84.21% Space Free | Partition Type: NTFS

Computer Name: MAGENTA-ANGEL | User Name: Elizabeth Gries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27E3BC84-8151-4F76-9D53-A810394CADAC}" = hpg3010
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2A59F15-F731-4062-9BB7-3C99D8F15756}" = HP Scanjet G3010
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Avira AntiVir Desktop" = Avira Antivirus Premium
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Digital Editions" = Adobe Digital Editions
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MESOL" = Intel(R) Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube to MP3 Converter" = YouTube to MP3 Converter

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Flux" = F.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/18/2013 5:11:57 PM | Computer Name = MAGENTA-ANGEL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 18.0.0.4752, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Mail Protection service terminated with service-specific
error 1 (0x1).

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Web Protection service terminated with service-specific
error 1 (0x1).

Error - 12/1/2012 1:09:10 AM | Computer Name = MAGENTA-ANGEL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.65 on
the Network Card with network address 001CC422988C.

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Mail Protection service terminated with service-specific
error 1 (0x1).

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Web Protection service terminated with service-specific
error 1 (0x1).

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Mail Protection service terminated with service-specific
error 1 (0x1).

Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Web Protection service terminated with service-specific
error 1 (0x1).


< End of report >

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-01-31 22:03:21
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 ST31000524AS rev.JC45 931.51GB
Running: 13hskdm5.exe; Driver: C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\kgrdapog.sys


---- System - GMER 2.0 ----

SSDT BA7C33C4 ZwClose
SSDT BA7C337E ZwCreateKey
SSDT BA7C33CE ZwCreateSection
SSDT BA7C33A6 ZwCreateSymbolicLinkObject
SSDT BA7C3374 ZwCreateThread
SSDT BA7C3383 ZwDeleteKey
SSDT BA7C338D ZwDeleteValueKey
SSDT BA7C33BF ZwDuplicateObject
SSDT BA7C33AB ZwLoadDriver
SSDT BA7C3392 ZwLoadKey
SSDT BA7C3360 ZwOpenProcess
SSDT BA7C33A1 ZwOpenSection
SSDT BA7C3365 ZwOpenThread
SSDT BA7C33E7 ZwQueryValueKey
SSDT BA7C339C ZwReplaceKey
SSDT BA7C33D8 ZwRequestWaitReplyPort
SSDT BA7C3397 ZwRestoreKey
SSDT BA7C33D3 ZwSetContextThread
SSDT BA7C33DD ZwSetSecurityObject
SSDT BA7C33B0 ZwSetSystemInformation
SSDT BA7C3388 ZwSetValueKey
SSDT BA7C33E2 ZwSystemDebugControl
SSDT BA7C336F ZwTerminateProcess
SSDT BA7C336A ZwWriteVirtualMemory

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1056] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- EOF - GMER 2.0 ----
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email sending spam

Unread postby deltalima » February 1st, 2013, 4:28 am

Hi Magenta,

Please uninstall

Avira SearchFree Toolbar plus Web Protection Updater


Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    IE - HKU\.DEFAULT\..\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q= {searchTerms}&locale=en_CA&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
    IE - HKU\S-1-5-18\..\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q= {searchTerms}&locale=en_CA&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
    IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes\{C6475BDE-AE45-4879-9CA6-8E935592C4FA}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q= {searchTerms}&locale=&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10266&locale=en_CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_ptnrs=%5EAGX&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530&apn_dtid=%5EYYYYYY%5EYY%5ECA&&q="
    FF - user.js - File not found
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
    :files
    C:\Program Files\Ask.com
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby Magenta » February 2nd, 2013, 12:19 am

That did not seem to work. I uninstalled Avira SearchFree Toolbar plus Web Protection Updater from add/remove programs, and then when I input the code into OTL, the computer froze, OTL was "not responding", the taskbar, start button and everything on the desktop disappeared. An error message also appeared saying "INTEL AMT status could not be retrieved from atchksrv for 60 seconds. Please make sure the service is running." I had to manually reboot the computer finally after waiting for over an hour for things to change.
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email sending spam

Unread postby deltalima » February 2nd, 2013, 12:50 pm

Hi Magenta,

Boot to Safe Mode

  1. Restart your computer.
  2. Continually tap the F8 key (usually)... as your computer is booting (when menu appears).
    The key used for your computer may be different... F8 is commonly the key used.
  3. Use up-arrow key to select "Safe Mode" and press Enter.
      If you have a multiple boot system (more than 1 OS installed) or you have Recovery Console installed...
      you will be shown the multi boot screen.
    • Highlight the OS you want to start.
    • Press Enter
  4. Once the system starts ...it will show various files/drivers being loaded. Windows will load your desktop.
  5. Reply "Yes" to the Safe Mode startup, if prompted.

Now please run the OTL Script using the previous instructions and post the log when complete.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby Magenta » February 4th, 2013, 2:10 am

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4328660F-5AAA-426C-AA2F-D71DEBB85270}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4328660F-5AAA-426C-AA2F-D71DEBB85270}\ not found.
Registry value HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Internet Explorer\SearchScopes\{C6475BDE-AE45-4879-9CA6-8E935592C4FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6475BDE-AE45-4879-9CA6-8E935592C4FA}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10266&locale=en_CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_ptnrs=%5EAGX&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530&apn_dtid=%5EYYYYYY%5EYY%5ECA&&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\CallingIDSDK folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\pt folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\nl folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\it folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\fr folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\es folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\en folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale\de folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\locale folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\images folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE\css folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\IE folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\chrome\content\templates folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\chrome\content\reports folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\chrome\content\images folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\chrome\content\css folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\chrome\content folder moved successfully.
C:\Program Files\Ask.com\AbineSDK\chrome folder moved successfully.
C:\Program Files\Ask.com\AbineSDK folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 376966 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 376966 bytes
->Flash cache emptied: 56502 bytes

User: Elizabeth Gries
->Temp folder emptied: 1871360970 bytes
->Temporary Internet Files folder emptied: 299229166 bytes
->FireFox cache emptied: 176361533 bytes
->Flash cache emptied: 3407919 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 42949267 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2939921 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21980147 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 286301762 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33234 bytes
RecycleBin emptied: 3088161309 bytes

Total Files Cleaned = 5,525.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Elizabeth Gries
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Elizabeth Gries

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02032013_130758

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email sending spam

Unread postby deltalima » February 4th, 2013, 3:58 am

Hi Magenta,

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email sending spam

Unread postby deltalima » February 7th, 2013, 4:20 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware