Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer is sending junk mail

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer is sending junk mail

Unread postby Will52 » March 11th, 2013, 2:31 pm

Recently my computer starting sending junk email to everyone in my contacts. The emails contained links that often were for porn or advertising sexual medications, toys etc. I downloaded an anti-virus software that got rid of the emails, but my computer runs even slower than it did before. It is at least half as fast as it should be. Here is my DDS log. I appreciate the help.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/25/2004 3:13:37 AM
System Uptime: 3/5/2013 12:54:11 PM (144 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 189.031 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB Device
Device ID: USB\VID_04B8&PID_0142\5&2288B5EF&0&4
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_04B8&PID_0142\5&2288B5EF&0&4
Service:
.
==== System Restore Points ===================
.
RP773: 12/11/2012 4:23:42 PM - Software Distribution Service 3.0
RP774: 12/12/2012 3:00:58 AM - Software Distribution Service 3.0
RP775: 12/13/2012 3:35:19 AM - System Checkpoint
RP776: 12/13/2012 3:43:49 AM - Software Distribution Service 3.0
RP777: 12/14/2012 3:44:07 AM - Software Distribution Service 3.0
RP778: 12/15/2012 3:13:47 AM - Software Distribution Service 3.0
RP779: 12/15/2012 3:42:52 AM - Software Distribution Service 3.0
RP780: 12/16/2012 3:43:18 AM - Software Distribution Service 3.0
RP781: 12/17/2012 3:43:52 AM - Software Distribution Service 3.0
RP782: 12/18/2012 3:44:17 AM - Software Distribution Service 3.0
RP783: 12/19/2012 3:44:11 AM - Software Distribution Service 3.0
RP784: 12/19/2012 7:49:44 PM - Removed SmartFTP Client
RP785: 12/19/2012 7:50:43 PM - Removed Bonjour
RP786: 12/19/2012 7:51:23 PM - Removed Ask Toolbar.
RP787: 12/20/2012 7:52:30 PM - System Checkpoint
RP788: 12/21/2012 3:00:22 AM - Software Distribution Service 3.0
RP789: 12/21/2012 3:28:20 AM - Software Distribution Service 3.0
RP790: 12/22/2012 2:56:27 AM - Software Distribution Service 3.0
RP791: 12/22/2012 3:29:05 AM - Software Distribution Service 3.0
RP792: 12/23/2012 3:29:59 AM - Software Distribution Service 3.0
RP793: 12/24/2012 3:29:41 AM - Software Distribution Service 3.0
RP794: 12/25/2012 3:29:11 AM - Software Distribution Service 3.0
RP795: 12/26/2012 3:28:15 AM - Software Distribution Service 3.0
RP796: 12/27/2012 3:28:29 AM - Software Distribution Service 3.0
RP797: 12/28/2012 3:28:17 AM - Software Distribution Service 3.0
RP798: 12/29/2012 2:55:25 AM - Software Distribution Service 3.0
RP799: 12/30/2012 3:29:07 AM - Software Distribution Service 3.0
RP800: 12/31/2012 3:27:50 AM - Software Distribution Service 3.0
RP801: 1/1/2013 3:29:32 AM - Software Distribution Service 3.0
RP802: 1/2/2013 3:29:00 AM - Software Distribution Service 3.0
RP803: 1/3/2013 3:27:57 AM - Software Distribution Service 3.0
RP804: 1/4/2013 3:28:46 AM - Software Distribution Service 3.0
RP805: 1/5/2013 2:56:12 AM - Software Distribution Service 3.0
RP806: 1/6/2013 3:00:33 AM - Software Distribution Service 3.0
RP807: 1/6/2013 3:28:06 AM - Software Distribution Service 3.0
RP808: 1/7/2013 3:28:33 AM - Software Distribution Service 3.0
RP809: 1/8/2013 3:28:50 AM - Software Distribution Service 3.0
RP810: 1/9/2013 3:28:56 AM - Software Distribution Service 3.0
RP811: 1/10/2013 3:00:52 AM - Software Distribution Service 3.0
RP812: 1/10/2013 3:28:45 AM - Software Distribution Service 3.0
RP813: 1/11/2013 3:50:12 AM - Software Distribution Service 3.0
RP814: 1/12/2013 2:59:05 AM - Software Distribution Service 3.0
RP815: 1/12/2013 3:50:01 AM - Software Distribution Service 3.0
RP816: 1/13/2013 3:51:53 AM - Software Distribution Service 3.0
RP817: 1/14/2013 3:50:45 AM - Software Distribution Service 3.0
RP818: 1/15/2013 3:00:50 AM - Software Distribution Service 3.0
RP819: 1/16/2013 3:23:43 AM - System Checkpoint
RP820: 1/16/2013 3:32:08 AM - Software Distribution Service 3.0
RP821: 1/17/2013 3:33:12 AM - Software Distribution Service 3.0
RP822: 1/18/2013 3:29:42 AM - Software Distribution Service 3.0
RP823: 1/19/2013 2:38:33 AM - Software Distribution Service 3.0
RP824: 1/20/2013 3:31:26 AM - Software Distribution Service 3.0
RP825: 1/21/2013 4:22:29 AM - System Checkpoint
RP826: 1/22/2013 3:31:07 AM - Software Distribution Service 3.0
RP827: 1/22/2013 6:14:03 AM - Removed Java(TM) 6 Update 24
RP828: 1/22/2013 6:15:55 AM - Installed Java Runtime Environment
RP829: 1/23/2013 3:31:06 AM - Software Distribution Service 3.0
RP830: 1/24/2013 3:31:11 AM - Software Distribution Service 3.0
RP831: 1/25/2013 3:30:33 AM - Software Distribution Service 3.0
RP832: 1/26/2013 2:39:34 AM - Software Distribution Service 3.0
RP833: 1/27/2013 3:30:35 AM - Software Distribution Service 3.0
RP834: 1/28/2013 3:31:37 AM - Software Distribution Service 3.0
RP835: 1/29/2013 3:31:24 AM - Software Distribution Service 3.0
RP836: 1/30/2013 3:31:14 AM - Software Distribution Service 3.0
RP837: 1/31/2013 3:31:19 AM - Software Distribution Service 3.0
RP838: 2/1/2013 3:31:18 AM - Software Distribution Service 3.0
RP839: 2/2/2013 2:40:27 AM - Software Distribution Service 3.0
RP840: 2/3/2013 3:32:04 AM - Software Distribution Service 3.0
RP841: 2/4/2013 3:31:37 AM - Software Distribution Service 3.0
RP842: 2/5/2013 3:33:12 AM - Software Distribution Service 3.0
RP843: 2/6/2013 3:30:57 AM - Software Distribution Service 3.0
RP844: 2/7/2013 3:30:03 AM - Software Distribution Service 3.0
RP845: 2/8/2013 3:31:41 AM - Software Distribution Service 3.0
RP846: 2/9/2013 2:39:43 AM - Software Distribution Service 3.0
RP847: 2/10/2013 3:22:07 AM - System Checkpoint
RP848: 2/10/2013 3:30:14 AM - Software Distribution Service 3.0
RP849: 2/11/2013 3:31:36 AM - Software Distribution Service 3.0
RP850: 2/12/2013 3:31:22 AM - Software Distribution Service 3.0
RP851: 2/13/2013 3:32:02 AM - Software Distribution Service 3.0
RP852: 2/14/2013 3:00:53 AM - Software Distribution Service 3.0
RP853: 2/14/2013 3:30:43 AM - Software Distribution Service 3.0
RP854: 2/15/2013 3:45:53 AM - System Checkpoint
RP855: 2/15/2013 3:53:54 AM - Software Distribution Service 3.0
RP856: 2/16/2013 2:33:26 AM - Software Distribution Service 3.0
RP857: 2/16/2013 3:54:27 AM - Software Distribution Service 3.0
RP858: 2/17/2013 3:58:11 AM - Software Distribution Service 3.0
RP859: 2/18/2013 3:55:00 AM - Software Distribution Service 3.0
RP860: 2/19/2013 3:54:43 AM - Software Distribution Service 3.0
RP861: 2/20/2013 3:56:09 AM - Software Distribution Service 3.0
RP862: 2/21/2013 3:53:42 AM - Software Distribution Service 3.0
RP863: 2/22/2013 3:54:14 AM - Software Distribution Service 3.0
RP864: 2/23/2013 2:33:13 AM - Software Distribution Service 3.0
RP865: 2/23/2013 3:54:04 AM - Software Distribution Service 3.0
RP866: 2/24/2013 3:54:00 AM - Software Distribution Service 3.0
RP867: 2/25/2013 3:54:04 AM - Software Distribution Service 3.0
RP868: 2/26/2013 3:54:27 AM - Software Distribution Service 3.0
RP869: 2/27/2013 3:55:00 AM - Software Distribution Service 3.0
RP870: 2/28/2013 3:55:09 AM - Software Distribution Service 3.0
RP871: 3/1/2013 3:53:18 AM - Software Distribution Service 3.0
RP872: 3/2/2013 3:18:44 AM - Software Distribution Service 3.0
RP873: 3/2/2013 4:15:06 PM - Software Distribution Service 3.0
RP874: 3/3/2013 4:15:49 PM - Software Distribution Service 3.0
RP875: 3/4/2013 4:03:47 PM - Installed MediaImpression
RP876: 3/4/2013 4:15:17 PM - Software Distribution Service 3.0
RP877: 3/4/2013 9:56:06 PM - Installed MediaImpression
RP878: 3/4/2013 10:08:08 PM - Software Distribution Service 3.0
RP879: 3/5/2013 6:11:46 AM - Software Distribution Service 3.0
RP880: 3/6/2013 6:59:27 AM - System Checkpoint
RP881: 3/6/2013 1:07:40 PM - Software Distribution Service 3.0
RP882: 3/7/2013 1:08:50 PM - Software Distribution Service 3.0
RP883: 3/8/2013 1:08:11 PM - Software Distribution Service 3.0
RP884: 3/9/2013 3:28:47 AM - Software Distribution Service 3.0
RP885: 3/9/2013 1:09:14 PM - Software Distribution Service 3.0
RP886: 3/10/2013 2:08:43 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.6)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
Ask Toolbar
Ask Toolbar Updater
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon MX880 series MP Drivers
Canon MX880 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Costco Photo Organizer
Google Chrome
Google Update Helper
GoToMeeting 5.4.0.1083
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Extreme Graphics 2 Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 38
K-Lite Codec Pack 7.0.0 (Standard)
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 2.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
PDF Settings CS5
Quicken 2001 Basic
Quicken 2011
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 6.1
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
.
==== Event Viewer Messages From Past Week ========
.
3/7/2013 6:37:12 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Kodak\MediaImpression\PhotoViewer.exe. Reference error message: The operation completed successfully. .
3/5/2013 6:08:58 AM, error: SideBySide [59] - Resolve Partial Assembly failed for MPEG_Engine. Reference error message: The referenced assembly is not installed on your system. .
3/5/2013 6:08:58 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Kodak\MediaImpression\MediaPlayer.exe. Reference error message: The operation completed successfully. .
3/5/2013 6:08:58 AM, error: SideBySide [32] - Dependent Assembly MPEG_Engine could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Bill at 12:23:48 on 2013-03-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.143 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5\Bridge.exe" -stealth
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SansaDispatch] c:\documents and settings\bill\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 74.211.15.210 74.211.15.211 74.211.89.201
TCP: Interfaces\{CDBDD390-DF7E-4A9E-BFCE-52861A23F706} : DHCPNameServer = 74.211.15.210 74.211.15.211 74.211.89.201
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bill\application data\mozilla\firefox\profiles\c85fc5i1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... 00YYUS&&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\bill\local settings\application data\citrix\plugins\79\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-01-22 06:15; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-22 06:27; toolbar@ask.com; c:\documents and settings\bill\application data\mozilla\firefox\profiles\c85fc5i1.default\extensions\toolbar@ask.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 195296]
R1 MpKsl67c8a595;MpKsl67c8a595;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93ca4ae0-66c3-49d7-9d74-c0f0bb90f6bc}\MpKsl67c8a595.sys [2013-3-10 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"
.
=============== Created Last 30 ================
.
2013-03-11 03:32:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93ca4ae0-66c3-49d7-9d74-c0f0bb90f6bc}\MpKsl67c8a595.sys
2013-03-10 20:08:58 6954968 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93ca4ae0-66c3-49d7-9d74-c0f0bb90f6bc}\mpengine.dll
2013-03-10 14:59:59 770384 ----a-w- c:\program files\mozilla firefox\updated\msvcr100.dll
2013-03-09 20:09:33 6954968 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-05 19:50:47 -------- d-----w- c:\program files\iPod
2013-03-05 19:50:29 -------- d-----w- c:\program files\iTunes
2013-03-05 19:50:29 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-05 04:46:09 -------- d-----w- c:\documents and settings\bill\local settings\application data\WMTools Downloaded Files
2013-03-04 23:03:50 -------- d-----w- c:\program files\Kodak
2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-02-27 07:56:26 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 07:56:25 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-23 02:59:20 60864 ----a-w- c:\documents and settings\bill\g2mdlhlpx.exe
2013-01-22 13:14:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-22 13:14:46 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-22 13:14:46 473072 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-20 22:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:28:34 2193152 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:45:13 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:48:28 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:48:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:31:02 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 12:25:29.49 ===============
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm
Advertisement
Register to Remove

Re: Computer is sending junk mail

Unread postby askey127 » March 11th, 2013, 3:13 pm

Looking at your logs.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby askey127 » March 11th, 2013, 5:25 pm

Hi Will52,
--------------------------------------------------------------
The first thing you need to do is to get Quicken and any related private data files off this machine.
You can save the data to a flash drive, CD, or DVD, etc. Then delete the data from the machine
You have to assume that those using your machine this way may have access to everything on it.
--------------------------------------------------------------
Download the Norton Removal Tool from here, save it to your desktop and run it.
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ask Toolbar
Ask Toolbar Updater
Java Auto Updater
Java(TM) 6 Update 38

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby Will52 » March 11th, 2013, 11:43 pm

Ok I erased my Quicken stuff. Here are my rogue killer results.
RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Bill [Admin rights]
Mode : Scan -- Date : 03/11/2013 21:38:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x80584B31 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xEECA4640)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJB-00J3A0 +++++
--- User ---
[MBR] 0ca48c43e7c69ed808198586c03d72f9
[BSP] 5038465cb2a8a207b835c795c7eca442 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03112013_02d2138.txt >>
RKreport[1]_S_03112013_02d2138.txt
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm

Re: Computer is sending junk mail

Unread postby askey127 » March 12th, 2013, 7:31 am

will52,
I am assuming you ran the Norton Removal Tool and also did the program removals successfully.
Tell me of any problems along the way.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby Will52 » March 12th, 2013, 1:17 pm

Yes, I did those other scans no problem. I will let you know if problems arise. Here are my OTL results.
OTL logfile created on: 3/12/2013 11:02:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 383.60 Mb Available Physical Memory | 37.53% Memory free
2.41 Gb Paging File | 1.73 Gb Available in Paging File | 71.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.41 Gb Free Space | 81.33% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/12 10:57:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/12/16 11:06:56 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/05 17:07:24 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/08 23:21:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/02 07:48:49 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/04/22 06:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/09/14 18:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/07/25 20:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/09 04:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/10/19 23:21:25 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/09 04:28:12 | 000,073,728 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5\Symlib.dll
MOD - [2010/03/09 04:28:10 | 002,748,416 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5\libmysqld.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (ACDaemon)
SRV - [2013/03/11 21:16:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 01:56:26 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/08 23:21:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/11 21:36:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26D85127-DD66-48A9-B08B-2A91061D271F}\MpKslbebb2ae3.sys -- (MpKslbebb2ae3)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/15 09:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 18 C5 C3 01 AA CC 01 [binary data]
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\..\SearchScopes\{B7991FDC-21AE-4144-BECC-1E2B9687DD83}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EDC3D37F-7A6D-4FE1-9C2F-23B9E6F1851B&apn_sauid=2DE87065-8711-4928-B0B3-1E9AD4670141
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Bill\Local Settings\Application Data\Citrix\Plugins\79\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/16 11:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/16 11:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/11 21:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/05 22:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2011/10/05 22:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions\home2@tomtom.com
[2013/01/22 07:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\extensions
[2012/09/21 16:27:22 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2013/01/22 07:27:21 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\searchplugins\askcom.xml
[2011/05/18 16:56:07 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\searchplugins\safesearch.xml
[2013/03/11 21:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/19 19:42:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 08:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/03/10 08:59:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 09:00:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/10 08:59:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/03/11 21:16:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 07:35:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 19:43:32 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005..\Run: [SansaDispatch] C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.211.15.210 74.211.15.211 74.211.89.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDBDD390-DF7E-4A9E-BFCE-52861A23F706}: DhcpNameServer = 74.211.15.210 74.211.15.211 74.211.89.201
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/25 03:05:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d6dcf8e-c447-11e0-9b8e-00111171438d}\Shell - "" = AutoRun
O33 - MountPoints2\{6d6dcf8e-c447-11e0-9b8e-00111171438d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d6dcf8e-c447-11e0-9b8e-00111171438d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{77f04954-8373-11e2-9bf6-00111171438d}\Shell - "" = AutoRun
O33 - MountPoints2\{77f04954-8373-11e2-9bf6-00111171438d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77f04954-8373-11e2-9bf6-00111171438d}\Shell\AutoRun\command - "" = F:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/12 10:57:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2013/03/11 21:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\RK_Quarantine
[2013/03/11 21:28:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/10 21:29:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Administrative Tools
[2013/03/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/05 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/05 13:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/05 13:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/04 22:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\WMTools Downloaded Files
[2013/03/04 17:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2013/03/04 17:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2013/03/04 17:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2013/02/21 13:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\My Music
[2013/02/19 19:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/12 10:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/12 10:57:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2013/03/12 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/12 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER-Owner.job
[2013/03/12 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER-Bill.job
[2013/03/12 01:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 977c006a-bc52-4d5b-ae67-d39e150577f8.job
[2013/03/11 23:21:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64ffc890-ee30-4d4e-899b-e51a3ec2509e.job
[2013/03/11 21:36:16 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\RogueKiller.exe
[2013/03/11 21:33:44 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 21:33:44 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 21:32:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a7e5e3ce-6c9e-4cae-b2ea-5bd52628bd12.job
[2013/03/11 21:32:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/11 21:32:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/11 21:32:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/11 21:32:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/11 21:32:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/11 21:32:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/11 21:31:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/11 21:31:35 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/11 21:18:25 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Norton_Removal_Tool.exe
[2013/03/11 05:17:58 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2013/03/10 09:57:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/09 18:17:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/09 09:35:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/09 09:35:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/07 19:41:35 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/07 09:06:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/05 13:52:27 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/04 23:09:19 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/04 17:05:22 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2013/02/27 01:56:26 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 01:56:25 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/17 22:34:46 | 000,227,524 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\dws logo.pdf
[2013/02/14 04:42:06 | 003,465,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 04:20:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/11 21:36:01 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\RogueKiller.exe
[2013/03/11 21:32:48 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a7e5e3ce-6c9e-4cae-b2ea-5bd52628bd12.job
[2013/03/11 21:32:46 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 977c006a-bc52-4d5b-ae67-d39e150577f8.job
[2013/03/11 21:32:45 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64ffc890-ee30-4d4e-899b-e51a3ec2509e.job
[2013/03/11 21:18:22 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Norton_Removal_Tool.exe
[2013/03/05 13:52:27 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/04 17:05:22 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2013/01/22 20:59:09 | 000,060,864 | ---- | C] () -- C:\Documents and Settings\Bill\g2mdlhlpx.exe
[2012/03/12 09:26:36 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Adobe BMP Format CS5 Prefs
[2012/02/14 13:13:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 13:43:08 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/04 20:57:58 | 000,027,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/11 18:13:34 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/10/11 18:13:25 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/11 18:13:23 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/08/15 17:53:19 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 17:13:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/17 03:25:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/05/21 15:35:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/05/21 15:35:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/05/21 15:35:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/05/21 15:35:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/05/21 15:35:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/05/21 15:35:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/05/21 15:35:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/05/21 15:35:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/05/21 15:35:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/05/21 15:35:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/05/21 15:35:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/05/21 15:35:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/05/21 15:35:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/05/21 15:35:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/05/21 15:35:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/05/21 15:35:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/05/21 15:33:46 | 000,000,034 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2011/05/01 08:20:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2011/05/01 08:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2011/05/01 08:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2011/04/29 22:07:55 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2011/04/27 07:45:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/26 20:44:52 | 000,000,205 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2011/04/26 20:44:52 | 000,000,107 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

========== ZeroAccess Check ==========

[2004/08/25 03:06:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/05 13:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/22 07:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/08/02 15:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2011/08/02 14:46:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/08/02 15:11:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/09/21 10:04:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/08/02 15:11:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/08/02 15:01:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/08/03 09:45:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/08/02 15:00:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/08/02 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/06/28 22:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/05/21 17:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/01/24 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/10/05 22:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/11/22 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/25 12:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon
[2011/08/02 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon Easy-WebPrint EX
[2012/05/24 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/21 13:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Costco Photo Organizer
[2013/01/24 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DriverCure
[2011/05/21 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Epson
[2013/02/06 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\MPEG Streamclip
[2012/09/02 07:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SanDisk
[2013/01/24 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SpeedyPC Software
[2011/10/25 21:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Tific
[2011/10/05 22:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom
[2011/11/15 07:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\YCanPDF
[2011/10/25 22:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Tific
[2011/05/01 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AskToolbar
[2012/02/24 09:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2011/08/04 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2012/05/23 10:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Organizer
[2011/09/25 12:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Viewer
[2011/05/21 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2012/11/11 11:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyPublisher

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 3/12/2013 11:02:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 383.60 Mb Available Physical Memory | 37.53% Memory free
2.41 Gb Paging File | 1.73 Gb Available in Paging File | 71.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.41 Gb Free Space | 81.33% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1078081533-162531612-1417001333-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:LocalSubNet:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Bill\Local Settings\Temp\7zS3F8.tmp\SymNRT.exe" = C:\Documents and Settings\Bill\Local Settings\Temp\7zS3F8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{17A7FDBC-FB38-4258-B623-BCBA212BC25D}" = Costco Photo Organizer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9EDE7573-F2B0-4FAC-8928-A7E9381BCB91}" = ArcSoft MediaImpression for Kodak
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSNINST" = MSN
"QcDrv" = Logitech® Camera Driver
"Quicken 2001 Basic" = Quicken 2001 Basic
"RealPlayer 16.0" = RealPlayer
"Rhapsody" = Rhapsody
"Speed Dial Utility" = Canon Speed Dial Utility
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
"winusb0200" = Microsoft WinUsb 2.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-162531612-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1083
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2013 6:28:12 AM | Computer Name = COMPUTER | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: Microsoft.Build.Tasks, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80070020

Error - 1/16/2013 6:32:26 AM | Computer Name = COMPUTER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070020, P2 patchapplication, P3 am bde,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 1/24/2013 6:58:18 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application speedypc.exe, version 3.1.6.0, faulting module
speedypc.exe, version 3.1.6.0, fault address 0x0007126a.

Error - 1/24/2013 6:58:24 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket -919182125.

Error - 2/26/2013 11:07:55 AM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 15.0.0.399, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/26/2013 12:38:03 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1796667582.

Error - 3/1/2013 6:52:12 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 12.0.6606.1000, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2013 6:57:31 PM | Computer Name = COMPUTER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9203.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/1/2013 6:59:01 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket -1628685069.

Error - 3/11/2013 11:07:22 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application CLVIEW.EXE, version 12.0.6606.1000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/11/2013 11:28:59 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:28:59 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:00 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2013 11:29:01 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm

Re: Computer is sending junk mail

Unread postby askey127 » March 12th, 2013, 2:40 pm

will52,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    [2013/01/22 07:27:21 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\searchplugins\askcom.xml
    FF - prefs.js..browser.search.order.1: "Ask.com"
    IE - HKU\S-1-5-21-1078081533-162531612-1417001333-1005\..\SearchScopes\{B7991FDC-21AE-4144-BECC-1E2B9687DD83}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q= {searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EDC3D37F-7A6D-4FE1-9C2F-23B9E6F1851B&apn_sauid=2DE87065-8711-4928-B0B3-1E9AD4670141
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby Will52 » March 12th, 2013, 3:25 pm

Ok, here is the log of the Fix.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\searchplugins\askcom.xml moved successfully.
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_USERS\S-1-5-21-1078081533-162531612-1417001333-1005\Software\Microsoft\Internet Explorer\SearchScopes\{B7991FDC-21AE-4144-BECC-1E2B9687DD83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7991FDC-21AE-4144-BECC-1E2B9687DD83}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bill\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bill\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Bill
->Java cache emptied: 1769418 bytes

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 101583 bytes

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Bill
->Flash cache emptied: 57021 bytes

User: Default User
->Flash cache emptied: 57033 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 10254 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Bill
->Temp folder emptied: 2986799929 bytes
->Temporary Internet Files folder emptied: 1645918 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64316607 bytes
->Google Chrome cache emptied: 24259149 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6678967 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2467786 bytes
->Temporary Internet Files folder emptied: 49046921 bytes

User: Owner
->Temp folder emptied: 129606652 bytes
->Temporary Internet Files folder emptied: 132043318 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67562162 bytes
->Google Chrome cache emptied: 6376702 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62097934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 113354830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4251215921 bytes

Total Files Cleaned = 7,534.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03122013_130238

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000001ACBEA5DC5CF24A02 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

And here is the log for the Quick Scan

OTL logfile created on: 3/12/2013 1:12:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 276.12 Mb Available Physical Memory | 27.02% Memory free
2.41 Gb Paging File | 1.63 Gb Available in Paging File | 67.58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.33 Gb Free Space | 84.31% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/12 10:57:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
PRC - [2013/03/11 21:16:29 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/12/16 11:06:56 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/05 17:07:24 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/08 23:21:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/02 07:48:49 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/04/22 06:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/09/14 18:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/07/25 20:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/09 04:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/11 21:15:58 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/09 04:28:12 | 000,073,728 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5\Symlib.dll
MOD - [2010/03/09 04:28:10 | 002,748,416 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5\libmysqld.dll
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (ACDaemon)
SRV - [2013/03/11 21:16:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 01:56:26 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/08 23:21:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/11 21:36:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26D85127-DD66-48A9-B08B-2A91061D271F}\MpKslbebb2ae3.sys -- (MpKslbebb2ae3)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/15 09:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 18 C5 C3 01 AA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Bill\Local Settings\Application Data\Citrix\Plugins\79\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/16 11:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/16 11:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/11 21:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/05 22:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2011/10/05 22:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions\home2@tomtom.com
[2013/01/22 07:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\extensions
[2012/09/21 16:27:22 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2011/05/18 16:56:07 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\c85fc5i1.default\searchplugins\safesearch.xml
[2013/03/11 21:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/19 19:42:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 08:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/03/10 08:59:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 09:00:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/10 08:59:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/03/11 21:16:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 07:35:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 19:43:32 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.211.15.210 74.211.15.211 74.211.89.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDBDD390-DF7E-4A9E-BFCE-52861A23F706}: DhcpNameServer = 74.211.15.210 74.211.15.211 74.211.89.201
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/25 03:05:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d6dcf8e-c447-11e0-9b8e-00111171438d}\Shell - "" = AutoRun
O33 - MountPoints2\{6d6dcf8e-c447-11e0-9b8e-00111171438d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d6dcf8e-c447-11e0-9b8e-00111171438d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{77f04954-8373-11e2-9bf6-00111171438d}\Shell - "" = AutoRun
O33 - MountPoints2\{77f04954-8373-11e2-9bf6-00111171438d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77f04954-8373-11e2-9bf6-00111171438d}\Shell\AutoRun\command - "" = F:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/12 13:02:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/12 10:57:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2013/03/11 21:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\RK_Quarantine
[2013/03/11 21:28:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/10 21:29:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Administrative Tools
[2013/03/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/05 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/05 13:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/05 13:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/04 22:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\WMTools Downloaded Files
[2013/03/04 17:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2013/03/04 17:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2013/03/04 17:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2013/02/21 13:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\My Music
[2013/02/19 19:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/03/12 13:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/12 13:07:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/12 13:07:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/12 13:05:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/12 13:05:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/12 13:05:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/12 13:05:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/12 13:05:03 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/12 12:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/12 12:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/12 10:57:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2013/03/12 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER-Owner.job
[2013/03/12 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER-Bill.job
[2013/03/12 01:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 977c006a-bc52-4d5b-ae67-d39e150577f8.job
[2013/03/11 23:21:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64ffc890-ee30-4d4e-899b-e51a3ec2509e.job
[2013/03/11 21:36:16 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\RogueKiller.exe
[2013/03/11 21:33:44 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 21:33:44 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 21:32:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a7e5e3ce-6c9e-4cae-b2ea-5bd52628bd12.job
[2013/03/11 21:18:25 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Norton_Removal_Tool.exe
[2013/03/11 05:17:58 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2013/03/10 09:57:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1005.job
[2013/03/09 18:17:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/09 09:35:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/09 09:35:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-162531612-1417001333-1003.job
[2013/03/07 19:41:35 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/07 09:06:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/05 13:52:27 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/04 23:09:19 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/04 17:05:22 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2013/02/17 22:34:46 | 000,227,524 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\dws logo.pdf
[2013/02/14 04:42:06 | 003,465,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 04:20:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/03/11 21:36:01 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\RogueKiller.exe
[2013/03/11 21:32:48 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a7e5e3ce-6c9e-4cae-b2ea-5bd52628bd12.job
[2013/03/11 21:32:46 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 977c006a-bc52-4d5b-ae67-d39e150577f8.job
[2013/03/11 21:32:45 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64ffc890-ee30-4d4e-899b-e51a3ec2509e.job
[2013/03/11 21:18:22 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Norton_Removal_Tool.exe
[2013/03/05 13:52:27 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/04 17:05:22 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2013/01/22 20:59:09 | 000,060,864 | ---- | C] () -- C:\Documents and Settings\Bill\g2mdlhlpx.exe
[2012/03/12 09:26:36 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Adobe BMP Format CS5 Prefs
[2012/02/14 13:13:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 13:43:08 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/04 20:57:58 | 000,027,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/11 18:13:34 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/10/11 18:13:25 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/11 18:13:23 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/08/15 17:53:19 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 17:13:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/17 03:25:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/05/21 15:35:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/05/21 15:35:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/05/21 15:35:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/05/21 15:35:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/05/21 15:35:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/05/21 15:35:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/05/21 15:35:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/05/21 15:35:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/05/21 15:35:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/05/21 15:35:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/05/21 15:35:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/05/21 15:35:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/05/21 15:35:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/05/21 15:35:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/05/21 15:35:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/05/21 15:35:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/05/21 15:33:46 | 000,000,034 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2011/05/01 08:20:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2011/05/01 08:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2011/05/01 08:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2011/04/29 22:07:55 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2011/04/27 07:45:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/26 20:44:52 | 000,000,205 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2011/04/26 20:44:52 | 000,000,107 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

========== ZeroAccess Check ==========

[2004/08/25 03:06:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/05 13:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/22 07:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/08/02 15:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2011/08/02 14:46:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/08/02 15:11:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/09/21 10:04:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/08/02 15:11:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/08/02 15:01:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/08/03 09:45:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/08/02 15:00:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/08/02 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/06/28 22:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/05/21 17:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/01/24 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/10/05 22:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/11/22 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/25 12:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon
[2011/08/02 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon Easy-WebPrint EX
[2012/05/24 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/21 13:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Costco Photo Organizer
[2013/01/24 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DriverCure
[2011/05/21 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Epson
[2013/02/06 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\MPEG Streamclip
[2012/09/02 07:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SanDisk
[2013/01/24 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SpeedyPC Software
[2011/10/25 21:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Tific
[2011/10/05 22:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom
[2011/11/15 07:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\YCanPDF

========== Purity Check ==========



< End of report >

TDS Killer found no threats after the scan.
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm

Re: Computer is sending junk mail

Unread postby askey127 » March 12th, 2013, 6:35 pm

Will52,
Take your time and tell me how the machine is running now.
OTL was able to remove over 7 Gb. of temp and junk files.
That's enough to slow down a Ferrari.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby Will52 » March 12th, 2013, 7:15 pm

I can notice a difference. It is a little bit faster, but not as fast as I was anticipating. It is probably in part due to the fact that I have a newer laptop that runs fast and this computer is a few years older. I have become accustomed to the faster laptop. Web pages load faster now and whatever program is running, runs smoothly. It is still slow to launch programs sometimes and when I close/minimize a program it will slowly wipe away from the screen. My home screen appears at the top, and in chunks, wipes away the program. I read the post on here detailing how to speed up a computer. Would those tips help now? Or did everything we do exceed those steps such as defrag, etc. Again, it has improved, but I think it could be better. When it was new it wasn't so clunky. Also, I have an anti-virus software that I downloaded when my email was sending junk email. It stopped the junk mail, but didn't improve my computers performance. Could that slow my machine down? If so, could I delete it without fear of the junk mail coming back? What would you recommend as far as anti virus software.
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm

Re: Computer is sending junk mail

Unread postby askey127 » March 13th, 2013, 4:14 pm

Will52,
You need to keep Microsoft Security Essentials.
If you were to remove it and not replace it, your machine would become infected in no time.
Let's make it as fast as we are able.
You don't need updaters starting automatically with each Bootup.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
TFC removes junk files from your machine.
It usually requires a reboot when it finishes, but you don't need to run it every day.
Since OTL just cleaned your machine, you won't need to run it now.
Just keep TFC on your desktop, and run it every week or so.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby Will52 » March 14th, 2013, 3:13 am

I know that I need to have an antivirus software but is Microsoft Security Essentials a good one? Also, there is another one that auto starts called Super Anti Spyware. Having 2 is unnecessary, correct? So should I keep both? If not, which one should I keep, or what is a good one to download if both are not that great.

OTL Results:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
C:\Program Files\Real\RealPlayer\Update\realsched.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SansaDispatch deleted successfully.
C:\Documents and Settings\Bill\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bill\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bill\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bill
->Temp folder emptied: 588884 bytes
->Temporary Internet Files folder emptied: 47882 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4869716 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 10858 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 6521 bytes
->Temporary Internet Files folder emptied: 36908 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1697361 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2505782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 137330268 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03142013_005752

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000001EA788AAAA107FBA6 not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\CR_E739A.tmp\setup.exe moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\83.tmp not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\85.tmp not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\chrome_installer.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

CK Results

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.KDNALJ
----- EOF -----
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm

Re: Computer is sending junk mail

Unread postby askey127 » March 14th, 2013, 6:32 am

SuperAntiSpyware is, as the name suggests, an antispyware program.
It's OK to have that program in conjunction with an antivirus program.
Microsoft Security Essentials is a competent antivirus that isn't very intrusive, and should work well for you.

You should have a maximum of one antivirus and one antispyware program on the machine.
Some confusion arises due to programs that include both in one package.
The combination you have now should be just fine.

Since this is an older machine, I would also defragment the hard drive occasionally.
The Disk Defragmenter is available this way if you aren't familiar with it.
Start > All Programs > Accessories > System Tools > Disk Defragmenter
When the defragmenter comes up, highlight the C: drive and click on Defragment, not Analyze.
It will tell you when it's done.
The process may take a while (you can watch it), but will help a bit to improve the speed.

I think the machine looks OK to me.
You should be good to go if it's working well, or feel free to ask any additional questions.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer is sending junk mail

Unread postby Will52 » March 14th, 2013, 2:09 pm

Ok great. I will keep both of those programs then. It is running much faster though. I appreciate the help. I plan to follow the steps on this website to speed up a computer even more like defrag etc. I think most of the slowness is due to being an old machine. It is much better now. Thank you for the help! I can't tell you how great this website is. Thanks again.
Will52
Active Member
 
Posts: 8
Joined: March 10th, 2013, 11:26 pm

Re: Computer is sending junk mail

Unread postby askey127 » March 14th, 2013, 4:34 pm

Will52,
That's good to hear.
You can clean up and remove the tools we used if you start OTL and click the Clean Up button.

When you get time, I would suggest to open Microsoft Security Essentials and run a Full Scan.
It does take a while (maybe an hour or a bit more).
That will help to ensure that no additional infected files are anywhere on the machine.

Good luck!

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware