Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hotmail sending spam,pc also directing to unwanted pages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 14th, 2010, 3:31 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
AVSDK5
Belkin Wireless G Notebook Card Software
Critical Update for Windows Media Player 11 (KB959772)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows Movie Maker (KB892312)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Integrated Wireless LAN W400-W500 Driver
iolo technologies' System Mechanic
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
O&O Defrag Professional Edition
OGA Notifier 2.0.0048.0
PaperPort
PL-2303 USB-to-Serial
PowerDVD
Quick Launch Buttons 5.10 B5
RealPlayer
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sony MHS Camera Driver
Sony Picture Utility
Spyware Doctor 7.0
System Shield
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yontoo Layers Client 1.10.01


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:21:37 PM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iolo\System Shield\ioloSSTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/html - {34a52463-cc14-4fc0-89d0-4bbffcee75db} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 9458 bytes


Hope I done this right. I bought this laptop used from my brother, and I think it has a virus. I had norton,but it said it didnt find anything, I bought system mechanic, it says it hasnt found anything, but it runs really slow, crashes, takes me to unwanted pages when using the internet, and is sending out spam mail from my email accounts. If someone could tell me what to do I sure would appreciate it. Thanks
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top
Advertisement
Register to Remove

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby MWR 3 day Mod » July 18th, 2010, 1:46 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby Cypher » July 18th, 2010, 12:50 pm

Hi and welcome to Malware Removal Forum, i apologize for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy



Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
    O18 - Filter hijack: text/html - {34a52463-cc14-4fc0-89d0-4bbffcee75db} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next,

Security Check

  • Download Security Check by screen317 from:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be big you may need post it in separate replies.



Logs/Information to Post in your Next Reply

  • checkup.txt log.
  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 18th, 2010, 3:17 pm

this is what I got from the black box of the security check app.



``Preparing Done!``
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 18th, 2010, 3:19 pm

Info.txt one

nfo.txt logfile of random's system information tool 1.08 2010-07-18 15:17:37

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{10DF3D60-C70B-47E4-AAF2-8764BF494E71}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7867771E-558D-4B2B-AA41-447766CE0CFE}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems AC'97 Modem-->agrsmdel
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AVSDK5-->MsiExec.exe /X{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}
Belkin Wireless G Notebook Card Software-->C:\Program Files\InstallShield Installation Information\{4E64920B-C80B-4B1C-9DF1-FBCB68029629}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows Movie Maker (KB892312)-->"C:\WINDOWS\$NtUninstallKB892312$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Integrated Wireless LAN W400-W500 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}\setup.exe" -l0x9
iolo technologies' System Mechanic-->"C:\Program Files\iolo\System Mechanic\unins000.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quick Launch Buttons 5.10 B5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sony MHS Camera Driver-->C:\PROGRA~1\SONYDI~1\UNWISE.EXE C:\PROGRA~1\SONYDI~1\INSTALL.LOG
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
System Shield-->"C:\Program Files\iolo\System Shield\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yontoo Layers Client 1.10.01-->C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /remove /q0

Securitycenter WMI appears to be broken

======System event log======

Computer Name: BRINE-LAPTOP
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 30
Source Name: Ftdisk
Time Written: 20100705054356.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Record Number: 25
Source Name: Service Control Manager
Time Written: 20100705054110.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 7000
Message: The ASCTRM service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 9
Source Name: Service Control Manager
Time Written: 20100704213707.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 5
Source Name: Ftdisk
Time Written: 20100704213605.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 4
Source Name: Ftdisk
Time Written: 20100704213605.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: BRINE-LAPTOP
Event Code: 1517
Message: Windows saved user BRINE-LAPTOP\BRINE LLOYD registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9056
Source Name: Userenv
Time Written: 20090617200105.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BRINE-LAPTOP
Event Code: 1000
Message: Faulting application hpqtra08.exe, version 100.0.170.0, faulting module hpqcpta.dll, version 10.0.0.202, fault address 0x000046a9.

Record Number: 9055
Source Name: Application Error
Time Written: 20090617184745.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 9049
Source Name: SecurityCenter
Time Written: 20090616213036.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 9042
Source Name: SecurityCenter
Time Written: 20090616175847.000000-240
Event Type: error
User:

Computer Name: BRINE-LAPTOP
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 9035
Source Name: SecurityCenter
Time Written: 20090616101415.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 8 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0802
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 18th, 2010, 3:20 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by BRINE LLOYD at 2010-07-18 15:16:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (64%) free of 57 GB
Total RAM: 511 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:17:23 PM, on 7/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iolo\System Shield\ioloSSTray.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\BRINE LLOYD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/html - {34a52463-cc14-4fc0-89d0-4bbffcee75db} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 8882 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1500820517-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1500820517-682003330-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70CDA08E-7BAC-40F0-9054-FF23F79D19D2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-10 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-26 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-08 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-23 5537792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-10 202256]
"SystemGuardAlerter"=C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe [2010-07-06 522928]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LxrAutorun"=C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [2006-11-09 24576]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Temp\MigWizL0\migwiz.exe"="C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Temp\MigWizL0\migwiz.exe:*:Enabled:Windows Easy Transfer"
"C:\Program Files\iolo\System Shield\SysShield.exe"="C:\Program Files\iolo\System Shield\SysShield.exe:*:Enabled:iolo System Shield®"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2010-07-18 15:16:47 ----D---- C:\rsit
2010-07-15 17:48:57 ----A---- C:\WINDOWS\system32\smrgdf.txt
2010-07-15 09:39:10 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-07-15 09:39:10 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-07-15 09:39:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-07-15 09:39:05 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-07-15 09:39:02 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-07-15 09:39:01 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-07-15 09:39:00 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-07-15 09:37:52 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-07-15 09:36:32 ----D---- C:\Program Files\Alwil Software
2010-07-15 09:36:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
2010-07-14 17:53:13 ----A---- C:\WINDOWS\system32\iolo.ini
2010-07-14 13:39:58 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\Malwarebytes
2010-07-14 13:39:27 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-14 13:39:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-14 13:39:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-14 13:39:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-12 22:09:44 ----A---- C:\EventLOG.txt
2010-07-12 19:34:34 ----A---- C:\WINDOWS\SysMech.INI
2010-07-12 14:32:56 ----A---- C:\WINDOWS\system32\iolo.ini.txt
2010-07-12 14:26:45 ----D---- C:\Program Files\Common Files\Authentium
2010-07-12 14:26:16 ----A---- C:\WINDOWS\system32\iavlsp.dll
2010-07-12 14:16:44 ----A---- C:\WINDOWS\system32\Incinerator.dll
2010-07-12 14:16:44 ----A---- C:\WINDOWS\system32\IncContxMenu.dll
2010-07-12 14:16:39 ----A---- C:\WINDOWS\system32\smrgdf.exe
2010-07-12 14:16:39 ----A---- C:\WINDOWS\system32\iolobtdfg.exe
2010-07-12 14:16:36 ----D---- C:\Program Files\iolo
2010-07-12 14:07:39 ----A---- C:\WINDOWS\system32\mfc45.dll
2010-07-12 14:06:14 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\iolo
2010-07-12 14:06:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2010-07-03 06:30:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSettings
2010-06-26 07:32:52 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-06-26 07:23:53 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-26 07:23:53 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-26 07:23:52 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-26 07:23:52 ----A---- C:\WINDOWS\system32\java.exe
2010-06-26 06:59:07 ----D---- C:\Program Files\Mozilla Firefox
2010-06-25 09:44:10 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\Tific
2010-06-23 19:42:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-12 09:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-12 09:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-12 09:32:22 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\PriceGong
2010-06-11 07:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 06:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 06:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 06:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 09:30:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-06-10 09:29:33 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-06-10 09:29:33 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-06-10 09:28:35 ----D---- C:\Program Files\Common Files\xing shared
2010-06-10 09:25:49 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-05-28 16:49:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2010-05-26 16:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-13 17:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 3 months======

2010-07-18 15:17:23 ----D---- C:\Program Files\Trend Micro
2010-07-18 15:16:46 ----D---- C:\WINDOWS\Prefetch
2010-07-18 15:14:59 ----D---- C:\WINDOWS\Temp
2010-07-18 15:04:37 ----SD---- C:\WINDOWS\Tasks
2010-07-18 15:01:02 ----D---- C:\WINDOWS\system32\drivers
2010-07-18 14:57:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-18 11:50:39 ----D---- C:\WINDOWS\system32
2010-07-17 09:46:43 ----RD---- C:\Program Files
2010-07-15 09:38:40 ----SHD---- C:\WINDOWS\Installer
2010-07-15 09:38:40 ----HD---- C:\Config.Msi
2010-07-15 09:38:38 ----D---- C:\WINDOWS\WinSxS
2010-07-15 09:37:56 ----D---- C:\WINDOWS
2010-07-14 17:49:32 ----D---- C:\WINDOWS\system32\config
2010-07-14 17:45:55 ----HDC---- C:\WINDOWS\$NtUninstallQ814995$
2010-07-12 22:15:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-12 19:34:30 ----D---- C:\WINDOWS\Debug
2010-07-12 19:34:30 ----D---- C:\Program Files\Microsoft Works
2010-07-12 19:34:30 ----D---- C:\Program Files\FaxTools
2010-07-12 19:34:30 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\LimeWire
2010-07-12 19:34:30 ----D---- C:\Documents and Settings
2010-07-12 19:34:29 ----D---- C:\Program Files\Spyware Doctor
2010-07-12 19:34:28 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-07-12 19:34:27 ----D---- C:\Program Files\Internet Explorer
2010-07-12 14:43:44 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-12 14:26:45 ----D---- C:\Program Files\Common Files
2010-07-12 14:20:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2010-07-12 14:19:54 ----SHD---- C:\System Volume Information
2010-07-12 14:12:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-12 14:11:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-03 06:30:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2010-06-26 18:09:56 ----HD---- C:\WINDOWS\inf
2010-06-26 07:32:33 ----D---- C:\Program Files\Common Files\Java
2010-06-26 07:22:51 ----D---- C:\Program Files\Java
2010-06-24 07:12:03 ----D---- C:\WINDOWS\system32\wbem
2010-06-24 07:12:02 ----D---- C:\WINDOWS\Registration
2010-06-12 10:29:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-06-12 09:54:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-12 09:53:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 14:22:13 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-11 14:21:54 ----RSD---- C:\WINDOWS\assembly
2010-06-11 07:06:30 ----D---- C:\WINDOWS\ie8updates
2010-06-11 06:42:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 09:47:05 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2010-06-10 09:46:30 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\Real
2010-06-10 09:30:43 ----D---- C:\Program Files\Common Files\Real
2010-06-10 09:29:28 ----D---- C:\Program Files\Real
2010-06-10 09:25:50 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-06-10 09:25:50 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-06-08 16:32:37 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-04 10:20:01 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-05-28 15:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-13 17:26:30 ----D---- C:\Program Files\Outlook Express
2010-05-12 18:53:47 ----D---- C:\WINDOWS\network diagnostic
2010-05-06 06:41:53 ----A---- C:\WINDOWS\system32\wininet.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\occache.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\mstime.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-05-06 06:41:51 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-05-06 06:41:51 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-05-06 06:41:51 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-05-06 06:41:50 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-05-06 06:41:50 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-05-06 06:41:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-05-06 06:41:48 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-05-05 09:30:57 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-04-21 09:28:50 -------- C:\WINDOWS\system32\tzchange.exe
2010-04-20 01:30:08 ----A---- C:\WINDOWS\system32\atmfd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-11-09 207792]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-07-04 44944]
R0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys [2009-11-12 51984]
R0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys [2009-11-12 59664]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-07-04 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-07-04 9200]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2005-06-14 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-09 21035]
R2 AMP;AMP; C:\WINDOWS\system32\DRIVERS\amp.sys [2010-01-19 127016]
R2 AMPSE;AMPSE; C:\WINDOWS\system32\DRIVERS\ampse.sys [2010-01-19 1118248]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-07-24 62336]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-03-19 1205292]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-08 94601]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-23 3444128]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys []
S3 5b1007c055f55503;5b1007c055f55503; \??\C:\5b1007c055f55503.dat []
S3 84d9a62029aef52f;84d9a62029aef52f; \??\C:\84d9a62029aef52f.dat []
S3 afae06c8bff91bbb;afae06c8bff91bbb; \??\C:\afae06c8bff91bbb.dat []
S3 Belkin701F;Belkin Wireless G Notebook Card Service v7; C:\WINDOWS\system32\DRIVERS\BLKWGNv7.sys [2006-10-19 303616]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe [2010-07-06 359600]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2006-01-09 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-23 127042]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2006-06-02 339456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-09-17 167936]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 vseamps;vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-19 121384]
R2 vsedsps;vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-19 117288]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-18 98304]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S3 vseqrts;vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-19 158248]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-26 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby Cypher » July 18th, 2010, 3:50 pm

Hi.
Were you able to run RKUnHooker?
If so post the log from that scan.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 18th, 2010, 4:19 pm

its still scanning, I will post as soon as it gets done. sorry. thanks for taking the time to help me by the way.
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 18th, 2010, 5:13 pm

It still says its scanning. do you think its froze? Its on the Files tab scanning. It has the option to cancel it, do I need to cancel it and restart it?
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby Cypher » July 19th, 2010, 4:48 am

Hi.
wendystamper wrote:thanks for taking the time to help me by the way.

You're welcome.
Can you give me an update did the scan finish? if not just cancel it.
Question does you're installed version of Spyware Doctor 7.0 include Antivirus?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 19th, 2010, 6:43 am

It had finished while I was asleep. and when I got up, and checked it, I hit the report tab, and seen it said hit scan for report, so I did, and it started all over. I am doing it again now, its been going since about 3 am and its 638 here right now. I got the spam emails to stop. Changed my password to hotmail. The computer is still having unwanted pages come up when I am online, and when I go to a search engine to hunt up anything, after the results of the search come up,if I click on a link, it takes me to a completely different site than the one that was listed, but if I copy paste the link I can go to it. It started acting this way after I played family fued on facebook, but after running the virus scan that my brother had put on the computer, I saw that it was the same virus that he had tried to get rid of before he sold it to me. I have tried Spyware doctor, norton, system machanic, and avast.. nothing has gotten it to run correctly. I am sorry I messed that last scan up, I will post the results of this one as soon as it stops.
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby Cypher » July 19th, 2010, 7:03 am

Hi wendystamper
Sorry to hear you're having problems with the RKUnHooker san, please cancel it for now we can come back to it later if we need to.
Continue with the instructions below then give me an update on you're PC's performance.



Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
5b1007c055f55503
84d9a62029aef52f
fae06c8bff91bbb

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"=-

:Files
C:\5b1007c055f55503.dat
C:\84d9a62029aef52f.dat
C:\afae06c8bff91bbb.dat
C:\Program Files\LimeWire
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\LimeWire
C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

:Commands
[emptytemp]
[start explorer]
[Reboot]

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: Run this fix once and once only.
  • Double click TDSSKiller.exe to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.



Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 19th, 2010, 7:42 am

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named 5b1007c055f55503 was found to stop!
Service\Driver key 5b1007c055f55503 not found.
Error: No service named 84d9a62029aef52f was found to stop!
Service\Driver key 84d9a62029aef52f not found.
Error: No service named fae06c8bff91bbb was found to stop!
Service\Driver key fae06c8bff91bbb not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe not found.
========== FILES ==========
File/Folder C:\5b1007c055f55503.dat not found.
File/Folder C:\84d9a62029aef52f.dat not found.
File/Folder C:\afae06c8bff91bbb.dat not found.
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\LimeWire not found.
File/Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BRINE-LAPTOP
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: BRINE LLOYD.BRINE-LAPTOP
->Temp folder emptied: 53248 bytes
->Temporary Internet Files folder emptied: 3565932 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1091 bytes

User: Default User.WINDOWS
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1190230 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 07192010_073209

Files moved on Reboot...
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\OAHNCUZ7\viewtopic[1].htm moved successfully.
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 19th, 2010, 7:45 am

Logfile of random's system information tool 1.08 (written by random/random)
Run by BRINE LLOYD at 2010-07-19 07:43:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (64%) free of 57 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:23 AM, on 7/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iolo\System Shield\ioloSSTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\BRINE LLOYD.exe
C:\Program Files\Alwil Software\Avast5\defs\10071801\Sf.bin

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/html - {34a52463-cc14-4fc0-89d0-4bbffcee75db} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 8942 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1500820517-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1500820517-682003330-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70CDA08E-7BAC-40F0-9054-FF23F79D19D2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-10 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-26 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-08 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-23 5537792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-10 202256]
"SystemGuardAlerter"=C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe [2010-07-06 522928]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LxrAutorun"=C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [2006-11-09 24576]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Temp\MigWizL0\migwiz.exe"="C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Local Settings\Temp\MigWizL0\migwiz.exe:*:Enabled:Windows Easy Transfer"
"C:\Program Files\iolo\System Shield\SysShield.exe"="C:\Program Files\iolo\System Shield\SysShield.exe:*:Enabled:iolo System Shield®"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top

Re: Hotmail sending spam,pc also directing to unwanted pages

Unread postby wendystamper » July 19th, 2010, 7:46 am

======List of files/folders created in the last 1 months======

2010-07-19 07:12:36 ----D---- C:\_OTM
2010-07-19 07:11:02 ----D---- C:\WINDOWS\ERDNT
2010-07-19 07:08:48 ----D---- C:\Program Files\ERUNT
2010-07-18 15:16:47 ----D---- C:\rsit
2010-07-15 17:48:57 ----A---- C:\WINDOWS\system32\smrgdf.txt
2010-07-15 09:39:10 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-07-15 09:39:10 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-07-15 09:39:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-07-15 09:39:05 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-07-15 09:39:02 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-07-15 09:39:01 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-07-15 09:39:00 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-07-15 09:37:52 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-07-15 09:36:32 ----D---- C:\Program Files\Alwil Software
2010-07-15 09:36:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
2010-07-14 17:53:13 ----A---- C:\WINDOWS\system32\iolo.ini
2010-07-14 13:39:58 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\Malwarebytes
2010-07-14 13:39:27 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-14 13:39:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-14 13:39:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-14 13:39:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-12 22:09:44 ----A---- C:\EventLOG.txt
2010-07-12 19:34:34 ----A---- C:\WINDOWS\SysMech.INI
2010-07-12 14:32:56 ----A---- C:\WINDOWS\system32\iolo.ini.txt
2010-07-12 14:26:45 ----D---- C:\Program Files\Common Files\Authentium
2010-07-12 14:26:16 ----A---- C:\WINDOWS\system32\iavlsp.dll
2010-07-12 14:16:44 ----A---- C:\WINDOWS\system32\Incinerator.dll
2010-07-12 14:16:44 ----A---- C:\WINDOWS\system32\IncContxMenu.dll
2010-07-12 14:16:39 ----A---- C:\WINDOWS\system32\smrgdf.exe
2010-07-12 14:16:39 ----A---- C:\WINDOWS\system32\iolobtdfg.exe
2010-07-12 14:16:36 ----D---- C:\Program Files\iolo
2010-07-12 14:07:39 ----A---- C:\WINDOWS\system32\mfc45.dll
2010-07-12 14:06:14 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\iolo
2010-07-12 14:06:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2010-07-03 06:30:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSettings
2010-06-26 07:32:52 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-06-26 07:23:53 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-26 07:23:53 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-26 07:23:52 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-26 07:23:52 ----A---- C:\WINDOWS\system32\java.exe
2010-06-26 06:59:07 ----D---- C:\Program Files\Mozilla Firefox
2010-06-25 09:44:10 ----D---- C:\Documents and Settings\BRINE LLOYD.BRINE-LAPTOP\Application Data\Tific
2010-06-23 19:42:02 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-07-19 07:43:53 ----D---- C:\Program Files\Trend Micro
2010-07-19 07:41:51 ----D---- C:\WINDOWS\Temp
2010-07-19 07:39:47 ----D---- C:\WINDOWS\Prefetch
2010-07-19 07:35:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-19 07:33:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-19 07:30:01 ----SD---- C:\WINDOWS\Tasks
2010-07-19 07:21:45 ----D---- C:\WINDOWS
2010-07-19 07:08:48 ----RD---- C:\Program Files
2010-07-19 07:06:33 ----D---- C:\WINDOWS\system32
2010-07-15 09:38:40 ----SHD---- C:\WINDOWS\Installer
2010-07-15 09:38:40 ----HD---- C:\Config.Msi
2010-07-15 09:38:38 ----D---- C:\WINDOWS\WinSxS
2010-07-14 17:49:32 ----D---- C:\WINDOWS\system32\config
2010-07-14 17:45:55 ----HDC---- C:\WINDOWS\$NtUninstallQ814995$
2010-07-12 22:15:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-12 19:34:30 ----D---- C:\WINDOWS\Debug
2010-07-12 19:34:30 ----D---- C:\Program Files\Microsoft Works
2010-07-12 19:34:30 ----D---- C:\Program Files\FaxTools
2010-07-12 19:34:30 ----D---- C:\Documents and Settings
2010-07-12 19:34:29 ----D---- C:\Program Files\Spyware Doctor
2010-07-12 19:34:27 ----D---- C:\Program Files\Internet Explorer
2010-07-12 14:43:44 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-12 14:26:45 ----D---- C:\Program Files\Common Files
2010-07-12 14:20:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2010-07-12 14:19:54 ----SHD---- C:\System Volume Information
2010-07-12 14:12:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-12 14:11:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-03 06:30:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2010-06-26 18:09:56 ----HD---- C:\WINDOWS\inf
2010-06-26 07:32:33 ----D---- C:\Program Files\Common Files\Java
2010-06-26 07:22:51 ----D---- C:\Program Files\Java
2010-06-24 07:12:03 ----D---- C:\WINDOWS\system32\wbem
2010-06-24 07:12:02 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-11-09 207792]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-07-04 44944]
R0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys [2009-11-12 51984]
R0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys [2009-11-12 59664]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-07-04 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-07-04 9200]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2005-06-14 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-09 21035]
R2 AMP;AMP; C:\WINDOWS\system32\DRIVERS\amp.sys [2010-01-19 127016]
R2 AMPSE;AMPSE; C:\WINDOWS\system32\DRIVERS\ampse.sys [2010-01-19 1118248]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-07-24 62336]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-03-19 1205292]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-08 94601]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-23 3444128]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys []
S3 afae06c8bff91bbb;afae06c8bff91bbb; \??\C:\afae06c8bff91bbb.dat []
S3 Belkin701F;Belkin Wireless G Notebook Card Service v7; C:\WINDOWS\system32\DRIVERS\BLKWGNv7.sys [2006-10-19 303616]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe [2010-07-06 359600]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2006-01-09 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-23 127042]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2006-06-02 339456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-09-17 167936]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 vseamps;vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-19 121384]
R2 vsedsps;vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-19 117288]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-18 98304]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S3 vseqrts;vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-19 158248]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-26 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
wendystamper
Regular Member
 
Posts: 50
Joined: July 14th, 2010, 1:34 pm
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 104 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index