Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

outlook express hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

outlook express hijacked

Unread postby mcgrant » January 3rd, 2011, 2:35 am

I'm really happy somebody is willing to look at this!

Outlook Express sends messages up to 150 times. Error message: 'Some errors occurred while processing the requested tasks. Please review the list of errors below for more details.' However, the field below is empty. At the bottom, it says '0 of 1 tasks have completed succesfully.' Recipients of mails from me which only contained 2 lines of text (and NO attachment) report that every time, an attachment of 7.6 MB is sent. They did not open it.
The 'Sent' box in Outlook Express is empty since I have this infestation. Hundreds of mails lost. Currently, when mail is sent, it does not go into the 'Sent' box. It remains empty.

I was not aware I need SP3 for XP. I will install it as soon as the malware is gone.

This is my HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:54 PM, on 1/2/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live Favorites\wlfsync.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BVRT2K30\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\Windows Live Toolbar\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe -ui none
O4 - HKCU\..\Run: [Ram Booster] "C:\Program Files\SimonTools\XP-Tuner 2006\RamBooster.exe" -TRAY
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widge ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QDBTDNAXKCSTB - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\QDBTDNAXKCSTB.exe (file missing)
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12523 bytes

Uninstall:

Aangifte Buitenland 2007
Aangifte voor buitenlandse belastingplichtigen 2008
Aangifte voor buitenlandse belastingplichtigen 2009
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player
Agere Systems PCI Soft Modem
ALi RAID Driver
ALi USB2.0 Driver
AOL (Choose which version to remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
AVG 9.0
Blackhawk Striker from Compaq (remove only)
Bonjour
Canon CanoScan Toolbox 4.5
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon My Printer
Canon Solution Menu EX
Compaq Connections
Compaq Instant Support
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Drive Manager
Drive Manager
EasyResize
File Uploader
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
hp LaserJet 1010 Series
HP Update
Intel A/V Codecs V2.0
Intel(R) Extreme Graphics Driver
InterVideo WinDVD Player
iTunes
MAGIX Music Cleaning Lab 2008 deluxe 9.0.0.0 (NL)
MAGIX music studio 2003 deLuxe
MAGIX PC Visit
Manual CanoScan 3200,3200F
Map Button (Windows Live Toolbar)
Media Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Editie 2003
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Mufin MusicFinder Base 1.0.1.252 (NL)
MusicMatch Jukebox
MyDVD
Nikon Message Center
Nikon Transfer
Olympus DSS Player 3.1 (UK)
OneCare Advisor (Windows Live Toolbar)
PACE System Files
Picture Control Utility
Popup Blocker (Windows Live Toolbar)
ProtectDisc Helper Driver 10
PS2
QuickTime
ReaConverter 5.5 Pro
RealPlayer Basic
Samplitude Music Studio 2008 14.0.0.0 (NL)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Smart Menus (Windows Live Toolbar)
Tel-Ray Variable Delay
Text To PDF v2.1.0
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Toolbox
USB-IrDA Adapter
VIA DMI
ViewNX
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WAV to MP3 Encoder
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
mcgrant
Active Member
 
Posts: 3
Joined: January 3rd, 2011, 1:54 am
Advertisement
Register to Remove

Re: outlook express hijacked

Unread postby askey127 » January 4th, 2011, 8:08 am

Hi mcgrant,
Whatever infection(s) you have are undoubtedly due to having an unpatched WinXP (SP2).
It is not clear yet whether the system can be rescued without reformatting and re-installing Windows.

We will be removing AVG (obsolete version) and replacing it. We will also remove Ad-Aware and remnants of Spyware Doctor.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

AVG 9.0
Ad-Aware

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Install Antivir
Double Click the Avira Antivir Installer on your desktop, and Install the program.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more. Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: outlook express hijacked

Unread postby mcgrant » January 5th, 2011, 7:30 am

Whoever you are: thank you! I appreciate your help.
Here's the report. I will install SP3 if the system can be rescued.


Avira AntiVir Personal
Report file date: Tuesday, January 04, 2011 22:08

Scanning for 2327093 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-2S4KN5K0H3

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 06:03:34
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 06:03:34
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 06:03:35
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 06:03:35
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 06:03:35
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 06:03:36
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 06:03:36
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 06:03:36
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 06:03:36
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 06:03:36
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 06:03:37
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 06:03:37
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 06:03:39
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 06:03:41
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 06:03:43
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 06:03:44
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 06:03:46
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 06:03:47
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 06:03:49
VBASE020.VDF : 7.11.1.6 2048 Bytes 1/3/2011 06:03:49
VBASE021.VDF : 7.11.1.7 2048 Bytes 1/3/2011 06:03:49
VBASE022.VDF : 7.11.1.8 2048 Bytes 1/3/2011 06:03:50
VBASE023.VDF : 7.11.1.9 2048 Bytes 1/3/2011 06:03:50
VBASE024.VDF : 7.11.1.10 2048 Bytes 1/3/2011 06:03:50
VBASE025.VDF : 7.11.1.11 2048 Bytes 1/3/2011 06:03:50
VBASE026.VDF : 7.11.1.12 2048 Bytes 1/3/2011 06:03:51
VBASE027.VDF : 7.11.1.13 2048 Bytes 1/3/2011 06:03:51
VBASE028.VDF : 7.11.1.14 2048 Bytes 1/3/2011 06:03:51
VBASE029.VDF : 7.11.1.15 2048 Bytes 1/3/2011 06:03:51
VBASE030.VDF : 7.11.1.16 2048 Bytes 1/3/2011 06:03:52
VBASE031.VDF : 7.11.1.25 81920 Bytes 1/4/2011 06:03:53
Engineversion : 8.2.4.134
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51
AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 1/5/2011 06:04:07
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/5/2011 06:04:05
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 16:39:49
AEHEUR.DLL : 8.1.2.60 3158392 Bytes 1/5/2011 06:04:03
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 16:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 16:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 16:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, K:, L:, M:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, January 04, 2011 22:08

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'cidaemon.exe' - '50' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '64' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'avgnt.exe' - '47' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'ArcCon.ac' - '70' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '42' Module(s) have been scanned
Scan process 'ACService.exe' - '22' Module(s) have been scanned
Scan process 'wuauclt.exe' - '38' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '31' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'snmp.exe' - '46' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '38' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '19' Module(s) have been scanned
Scan process 'MDM.EXE' - '23' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '21' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '36' Module(s) have been scanned
Scan process 'IJPLMSVC.EXE' - '18' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '56' Module(s) have been scanned
Scan process 'cisvc.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'NkMonitor.exe' - '28' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned
Scan process 'javaw.exe' - '31' Module(s) have been scanned
Scan process 'CNSEMAIN.EXE' - '43' Module(s) have been scanned
Scan process 'BJMyPrt.exe' - '22' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '70' Module(s) have been scanned
Scan process 'QTTask.exe' - '20' Module(s) have been scanned
Scan process 'MaxMenuMgrBasics.exe' - '24' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '19' Module(s) have been scanned
Scan process 'type32.exe' - '36' Module(s) have been scanned
Scan process 'SyncServicesBasics.exe' - '28' Module(s) have been scanned
Scan process 'RealPlay.exe' - '48' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '32' Module(s) have been scanned
Scan process 'igfxtray.exe' - '31' Module(s) have been scanned
Scan process 'ComboButton.exe' - '25' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '15' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'Explorer.EXE' - '107' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '172' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '45' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '17' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!
Master boot sector HD7
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Boot sector 'M:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1114' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'K:\' <Maxtor>
Begin scan in 'L:\' <USB HDD>
L:\WINDOWS\Downloaded Installations\Data.Cab
[0] Archive type: CAB (Microsoft)
[DETECTION] Is the TR/Downloader.Gen Trojan
--> F1895_idtt.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
L:\Program Files\Messenger Plus! 2\Setup.dat
[0] Archive type: RSRC
[DETECTION] Is the TR/Agent.139264.R Trojan
--> Object
[1] Archive type: ZIP
--> MsgPlus.exe
[DETECTION] Is the TR/Agent.139264.R Trojan
--> Object
[1] Archive type: ZIP
--> sponsor.exe
[DETECTION] Is the TR/Dldr.Swizzor.AG.1 Trojan
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218899.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218900.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218901.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218903.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
Begin scan in 'M:\' <FreeAgent Drive>

Beginning disinfection:
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218903.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '470ff092.qua'.
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218901.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f98df36.qua'.
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218900.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0dc785de.qua'.
L:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP2184\A0218899.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6bf0ca1c.qua'.
L:\Program Files\Messenger Plus! 2\Setup.dat
[DETECTION] Is the TR/Dldr.Swizzor.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ebae71f.qua'.
L:\WINDOWS\Downloaded Installations\Data.Cab
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '51a1d57c.qua'.


End of the scan: Wednesday, January 05, 2011 03:19
Used time: 2:46:56 Hour(s)

The scan has been done completely.

18066 Scanned directories
638448 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
638441 Files not concerned
20473 Archives were scanned
0 Warnings
6 Notes
597527 Objects were scanned with rootkit scan
1 Hidden objects were found
mcgrant
Active Member
 
Posts: 3
Joined: January 3rd, 2011, 1:54 am

Re: outlook express hijacked

Unread postby askey127 » January 5th, 2011, 8:29 am

mcgrant,
The infection you have comes from installing Messenger Plus and allowing the "sponsor" program.
The infection is called "Swizzor" or "LOP".
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to all your Internet activities, you should assume that any data on it may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
Don't use the infected machine to make the changes.
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it.
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text from the code box below and paste it into the Custom Scans/Fixes box. Do not copy the word "Code:"
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Make sure the "LOP Check" box is checked.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: outlook express hijacked

Unread postby mcgrant » January 7th, 2011, 4:22 am

Thank you. Here's what it did:
OTL logfile created on: 1/6/2011 11:25:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 597.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.47 Gb Total Space | 34.01 Gb Free Space | 48.26% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.36 Gb Free Space | 8.88% Space Free | Partition Type: FAT32
Drive K: | 149.05 Gb Total Space | 28.92 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive L: | 57.23 Gb Total Space | 4.69 Gb Free Space | 8.20% Space Free | Partition Type: FAT32
Drive M: | 232.88 Gb Total Space | 139.35 Gb Free Space | 59.83% Space Free | Partition Type: NTFS

Computer Name: YOUR-2S4KN5K0H3 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/06 23:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/04/05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/22 20:42:45 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/01/08 06:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2007/10/19 11:20:46 | 000,344,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live Favorites\wlfsync.exe
PRC - [2007/10/09 15:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 15:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/29 16:14:11 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2003/06/04 17:56:06 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/07/15 18:23:42 | 000,040,960 | ---- | M] (Maxtor Corp.) -- C:\Program Files\Dantz\Retrospect\ComboButton.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (SafeList) ==========

MOD - [2011/01/06 23:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\QDBTDNAXKCSTB.exe -- (QDBTDNAXKCSTB)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/11/30 11:27:22 | 000,558,592 | ---- | M] (ReaSoft) [On_Demand | Stopped] -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service)
SRV - [2007/10/09 15:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/12/14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2004/08/03 23:56:44 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/08/03 23:56:42 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2003/06/04 17:56:06 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\iksysflt.sys -- (IkSysFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\ikfileflt.sys -- (IKFileFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\DYNEFMC.sys -- (DYNEFMC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (Dual Mode)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dalwdm.sys -- (dalwdmservice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys -- (BTKRNBDG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Btcomm.sys -- (BTCOMM)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/02/11 04:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/07/27 02:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 00:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2005/03/04 11:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/29 20:20:56 | 000,007,551 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2004/08/03 22:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 21:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/01/02 20:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 19:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 06:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/13 09:50:26 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ms68bm.SYS -- (MSI43XX)
DRV - [2003/11/06 11:04:24 | 000,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/14 10:28:36 | 000,021,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npapimon.sys -- (npapimon)
DRV - [2003/07/14 10:28:26 | 000,010,900 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssdiagn.sys -- (ssdiagn)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/07/07 12:26:44 | 000,026,541 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/04 16:56:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/05/20 15:19:02 | 000,073,344 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ulsata.sys -- (UlSata)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2002/07/29 21:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/07/19 08:10:20 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2002/01/17 11:01:20 | 000,050,176 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlanUSB.sys -- (WLAN_USB)
DRV - [2001/09/24 02:36:28 | 000,075,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPUATA.sys -- (HPUATA)
DRV - [2001/08/17 14:04:48 | 000,171,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30)
DRV - [2001/07/26 13:02:30 | 000,016,202 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\VNICPKT5.sys -- (VNICPKT5)
DRV - [2001/01/08 01:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [1999/06/14 18:48:44 | 000,076,448 | R--- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSSUSB.sys -- (DSSUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local



O1 HOSTS File: ([2007/05/23 14:15:34 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\Windows Live Toolbar\stmain.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IcoSet] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [MaxtorCombo] C:\Program Files\Dantz\Retrospect\ComboButton.exe (Maxtor Corp.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe (Sonic Solutions)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe File not found
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [Ram Booster] C:\Program Files\SimonTools\XP-Tuner 2006\RamBooster.exe File not found
O4 - HKCU..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/08 17:50:20 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/08 20:59:38 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://verkopen.marktplaats.nl/js/widge ... oader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 11:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2007/05/23 15:53:58 | 000,052,438 | ---- | M] () - K:\AutoRuns.txt -- [ NTFS ]
O32 - AutoRun File - [2001/11/14 17:46:12 | 000,000,000 | ---- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk M:\
O33 - MountPoints2\{0ba5b1f8-9c99-11de-83eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ba5b1f8-9c99-11de-83eb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ba5b1f8-9c99-11de-83eb-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0ba5b1f9-9c99-11de-83eb-00038a000015}\Shell\Auto\Command - "" = TASKMON.EXE
O33 - MountPoints2\{0ba5b1f9-9c99-11de-83eb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c83f1b3-0fbc-11dd-a374-00038a000015}\Shell\AutoRun\command - "" = P:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.atrac3 - C:\WINDOWS\System32\Atrac3.acm (Sony Corporation)
Drivers32: msacm.dvacm - C:\WINDOWS\System32\DVACM.acm ()
Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.Mi-sc4 - C:\WINDOWS\System32\Mi-sc4.acm (Micronas Intermetall)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (73478579672842240)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 23:12:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/04 22:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/01/04 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/01/04 22:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/01/04 22:00:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/01/04 22:00:57 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/01/04 22:00:57 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/01/04 22:00:57 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/01/04 22:00:57 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/01/04 22:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/04 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/03 16:51:28 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/01/03 16:51:28 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/01/03 16:51:27 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/01/03 16:51:27 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/01/03 16:51:26 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/01/03 16:51:25 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/01/03 16:51:24 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/01/03 16:51:23 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/01/03 16:51:20 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/01/03 16:51:20 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/01/03 16:51:19 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/01/03 16:51:17 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/01/03 16:51:16 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/01/03 16:51:16 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/01/03 16:51:15 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/01/03 16:51:14 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/01/03 16:51:13 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/01/03 16:51:13 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/01/03 16:51:04 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/01/03 16:50:58 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/01/03 16:50:57 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/01/03 16:50:56 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/01/03 16:50:55 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/01/03 16:50:53 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/01/03 16:50:52 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/01/03 16:50:51 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/01/03 16:50:02 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/01/03 16:49:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/01/03 16:47:26 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/01/03 16:47:24 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/01/03 16:47:24 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/01/03 16:47:23 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/01/03 16:47:23 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/01/03 16:47:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/01/03 16:47:12 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/01/03 16:47:09 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/01/03 16:47:08 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/01/03 16:47:07 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/01/03 15:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Outlook Express
[2011/01/02 22:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/01/02 22:14:18 | 000,000,000 | ---D | C] -- C:\HijachThis
[2010/12/28 10:17:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/28 10:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/12/27 19:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2010/12/27 19:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ViewNX
[2010/12/27 19:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nikon Transfer
[2010/12/27 19:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/12/27 19:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/12/27 19:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/12/27 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/12/27 19:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/12/27 19:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/12/27 19:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ArcSoft
[2010/12/27 19:01:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/12/27 19:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2010/12/27 19:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Panorama Maker 5
[2010/12/27 19:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/12/27 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/12/27 19:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2010/12/27 18:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Link to Nikon
[2010/12/24 14:01:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/12/24 13:44:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/12/24 13:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/12/24 13:39:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2010/12/24 13:38:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2010/12/24 13:38:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2010/12/24 13:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/12/24 13:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/12/24 13:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2010/12/24 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2010/12/24 13:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/12/24 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2010/12/24 13:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2010/12/24 13:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2010/12/24 13:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP280 series Manual
[2010/12/24 12:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP280 series
[2010/12/24 12:26:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/12/24 12:25:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/24 12:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Motive
[2006/02/25 23:22:18 | 001,838,328 | ---- | C] (Finarea S.A. Switzerland ) -- C:\Program Files\setupvoipbuster.exe
[2006/02/25 23:14:55 | 001,838,328 | ---- | C] (Finarea S.A. Switzerland ) -- C:\Program Files\SetupVoipBuster_jwmvandeven.exe
[17 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/06 23:33:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6229CB63-1009-44DD-B15A-C55706B024C3}.job
[2011/01/06 23:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/06 22:56:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/01/06 11:09:45 | 000,048,426 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Great Savings on Fitness Products, Ski Tickets and More!.eml
[2011/01/06 09:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6d4c4d307bda.job
[2011/01/05 22:27:06 | 000,000,760 | ---- | M] () -- C:\WINDOWS\ssdiag.ini
[2011/01/05 22:21:22 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/01/05 22:20:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/05 22:20:23 | 1064,878,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/04 22:01:17 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/01/04 21:43:17 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/01/04 21:16:43 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/01/04 10:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/03 22:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/03 16:30:29 | 001,355,762 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Address Book Outlook Express.WAB
[2011/01/03 16:30:29 | 000,609,966 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Address Book Outlook Express.WAB~
[2011/01/03 15:47:25 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/01/02 22:18:00 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HijackThis Logfile2.doc
[2011/01/02 20:15:52 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RNW Emigratie naar Canada 2.doc
[2010/12/30 11:09:49 | 000,000,652 | ---- | M] () -- C:\WINDOWS\AudStu.INI
[2010/12/28 21:05:18 | 000,131,584 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Screenshot.doc
[2010/12/28 18:26:51 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/12/28 18:24:52 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/12/28 10:17:16 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/28 10:13:31 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brief aan Peter Graus.doc
[2010/12/27 19:24:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX.INI
[2010/12/27 19:17:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ViewNX.lnk
[2010/12/27 19:16:21 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/12/27 19:16:21 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Owner\Application Data\LaserPrinter
[2010/12/27 19:16:21 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2010/12/27 19:03:42 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/12/27 19:02:52 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Legacy
[2010/12/27 19:02:52 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Owner\Application Data\Keyboard Layouts
[2010/12/27 19:02:52 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\MAS
[2010/12/27 19:01:12 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Panorama Maker 5.lnk
[2010/12/24 21:39:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$W Emigratie naar Canada.doc
[2010/12/24 14:01:54 | 000,058,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG.pdf
[2010/12/24 13:24:43 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu EX.lnk
[2010/12/24 13:21:07 | 000,001,975 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP280 series On-screen Manual.lnk
[2010/12/24 12:57:37 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RNW Emigratie naar Canada.doc
[2010/12/19 23:38:21 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\St Barts Letter to Bishop r.doc
[2010/12/19 23:35:07 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Huurovereenkomst Tippeltje brief.doc
[2010/12/19 23:23:38 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Huurovereenkomst Tippeltje.doc
[2010/12/19 22:23:43 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Huurovereenkomst_Tippeltje revised.doc
[2010/12/18 23:56:54 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Huurovereenkomst Tippeltje verklaring.doc
[2010/12/18 23:54:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Huurovereenkomst Tippeltje Huish Reglement.doc
[2010/12/18 00:51:13 | 000,016,301 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\St. Barts revised.docm
[2010/12/18 00:49:05 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\St. Bart's letter to bishop.doc
[2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[17 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 19:43:17 | 000,048,426 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Great Savings on Fitness Products, Ski Tickets and More!.eml
[2011/01/04 22:01:17 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/01/04 21:43:15 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/01/03 16:50:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/01/03 16:50:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/01/03 16:50:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/01/03 16:50:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/01/03 16:50:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/01/03 16:50:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/01/03 16:50:26 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/01/03 16:50:25 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/01/03 16:50:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/01/03 16:50:13 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/01/03 16:30:29 | 000,609,966 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Address Book Outlook Express.WAB~
[2011/01/03 16:29:07 | 001,355,762 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Address Book Outlook Express.WAB
[2011/01/03 16:09:33 | 000,012,444 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RE_ Betaling.eml
[2011/01/02 22:18:00 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HijackThis Logfile2.doc
[2011/01/02 22:14:19 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/01/02 19:22:24 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RNW Emigratie naar Canada 2.doc
[2010/12/28 21:05:17 | 000,131,584 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Screenshot.doc
[2010/12/28 10:13:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brief aan Peter Graus.doc
[2010/12/27 19:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/12/27 19:17:03 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX.lnk
[2010/12/27 19:16:21 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/12/27 19:16:21 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\LaserPrinter
[2010/12/27 19:16:21 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/12/27 19:16:21 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2010/12/27 19:03:42 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/12/27 19:02:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Legacy
[2010/12/27 19:02:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Keyboard Layouts
[2010/12/27 19:02:52 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/12/27 19:02:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MAS
[2010/12/27 19:01:12 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Panorama Maker 5.lnk
[2010/12/24 21:39:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$W Emigratie naar Canada.doc
[2010/12/24 14:01:54 | 000,058,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG.pdf
[2010/12/24 13:24:43 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu EX.lnk
[2010/12/24 13:21:07 | 000,001,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP280 series On-screen Manual.lnk
[2010/12/24 12:18:43 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\CNC1746D.TBL
[2010/12/23 20:28:29 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RNW Emigratie naar Canada.doc
[2010/12/19 22:23:43 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Huurovereenkomst_Tippeltje revised.doc
[2010/12/18 21:06:06 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\St Barts Letter to Bishop r.doc
[2010/12/18 00:51:13 | 000,016,301 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\St. Barts revised.docm
[2010/12/15 23:23:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\St. Bart's letter to bishop.doc
[2009/10/01 21:24:03 | 000,042,771 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/05/28 23:10:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/16 09:28:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2008/04/16 09:16:47 | 000,000,349 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI
[2008/04/16 09:09:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008/04/16 09:00:07 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007/12/12 19:51:18 | 000,000,000 | -H-- | C] () -- C:\Program Files\Common Files\MSN
[2007/11/30 23:52:48 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/12/06 15:16:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS27.DLL
[2006/10/29 16:11:41 | 000,000,789 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/10/29 16:11:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2006/10/25 09:01:38 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\DymoQBInst.dll
[2006/10/21 16:53:38 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/10/21 16:53:37 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2006/10/21 16:53:34 | 000,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2006/10/21 16:52:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2006/10/21 16:52:46 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2006/07/16 18:47:26 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2006/03/06 19:30:54 | 000,921,654 | ---- | C] () -- C:\Program Files\miimobiel.bmp
[2006/01/13 20:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/13 20:27:06 | 000,016,545 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/16 06:50:03 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/09/16 06:50:03 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/08/29 10:44:36 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/08/18 20:32:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/08/18 20:32:29 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/03/17 11:35:59 | 000,072,586 | ---- | C] () -- C:\Program Files\clean system.zip
[2005/01/19 21:07:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/16 08:51:42 | 000,000,156 | ---- | C] () -- C:\WINDOWS\sb_affiliate.ini
[2004/11/08 17:58:28 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/11/08 17:58:28 | 000,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/16 07:58:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/08/30 12:52:28 | 000,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2004/08/29 20:53:18 | 000,000,112 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2004/08/29 20:53:18 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2004/08/29 20:41:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2004/08/29 20:27:58 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.dll
[2004/08/29 20:20:56 | 000,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys
[2004/08/29 09:54:03 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/08/29 09:54:02 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2004/08/29 09:52:55 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\imbrmute.ini
[2004/08/28 22:18:30 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2004/08/27 22:22:20 | 000,000,652 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2004/08/27 22:14:57 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/08/27 22:14:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/08/27 22:12:33 | 000,000,084 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/08/27 22:12:32 | 000,006,289 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/08/27 21:03:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\ssdiag.ini
[2004/08/26 22:51:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/26 22:20:15 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/26 22:05:43 | 000,000,213 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/26 22:04:29 | 000,000,045 | ---- | C] () -- C:\WINDOWS\FEGHMMN.ini
[2004/08/26 21:40:59 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2004/08/26 21:40:59 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2004/08/26 18:16:43 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/26 17:16:23 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2004/08/26 16:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dssole.INI
[2004/08/26 16:52:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/08/26 16:28:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2004/08/26 14:42:04 | 000,005,087 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2004/08/26 14:41:37 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/08/26 14:41:33 | 000,000,998 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2004/08/26 14:00:18 | 000,054,784 | R--- | C] () -- C:\WINDOWS\System32\drivers\wlanNDS.sys
[2004/08/26 14:00:18 | 000,050,176 | R--- | C] () -- C:\WINDOWS\System32\drivers\wlanUSB.sys
[2004/04/02 22:35:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/02 22:35:48 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 18:57:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/02 15:06:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/04/02 15:03:06 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 14:47:59 | 000,027,754 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 14:47:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 14:31:02 | 000,000,740 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 14:22:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 13:40:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 13:04:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 12:54:44 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 12:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 12:54:16 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 11:59:40 | 000,000,853 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 10:42:06 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/02 03:46:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/29 01:22:35 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/04/07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 19:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 19:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 19:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 19:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 19:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1999/09/20 10:05:32 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[1995/10/21 10:37:52 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL

========== LOP Check ==========

[2011/01/04 21:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/24 12:25:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/24 13:38:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2010/12/24 13:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/12/24 13:44:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/12/24 13:38:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2010/12/24 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2010/12/24 13:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/01/02 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/12/24 14:01:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/12/24 13:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2010/12/24 13:39:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2010/12/24 13:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2009/04/02 17:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/12/27 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/16 09:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/12/27 19:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2004/09/01 18:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2004/08/26 15:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2008/04/14 10:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/26 09:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/27 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/05/22 13:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/25 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/04 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/20 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Belastingdienst
[2010/12/24 14:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/12/24 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2007/11/09 14:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eFax Messenger
[2006/12/08 16:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/04/20 19:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/12/28 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/10/01 22:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RCP 5
[2006/11/18 10:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2004/09/06 16:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/01/24 14:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VirtualStore
[2009/05/28 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YouSendIt
[2011/01/04 10:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/06 22:56:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/01/06 23:33:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6229CB63-1009-44DD-B15A-C55706B024C3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/08/29 01:19:19 | 000,004,187 | ---- | M] () -- C:\0x0409.ini
[2003/08/29 01:19:20 | 000,003,584 | ---- | M] () -- C:\1033.mst
[2011/01/04 21:25:47 | 000,097,414 | ---- | M] () -- C:\aaw7boot.log
[2003/04/22 15:12:18 | 000,000,910 | ---- | M] () -- C:\ATTOMTLN.INF
[2004/04/02 11:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/09/22 14:42:09 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2003/08/15 18:52:18 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2004/04/02 11:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/29 01:23:37 | 000,079,660 | ---- | M] () -- C:\cu_readme.rtf
[2004/08/26 22:07:32 | 000,178,256 | ---- | M] () -- C:\DSP_Spectrum_Tool_200.exe
[2003/04/28 11:10:58 | 000,009,392 | ---- | M] () -- C:\express.cat
[2003/04/11 11:41:54 | 000,003,146 | ---- | M] () -- C:\EXPRESS.INF
[2003/04/11 11:34:08 | 000,043,472 | ---- | M] (ATTO Technology, Inc.) -- C:\express.sys
[2011/01/05 22:20:23 | 1064,878,080 | -HS- | M] () -- C:\hiberfil.sys
[2003/08/29 01:19:25 | 010,915,512 | ---- | M] () -- C:\hp LaserJet 1010 Series.msi
[2003/08/29 01:19:28 | 001,150,976 | ---- | M] (Hewlet-Packard) -- C:\hpbtpg.exe
[2003/08/29 01:19:28 | 001,043,550 | ---- | M] () -- C:\hpinst.exe
[2006/03/18 10:06:50 | 000,000,050 | ---- | M] () -- C:\install.bat
[2003/08/29 01:19:29 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\instmsia.exe
[2003/08/29 01:19:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\instmsiw.exe
[2004/04/02 11:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/08/26 14:04:51 | 000,000,484 | -H-- | M] () -- C:\IPH.PH
[2006/11/06 22:38:45 | 036,808,256 | ---- | M] (Apple Computer, Inc.) -- C:\iTunesSetup.exe
[2007/01/28 21:53:38 | 000,000,068 | ---- | M] () -- C:\log.txt
[2004/08/27 22:15:21 | 000,000,746 | -HS- | M] () -- C:\midi studio 2003.Key
[2004/08/29 11:00:11 | 000,000,746 | -HS- | M] () -- C:\midi studio 2004.Key
[2005/04/24 12:19:43 | 010,135,688 | ---- | M] (Microsoft Corporation) -- C:\MPSetupXP.exe
[2004/04/02 11:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/12/08 12:18:13 | 035,121,138 | ---- | M] () -- C:\NIS_Retail.EXE
[2004/10/04 08:30:21 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/10/04 08:30:21 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2003/05/14 08:25:06 | 000,003,823 | ---- | M] () -- C:\packing.lst
[2011/01/05 22:20:19 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2006/05/12 12:38:22 | 000,000,065 | ---- | M] () -- C:\pdfinfo.ini
[2004/08/27 00:13:58 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/05/22 12:41:00 | 000,000,198 | ---- | M] () -- C:\PSLOG
[2008/04/20 22:07:03 | 009,295,957 | ---- | M] (ReaSoft ) -- C:\ReaConverterPro.exe
[2004/08/26 22:39:10 | 010,466,672 | ---- | M] (RealNetworks, Inc.) -- C:\RealPlayer10-5GOLD_bb.exe
[2004/08/26 18:24:55 | 000,000,056 | -HS- | M] () -- C:\redir.sys
[2006/03/18 10:05:59 | 000,000,354 | ---- | M] () -- C:\response.ini
[2007/10/31 18:00:28 | 000,000,796 | ---- | M] () -- C:\rollback.ini
[2008/02/05 12:31:57 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2004/09/08 10:59:20 | 010,846,830 | ---- | M] () -- C:\sep20.exe
[2003/08/28 14:28:36 | 001,489,332 | ---- | M] (Trust) -- C:\Setup.exe
[2006/03/18 10:06:50 | 000,001,390 | ---- | M] () -- C:\Setup.ini
[2004/08/29 12:16:32 | 001,697,656 | ---- | M] (InterMute) -- C:\SpySubtract.EXE
[2010/09/28 08:22:51 | 000,000,018 | -H-- | M] () -- C:\SYSREST
[2001/12/23 17:59:02 | 000,009,755 | ---- | M] () -- C:\teAm_Cracking.nfo
[2004/12/23 14:58:26 | 001,414,144 | ---- | M] () -- C:\trust powerzoom.exe
[2003/05/13 14:39:58 | 000,000,915 | ---- | M] () -- C:\TXTSETUP.OEM
[2004/08/03 09:20:04 | 002,480,378 | ---- | M] () -- C:\uesetup.exe
[2006/03/18 10:06:50 | 000,000,039 | ---- | M] () -- C:\uninstall.bat
[2001/05/24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009/06/19 20:41:03 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2007/05/14 20:56:24 | 000,000,684 | ---- | M] () -- C:\VundoFix.txt
[2004/08/26 22:19:47 | 009,035,144 | ---- | M] () -- C:\winamp504_strata.exe
[2004/11/15 20:47:14 | 002,421,920 | ---- | M] () -- C:\winzip90.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/04/02 11:54:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/08/28 21:00:00 | 000,008,192 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD27.DLL
[2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDAA.DLL
[2001/08/28 21:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP27.DLL
[2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPAA.DLL
[2006/06/03 21:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
[2003/08/29 01:22:40 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2005/03/17 11:36:05 | 000,072,586 | ---- | M] () -- C:\Program Files\clean system.zip
[2006/03/06 19:31:00 | 000,921,654 | ---- | M] () -- C:\Program Files\miimobiel.bmp
[2006/02/25 23:22:18 | 001,838,328 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Program Files\setupvoipbuster.exe
[2006/02/25 23:14:55 | 001,838,328 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Program Files\SetupVoipBuster_jwmvandeven.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/04/02 03:45:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/04/02 03:45:02 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/04/02 03:45:02 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/10/04 08:41:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/04/02 12:51:49 | 000,014,724 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2004/04/02 12:51:49 | 000,014,782 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
[2004/04/02 12:51:49 | 000,003,562 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/10/04 09:28:43 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/04/02 11:59:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/02/10 14:44:17 | 059,053,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVG.exe
[2011/01/04 21:43:17 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2008/04/14 10:26:08 | 026,451,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FreeAgent-DT-WW.exe
[2011/01/06 23:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/10/01 20:56:32 | 013,722,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\winzip121.exe

< %PROGRAMFILES%\Common Files\*.* >
[2007/12/12 20:15:47 | 000,000,000 | -H-- | M] () -- C:\Program Files\Common Files\MSN

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-06 11:01:46

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 936 bytes -> C:\Program Files\Common Files\MSN:2gEY2P4VcOzgmGCYlQJZajjqrbFrvz
@Alternate Data Stream - 935 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\5Thv75QrBj18:2W3lXrvDQVBlfJ261T
@Alternate Data Stream - 890 bytes -> C:\Program Files\Outlook Express:AYJPhiZhWeLL0II3jt9wc
@Alternate Data Stream - 862 bytes -> C:\Program Files\Common Files\Microsoft Shared:hE34uFX5nNzWNL2pZot593RQ
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 1/6/2011 11:25:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 597.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.47 Gb Total Space | 34.01 Gb Free Space | 48.26% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.36 Gb Free Space | 8.88% Space Free | Partition Type: FAT32
Drive K: | 149.05 Gb Total Space | 28.92 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive L: | 57.23 Gb Total Space | 4.69 Gb Free Space | 8.20% Space Free | Partition Type: FAT32
Drive M: | 232.88 Gb Total Space | 139.35 Gb Free Space | 59.83% Space Free | Partition Type: NTFS

Computer Name: YOUR-2S4KN5K0H3 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterMute\SpamSubtract\SpamSub.exe" = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe:*:Disabled:SpamSubtract Main Module -- File not found
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 -- File not found
"C:\MAGIX\ms2003_deLuxe\AudStu.exe" = C:\MAGIX\ms2003_deLuxe\AudStu.exe:*:Enabled:MAGIX audio studio 2003 -- (MAGIX AG)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33471FA2-1DE4-47e9-9FDB-828B341BA4FA}" = hpg4370QFolder
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.03
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4C6B97C0-C3BC-4368-8261-FDD8D6C7B14B}" = Tel-Ray Variable Delay
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Storage Toolbox
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{90110413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 3200,3200F
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC4605F3-2896-11D7-A220-0000E884021F}" = ALi RAID Driver
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Aangifte Buitenland 2007" = Aangifte Buitenland 2007
"Aangifte voor buitenlandse belastingplichtigen 2008" = Aangifte voor buitenlandse belastingplichtigen 2008
"Aangifte voor buitenlandse belastingplichtigen 2009" = Aangifte voor buitenlandse belastingplichtigen 2009
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"America Online ca" = AOL (Choose which version to remove)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CodInstl" = Intel A/V Codecs V2.0
"Compaq Instant Support" = Compaq Instant Support
"DssPlayerDeinstKey" = Olympus DSS Player 3.1 (UK)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EasyResize" = EasyResize
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"MAGIX Music Cleaning Lab 2008 deluxe NL" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.0.0 (NL)
"MAGIX music studio 2003 deLuxe" = MAGIX music studio 2003 deLuxe
"MAGIX PC Visit NL" = MAGIX PC Visit
"Media Player" = Media Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mufin MusicFinder Base NL" = Mufin MusicFinder Base 1.0.1.252 (NL)
"MusicMatch Jukebox" = MusicMatch Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"PS2" = PS2
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"RealPlayer 6.0" = RealPlayer Basic
"Samplitude Music Studio 2008 NL" = Samplitude Music Studio 2008 14.0.0.0 (NL)
"Text To PDF v2.1.0_is1" = Text To PDF v2.1.0
"VIA DMI" = VIA DMI
"ViewpointMediaPlayer" = Viewpoint Media Player
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2010 1:40:27 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2010 2:12:33 PM | Computer Name = YOUR-2S4KN5K0H3 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/28/2010 5:24:41 PM | Computer Name = YOUR-2S4KN5K0H3 | Source = ESENT | ID = 490
Description = svchost (1548) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 12/28/2010 5:24:41 PM | Computer Name = YOUR-2S4KN5K0H3 | Source = ESENT | ID = 470
Description = Catalog Database (1548) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 12/31/2010 4:28:34 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 12/31/2010 3:00:11 PM | Computer Name = YOUR-2S4KN5K0H3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/31/2010 3:00:11 PM | Computer Name = YOUR-2S4KN5K0H3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/1/2011 5:37:45 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/1/2011 5:37:45 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2011 12:54:09 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

[ System Events ]
Error - 1/3/2011 9:02:41 PM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/5/2011 1:28:25 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/5/2011 1:56:07 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/5/2011 1:58:30 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 1/5/2011 1:58:30 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 1/5/2011 1:58:30 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 1/5/2011 7:41:07 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/5/2011 7:41:20 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 1/6/2011 2:22:27 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/6/2011 2:22:40 AM | Computer Name = YOUR-2S4KN5K0H3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >
mcgrant
Active Member
 
Posts: 3
Joined: January 3rd, 2011, 1:54 am

Re: outlook express hijacked

Unread postby askey127 » January 7th, 2011, 9:37 am

mcgrant,
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 9.1.3

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\InterMute\SpamSubtract\SpamSub.exe" = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe:*:Disabled:SpamSubtract Main Module -- File not found
    "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- ()
    "C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 -- File not found
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
    @Alternate Data Stream - 936 bytes -> C:\Program Files\Common Files\MSN:2gEY2P4VcOzgmGCYlQJZajjqrbFrvz
    @Alternate Data Stream - 935 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\5Thv75QrBj18:2W3lXrvDQVBlfJ261T
    @Alternate Data Stream - 890 bytes -> C:\Program Files\Outlook Express:AYJPhiZhWeLL0II3jt9wc
    @Alternate Data Stream - 862 bytes -> C:\Program Files\Common Files\Microsoft Shared:hE34uFX5nNzWNL2pZot593RQ
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    [2011/01/04 21:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/01/04 10:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    O4 - HKCU..\Run: [Ram Booster] C:\Program Files\SimonTools\XP-Tuner 2006\RamBooster.exe File not found
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [] File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\iksyssec.sys -- (IKSysSec)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\iksysflt.sys -- (IkSysFlt)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ikfilesec.sys -- (IKFileSec)
    DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\ikfileflt.sys -- (IKFileFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\DYNEFMC.sys -- (DYNEFMC)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (Dual Mode)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dalwdm.sys -- (dalwdmservice)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys -- (BTKRNBDG)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Btcomm.sys -- (BTCOMM)
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
Go HERE and click on AdbeRdr940_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: outlook express hijacked

Unread postby askey127 » January 10th, 2011, 7:44 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware