Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A difficult virus


  • This topic is locked This topic is locked
28 replies to this topic

#1 MarkiusSchu

MarkiusSchu

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 October 2009 - 11:28 AM

Hello,

This is my first time posting. When booting, this computer talks about calc.dll and ntuser.dll being invalid windows images. There are various pop ups that come up. I have gotten rid of some other things that were happening by using spyware doctor and other programs. I have just installed Avira, SuperAntiSpyware, and ZoneAlarm. It won't let me install MBAM properly. It won't let me boot into safe mode (blue screen). Please help if you can. Thank you.
Here is a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:41 AM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Rrerucokuh] rundll32.exe "C:\WINDOWS\ugezanijudulige.dll",Startup
O4 - HKLM\..\Run: [wiyewawab] Rundll32.exe "c:\windows\system32\gerizoha.dll",a
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\NETWOR~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader41.cab
O18 - Filter hijack: text/html - {0bc643e1-1346-46a4-8ec2-f921d2520500} - (no file)
O20 - AppInit_DLLs: c:\windows\system32\gerizoha.dll bozilajo.dll c:\windows\system32\kisijegu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljji - C:\WINDOWS\
O21 - SSODL: kawalukaz - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - c:\windows\system32\gerizoha.dll
O22 - SharedTaskScheduler: tokatiluy - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - c:\windows\system32\gerizoha.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9403 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:56 PM

Posted 28 October 2009 - 05:39 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 October 2009 - 05:58 PM

Hi Sam and thanks for your help.

I scanned it with incorrect parameters initially, then deleted the logs and scanned again, but this time I only am getting an OTL.txt.

Here is what it says:

OTL logfile created on: 10/28/2009 5:55:27 PM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 108.81 Mb Available Physical Memory | 21.67% Memory free
1.20 Gb Paging File | 0.65 Gb Available in Paging File | 53.93% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.76 Gb Total Space | 125.10 Gb Free Space | 85.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/28 17:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2009/10/23 15:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/23 15:40:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/22 16:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/25 20:31:40 | 00,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/02/05 08:02:16 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/11/16 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/14 09:50:48 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
PRC - [2004/08/11 03:22:40 | 00,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004/05/24 13:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/16 05:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 19:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/23 15:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/10/22 16:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/10/22 16:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service [Auto | Running])
SRV - [2008/11/12 16:44:18 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/05/24 13:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/05 02:27:32 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/31 19:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2002/12/17 20:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2002/12/17 20:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/28 17:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
MOD - [2009/07/22 16:48:35 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\gerizoha.dll
MOD - [2007/03/08 10:36:28 | 00,164,864 | ---- | M] () -- C:\WINDOWS\ugezanijudulige.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
MOD - [2004/08/04 06:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll
MOD - [2004/08/04 06:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\serwvdrv.dll
MOD - [2004/08/04 06:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\umdmxfrm.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4FB9BDA5-413E-49D7-B288-9F93DD39069E}:1.9.1
FF - prefs.js..extensions.enabledItems: {A2123010-4D71-45A4-AB29-1EE4F5BFF508}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{4FB9BDA5-413E-49D7-B288-9F93DD39069E}: C:\Documents and Settings\Dan\Local Settings\Application Data\{4FB9BDA5-413E-49D7-B288-9F93DD39069E} [2009/10/16 21:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A2123010-4D71-45A4-AB29-1EE4F5BFF508}: C:\Documents and Settings\Cheryl\Local Settings\Application Data\{A2123010-4D71-45A4-AB29-1EE4F5BFF508} [2009/10/16 21:32:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/23 15:40:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/23 11:14:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/23 15:40:30 | 00,000,000 | ---D | M]

[2009/10/23 11:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2009/10/23 11:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/28 10:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions
[2009/10/23 15:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/28 10:36:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/23 11:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/23 15:40:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/23 15:40:06 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Rrerucokuh] C:\WINDOWS\ugezanijudulige.DLL ()
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [wiyewawab] C:\WINDOWS\System32\gerizoha.DLL ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [calc] C:\Documents and Settings\NetworkService\ntuser.dll ()
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\scandisk.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://www.ritzpix.com/net/Uploader/LPUploader41.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gerizoha.dll) - C:\WINDOWS\System32\gerizoha.dll ()
O20 - AppInit_DLLs: (bozilajo.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\kisijegu.dll) - C:\WINDOWS\System32\kisijegu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (em\\xplorer.exe)) - File not found
O20 - HKLM Winlogon: UserInit - (-) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\Exp) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\mljji: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: kawalukaz - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - C:\WINDOWS\System32\gerizoha.dll ()
O22 - SharedTaskScheduler: {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - tokatiluy - C:\WINDOWS\System32\gerizoha.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/22 16:42:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 09:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\54722424
[2009/10/23 12:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/22 16:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/22 17:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/23 14:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/22 16:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 16:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/22 16:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2009/10/23 11:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2009/10/23 14:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
[2009/10/22 16:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2009/10/16 21:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\{4FB9BDA5-413E-49D7-B288-9F93DD39069E}
[2009/10/23 11:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla
[2009/10/22 17:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Threat Expert
[2009/10/22 17:12:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/23 14:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/23 15:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/10/23 12:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/23 12:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/23 14:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/23 11:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/15 19:19:18 | 00,000,000 | ---D | C] -- C:\Program Files\Shared
[2009/10/23 14:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/23 15:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 16:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/10/23 15:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/10/28 17:49:15 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 15:36:34 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/26 18:28:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/24 23:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Maintenance
[2009/10/23 15:56:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/23 15:56:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/10/23 12:00:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/23 12:00:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/23 12:00:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/23 12:00:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/23 12:00:38 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/22 16:43:10 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 16:43:08 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/10/22 16:43:05 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/10/22 15:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 14 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/28 17:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 17:00:00 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/10/28 15:36:35 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/28 15:34:40 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/28 10:29:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Qpayedojod.bin
[2009/10/28 10:25:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/28 10:25:18 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/28 10:24:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/28 10:24:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/28 10:24:46 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/23 15:56:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 15:29:20 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zulugopa
[2009/10/23 14:07:00 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Drazuqoqiwogij.dat
[2009/10/23 11:58:21 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 11:14:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 16:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 16:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/10/16 20:58:51 | 00,000,000 | -HS- | M] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\scandisk.lnk

========== Files - No Company Name ==========
[2009/10/28 15:34:40 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 15:56:50 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 15:56:38 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/23 11:57:14 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 11:14:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 16:43:08 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/10/16 21:10:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qpayedojod.bin
[2009/10/16 21:10:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Drazuqoqiwogij.dat
[2009/10/16 20:58:51 | 00,000,000 | -HS- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\scandisk.lnk
[2009/07/22 16:48:35 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\gerizoha.dll
[2009/04/06 10:17:23 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Cheryl.ini
[2009/03/08 17:02:13 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 16:16:26 | 00,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2008/02/19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/10/10 10:01:04 | 00,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/06 07:42:53 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/06 14:27:08 | 00,069,784 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/03/06 14:27:04 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2005/02/27 19:11:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/22 21:33:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan\Application Data\DESKTOP.INI
[2005/02/22 21:33:24 | 05,903,882 | -H-- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2005/02/05 08:04:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/05 07:58:23 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/05 07:49:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/05 07:16:58 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,709 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 13:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 06:00:00 | 00,164,864 | ---- | C] () -- C:\WINDOWS\ugezanijudulige.dll
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 02:27:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/04/09 16:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/23 14:21:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/25 15:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/22 16:42:07 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 09:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\54722424
[2008/01/19 09:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/03/22 11:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2005/02/05 07:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/02/19 12:13:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/01/19 09:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/26 19:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/04 15:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/10/22 16:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/27 15:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cheryl\Application Data
[2009/01/24 12:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Amazon
[2008/11/12 15:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Digital Album Organizer
[2005/03/07 13:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Leadertech
[2007/07/14 12:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Snapfish
[2009/04/02 09:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\W Photo Studio Viewer
[2009/10/26 19:21:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2009/01/24 11:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2005/09/29 20:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\CyberLink
[2005/03/25 15:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2009/10/22 16:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2007/11/19 18:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Walgreens
[2007/04/09 16:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/08/07 12:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2005/02/05 07:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/28 17:00:00 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/02/08 19:02:17 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/10/28 10:24:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS
[2004/08/04 06:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ACPI.SYS
[2004/08/04 06:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ACPIEC.SYS
[2001/08/17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ADPU160M.SYS
[2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys
[2006/02/14 19:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 04:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/04 00:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS
[2001/08/17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AHA154X.SYS
[2001/08/17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AIC78U2.SYS
[2001/08/17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AIC78XX.SYS
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ALIIDE.SYS
[2004/08/04 00:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ALIM1541.SYS
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS
[2004/08/04 06:00:00 | 00,036,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMDK6.SYS
[2004/08/04 06:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMDK7.SYS
[2001/08/17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMSINT.SYS
[2004/08/04 06:00:00 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ARP1394.SYS
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\ASC.SYS
[2001/08/17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ASC3350P.SYS
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\ASC3550.SYS
[2005/02/05 08:02:20 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2004/08/04 06:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ASYNCMAC.SYS
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMARPC.SYS
[2004/08/04 06:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMEPVC.SYS
[2004/08/04 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMLANE.SYS
[2004/08/04 06:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMUNI.SYS
[2001/08/17 14:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AUDSTUB.SYS
[2009/02/13 12:17:49 | 00,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2009/02/13 12:29:11 | 00,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2004/08/04 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BEEP.SYS
[2004/08/04 06:00:00 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BRIDGE.SYS
[2008/06/13 08:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2001/08/17 14:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CBIDF2K.SYS
[2004/08/04 00:10:18 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CCDECODE.sys
[2001/08/17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CD20XRNT.SYS
[2004/08/04 06:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDAUDIO.SYS
[2004/08/04 06:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDFS.SYS
[2004/08/04 06:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDROM.SYS
[2004/08/04 06:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\CINEMST2.SYS
[2004/08/04 06:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CLASSPNP.SYS
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\CMDIDE.SYS
[2001/08/17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CPQARRAY.SYS
[2004/08/04 06:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\CPQDAP01.SYS
[2004/08/04 06:00:00 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CRUSOE.SYS
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\DAC2W2K.SYS
[2001/08/17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DAC960NT.SYS
[2004/05/20 09:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys
[2004/05/20 09:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys
[2004/06/02 14:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys
[2004/05/20 09:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys
[2004/05/20 09:45:20 | 00,068,950 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys
[2004/08/04 06:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DISK.SYS
[2004/08/04 06:00:00 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DISKDUMP.SYS
[2004/08/04 06:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMBOOT.SYS
[2004/08/04 06:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMIO.SYS
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\DMLOAD.SYS
[2004/08/04 00:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys
[2001/08/17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DPTI2O.SYS
[2004/08/04 00:08:00 | 00,060,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2004/08/04 00:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys
[2004/08/04 06:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXAPI.SYS
[2004/08/04 06:00:00 | 00,071,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXG.SYS
[2004/08/04 06:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXGTHK.SYS
[2004/02/10 16:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2004/06/02 14:17:56 | 00,151,985 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys
[2004/08/04 06:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FASTFAT.SYS
[2004/08/04 06:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FDC.SYS
[2004/08/04 06:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FIPS.SYS
[2004/08/04 06:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FLPYDISK.SYS
[2006/08/21 04:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 06:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FSVGA.SYS
[2004/08/04 06:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FS_REC.SYS
[2001/08/17 14:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FTDISK.SYS
[2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2004/08/04 06:00:00 | 00,036,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDCLASS.SYS
[2004/08/04 06:00:00 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDPARSE.SYS
[2001/08/17 15:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2001/08/17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HPN.SYS
[2004/01/05 02:27:32 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys
[2004/01/05 02:27:34 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
[2004/01/05 02:27:34 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys
[2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
[2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys
[2006/03/16 19:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2004/08/04 00:00:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I2OMGMT.SYS
[2004/08/04 00:00:52 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I2OMP.SYS
[2004/08/04 06:00:00 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I8042PRT.SYS
[2005/10/14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2004/08/04 06:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IMAPI.SYS
[2001/08/17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INI910U.SYS
[2004/08/03 23:59:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INTELIDE.SYS
[2004/08/04 06:00:00 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INTELPPM.SYS
[2004/08/04 06:00:00 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IP6FW.SYS
[2004/08/04 06:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPFLTDRV.SYS
[2004/08/04 06:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPINIP.SYS
[2004/09/29 17:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2004/08/04 06:00:00 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPSEC.SYS
[2004/02/11 15:27:38 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys
[2004/08/04 06:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IRENUM.SYS
[2001/08/17 14:58:02 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ISAPNP.SYS
[2004/08/03 23:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\KBDCLASS.SYS
[2006/06/14 03:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2004/08/04 06:00:00 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\KS.SYS
[2009/06/22 06:34:52 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2004/08/04 06:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MCD.SYS
[2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2004/08/04 06:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MF.SYS
[2004/08/04 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MNMDD.SYS
[2004/08/04 06:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEM.SYS
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys
[2004/08/03 23:58:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MOUCLASS.SYS
[2001/08/17 14:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2004/08/04 06:00:00 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MOUNTMGR.SYS
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\MRAID35X.SYS
[2007/12/18 04:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/04 06:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSFS.SYS
[2004/08/04 06:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSGPC.SYS
[2004/08/03 23:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys
[2004/08/03 23:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[2004/08/03 23:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys
[2004/08/04 00:07:48 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSSMBIOS.SYS
[2004/08/03 23:58:40 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys
[2004/08/04 06:00:00 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MUP.SYS
[2004/08/04 00:10:30 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NABTSFEC.sys
[2004/08/04 06:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDIS.SYS
[2004/08/04 00:10:14 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NdisIP.sys
[2004/08/04 06:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISTAPI.SYS
[2004/08/04 06:00:00 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISUIO.SYS
[2004/08/04 06:00:00 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISWAN.SYS
[2004/08/04 06:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDPROXY.SYS
[2004/08/04 06:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NETBIOS.SYS
[2004/08/04 06:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NETBT.SYS
[2004/08/04 06:00:00 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NIC1394.SYS
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\NIKEDRV.SYS
[2004/08/04 06:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NMNT.SYS
[2004/08/04 06:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NPFS.SYS
[2007/02/09 06:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 06:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NULL.SYS
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NV4_MINI.SYS
[2004/08/04 06:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKFLT.SYS
[2004/08/04 06:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKFWD.SYS
[2004/08/04 06:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKIPX.SYS
[2004/08/04 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKNB.SYS
[2004/08/04 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKSPX.SYS
[2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys
[2004/08/04 06:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OPRGHDLR.SYS
[2004/08/04 06:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\P3.SYS
[2004/08/04 06:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARPORT.SYS
[2004/08/04 06:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARTMGR.SYS
[2004/08/04 06:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARVDM.SYS
[2004/08/04 00:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCI.SYS
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2004/08/03 23:59:42 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2004/08/04 06:00:00 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCMCIA.SYS
[2001/08/17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PERC2.SYS
[2001/08/17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PERC2HIB.SYS
[2004/08/04 00:15:50 | 00,145,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2004/08/04 06:00:00 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PROCESSR.SYS
[2004/08/04 06:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PSCHED.SYS
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PTILINK.SYS
[2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL1080.SYS
[2001/08/17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\QL10WNT.SYS
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL12160.SYS
[2001/08/17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\QL1240.SYS
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL1280.SYS
[2004/08/04 06:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASACD.SYS
[2004/08/04 06:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASL2TP.SYS
[2004/08/04 06:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPPPOE.SYS
[2004/08/04 06:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPPTP.SYS
[2004/08/04 06:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPTI.SYS
[2004/08/04 06:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RAWWAN.SYS
[2006/05/05 04:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPCDD.SYS
[2004/08/04 00:01:16 | 00,196,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPDR.SYS
[2005/06/09 23:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 23:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\REDBOOK.SYS
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\RIO8DRV.SYS
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\RIODRV.SYS
[2008/05/08 07:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2004/08/04 06:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RNDISMP.SYS
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ROOTMDM.SYS
[2004/08/04 06:00:00 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SCSIPORT.SYS
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SDBUS.SYS
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SERENUM.SYS
[2004/08/04 06:00:00 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SERIAL.SYS
[2004/08/04 06:00:00 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFFDISK.SYS
[2004/08/04 06:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFFP_SD.SYS
[2004/08/04 06:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFLOPPY.SYS
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS
[2004/08/04 00:10:18 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SLIP.sys
[2004/08/04 06:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMCLIB.SYS
[2003/04/08 11:30:48 | 00,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smsens.sys
[2004/04/09 13:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys
[2004/08/04 06:00:00 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SONYDCAM.SYS
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\SPARROW.SYS
[2006/06/14 03:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2004/08/04 06:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SR.SYS
[2008/12/11 06:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys
[2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys
[2004/08/04 06:00:00 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\STREAM.SYS
[2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\StreamIP.sys
[2004/08/03 23:58:42 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SWENUM.SYS
[2001/08/17 15:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\SYMC810.SYS
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYMC8XX.SYS
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYM_HI.SYS
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYM_U3.SYS
[2004/08/04 00:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2004/08/04 06:00:00 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TAPE.SYS
[2008/06/20 05:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 04:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2004/08/04 06:00:00 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDI.SYS
[2004/08/04 06:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDPIPE.SYS
[2004/08/04 06:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDTCP.SYS
[2004/08/04 02:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TERMDD.SYS
[2004/08/04 06:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TOSDVD.SYS
[2001/08/17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TOSIDE.SYS
[2004/08/04 06:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\TSBVCAP.SYS
[2004/08/04 06:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TUNMP.SYS
[2004/08/04 06:00:00 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UDFS.SYS
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ULTRA.SYS
[2007/04/23 05:32:54 | 00,364,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2004/08/04 06:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USB8023.SYS
[2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2004/08/04 06:00:00 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBCAMD.SYS
[2004/08/04 06:00:00 | 00,023,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBCAMD2.SYS
[2004/08/03 23:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 06:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBD.SYS
[2004/08/04 06:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBEHCI.SYS
[2004/08/04 00:08:44 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2004/08/04 06:00:00 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBINTEL.SYS
[2004/08/04 00:08:44 | 00,142,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2004/08/03 23:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2004/08/03 22:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 23:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2004/08/04 00:08:38 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2004/08/04 00:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/04 06:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\VDMINDVD.SYS
[2004/08/04 06:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VGA.SYS
[2004/08/04 00:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAAGP.SYS
[2004/08/03 23:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAIDE.SYS
[2004/08/04 06:00:00 | 00,079,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIDEOPRT.SYS
[2004/08/04 06:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VOLSNAP.SYS
[2004/08/04 06:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WANARP.SYS
[2006/06/14 04:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 06:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WMILIB.SYS
[2004/09/15 13:28:06 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WS2IFSL.SYS
[2004/08/04 00:10:22 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:56 PM

Posted 29 October 2009 - 07:39 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/07/22 16:48:35 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\gerizoha.dll
    MOD - [2007/03/08 10:36:28 | 00,164,864 | ---- | M] () -- C:\WINDOWS\ugezanijudulige.dll
    O3 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL File not found
    O4 - HKLM..\Run: [Rrerucokuh] C:\WINDOWS\ugezanijudulige.DLL ()
    O4 - HKLM..\Run: [wiyewawab] C:\WINDOWS\System32\gerizoha.DLL ()
    O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [calc] C:\Documents and Settings\NetworkService\ntuser.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\gerizoha.dll) - C:\WINDOWS\System32\gerizoha.dll ()
    O20 - AppInit_DLLs: (bozilajo.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kisijegu.dll) - C:\WINDOWS\System32\kisijegu.dll File not found
    O20 - Winlogon\Notify\mljji: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: kawalukaz - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - C:\WINDOWS\System32\gerizoha.dll ()
    O22 - SharedTaskScheduler: {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - tokatiluy - C:\WINDOWS\System32\gerizoha.dll ()
    [2009/10/28 10:29:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Qpayedojod.bin
    [2009/10/23 14:07:00 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Drazuqoqiwogij.dat
    [2009/10/16 21:10:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qpayedojod.bin
    [2009/10/16 21:10:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Drazuqoqiwogij.dat
    [2009/10/16 20:58:51 | 00,000,000 | -HS- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\scandisk.lnk
    [2009/07/22 16:48:35 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\gerizoha.dll
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

======================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 29 October 2009 - 10:28 AM

Okay,
I believe I've done everything properly. MBAM did make me reboot, and it rebooted fine. Here are the results:

RUNFIX RESULTS++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

All processes killed
========== OTL ==========
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gerizoha.dll
C:\WINDOWS\System32\gerizoha.dll NOT unregistered.
C:\WINDOWS\System32\gerizoha.dll moved successfully.
Releasing module c:\windows\system32\gerizoha.dll
DllUnregisterServer procedure not found in C:\WINDOWS\ugezanijudulige.dll
C:\WINDOWS\ugezanijudulige.dll NOT unregistered.
C:\WINDOWS\ugezanijudulige.dll moved successfully.
Releasing module C:\WINDOWS\ugezanijudulige.dll
Registry value HKEY_USERS\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Rrerucokuh deleted successfully.
File C:\WINDOWS\ugezanijudulige.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wiyewawab deleted successfully.
File C:\WINDOWS\System32\gerizoha.DLL not found.
Registry value HKEY_USERS\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
LoadLibrary failed for C:\Documents and Settings\NetworkService\ntuser.dll
C:\Documents and Settings\NetworkService\ntuser.dll NOT unregistered.
C:\Documents and Settings\NetworkService\ntuser.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\gerizoha.dll deleted successfully.
File C:\WINDOWS\System32\gerizoha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:bozilajo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kisijegu.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljji\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kawalukaz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfd5fa50-bc93-43d0-bf5f-9402d4965411}\ deleted successfully.
File C:\WINDOWS\System32\gerizoha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{dfd5fa50-bc93-43d0-bf5f-9402d4965411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfd5fa50-bc93-43d0-bf5f-9402d4965411}\ deleted successfully.
File C:\WINDOWS\System32\gerizoha.dll not found.
C:\WINDOWS\Qpayedojod.bin moved successfully.
C:\WINDOWS\Drazuqoqiwogij.dat moved successfully.
File C:\WINDOWS\Qpayedojod.bin not found.
File C:\WINDOWS\Drazuqoqiwogij.dat not found.
C:\Documents and Settings\Dan\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
File C:\WINDOWS\System32\gerizoha.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Cheryl
->Temp folder emptied: 773399654 bytes
->Temporary Internet Files folder emptied: 158856033 bytes
->Java cache emptied: 10489997 bytes

User: Dan
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temp\etilqs_z6FuvWW2HD2WgP0QXLxp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temp\~DFB48D.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 48336922 bytes
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 31351761 bytes
->Java cache emptied: 25493442 bytes
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 87600129 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33597 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a9c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00050.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 118706804 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1196.23 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10292009_092425

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Dan\Local Settings\Temp\etilqs_z6FuvWW2HD2WgP0QXLxp not found!
C:\Documents and Settings\Dan\Local Settings\Temp\~DFB48D.tmp moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\urlclassifier3.sqlite moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1a4.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_a9c.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f4.dat not found!
C:\WINDOWS\temp\ZLT00050.TMP moved successfully.

Registry entries deleted on Reboot...


QUICKSCAN RESULTS+++++++++++++++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 10/29/2009 9:51:53 AM - Run 4
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 215.03 Mb Available Physical Memory | 42.83% Memory free
1.20 Gb Paging File | 0.73 Gb Available in Paging File | 60.60% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.76 Gb Total Space | 126.25 Gb Free Space | 86.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/28 17:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2009/10/23 15:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/23 15:40:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/22 16:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/25 20:31:40 | 00,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/02/05 08:02:16 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/11/16 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/14 09:50:48 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
PRC - [2004/08/11 03:22:40 | 00,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004/05/24 13:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004/01/07 02:01:00 | 00,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/16 05:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 19:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/23 15:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/10/22 16:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/10/22 16:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service [Auto | Running])
SRV - [2008/11/12 16:44:18 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/05/24 13:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/05 02:27:32 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/31 19:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2002/12/17 20:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2002/12/17 20:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/28 17:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
MOD - [2004/08/04 06:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll
MOD - [2004/08/04 06:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\serwvdrv.dll
MOD - [2004/08/04 06:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\umdmxfrm.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4FB9BDA5-413E-49D7-B288-9F93DD39069E}:1.9.1
FF - prefs.js..extensions.enabledItems: {A2123010-4D71-45A4-AB29-1EE4F5BFF508}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{4FB9BDA5-413E-49D7-B288-9F93DD39069E}: C:\Documents and Settings\Dan\Local Settings\Application Data\{4FB9BDA5-413E-49D7-B288-9F93DD39069E} [2009/10/16 21:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A2123010-4D71-45A4-AB29-1EE4F5BFF508}: C:\Documents and Settings\Cheryl\Local Settings\Application Data\{A2123010-4D71-45A4-AB29-1EE4F5BFF508} [2009/10/16 21:32:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/23 15:40:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/23 11:14:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/23 15:40:30 | 00,000,000 | ---D | M]

[2009/10/23 11:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2009/10/23 11:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/28 10:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions
[2009/10/23 15:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/28 10:36:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/23 11:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/23 15:40:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/23 15:40:06 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Rrerucokuh] C:\WINDOWS\ugezanijudulige.DLL File not found
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [wiyewawab] C:\WINDOWS\System32\gerizoha.DLL File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://www.ritzpix.com/net/Uploader/LPUploader41.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gerizoha.dll) - C:\WINDOWS\System32\gerizoha.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (|) - File not found
O20 - HKLM Winlogon: UserInit - (----) - File not found
O20 - HKLM Winlogon: UserInit - (|) - File not found
O20 - HKLM Winlogon: UserInit - (M]) - File not found
O20 - HKLM Winlogon: UserInit - ((Microsoft) - File not found
O20 - HKLM Winlogon: UserInit - (Corporati) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: kawalukaz - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/22 16:42:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 09:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\54722424
[2009/10/23 12:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/22 16:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/22 17:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/23 14:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/22 16:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 16:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/22 16:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2009/10/23 11:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2009/10/23 14:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
[2009/10/22 16:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2009/10/16 21:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\{4FB9BDA5-413E-49D7-B288-9F93DD39069E}
[2009/10/23 11:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla
[2009/10/22 17:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Threat Expert
[2009/10/22 17:12:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/23 14:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/23 15:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/10/23 12:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/23 12:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/23 14:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/23 11:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/15 19:19:18 | 00,000,000 | ---D | C] -- C:\Program Files\Shared
[2009/10/23 14:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/23 15:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 16:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/10/23 15:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/10/29 09:24:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 17:49:15 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 15:36:34 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/26 18:28:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/24 23:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Maintenance
[2009/10/23 15:56:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/23 15:56:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/10/23 12:00:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/23 12:00:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/23 12:00:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/23 12:00:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/23 12:00:38 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/22 16:43:10 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 16:43:08 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/10/22 16:43:05 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/10/22 15:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 14 Days ==========

[2009/10/29 09:48:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/29 09:48:01 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/29 09:47:10 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/10/29 09:46:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/29 09:46:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/29 09:46:46 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 17:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 15:36:35 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/28 15:34:40 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 15:56:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 15:29:20 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zulugopa
[2009/10/23 11:58:21 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 11:14:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 16:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 16:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe

========== Files - No Company Name ==========
[2009/10/28 15:34:40 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 15:56:50 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 15:56:38 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/23 11:57:14 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 11:14:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 16:43:08 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/06 10:17:23 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Cheryl.ini
[2009/03/08 17:02:13 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 16:16:26 | 00,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2008/02/19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/10/10 10:01:04 | 00,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/06 07:42:53 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/06 14:27:08 | 00,069,784 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/03/06 14:27:04 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2005/02/27 19:11:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/22 21:33:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan\Application Data\DESKTOP.INI
[2005/02/22 21:33:24 | 05,903,882 | -H-- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2005/02/05 08:04:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/05 07:58:23 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/05 07:49:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/05 07:16:58 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,709 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 13:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 02:27:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/04/09 16:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/23 14:21:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/25 15:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/22 16:42:07 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 09:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\54722424
[2008/01/19 09:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/03/22 11:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2005/02/05 07:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/02/19 12:13:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/01/19 09:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/26 19:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/04 15:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/10/22 16:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/27 15:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cheryl\Application Data
[2009/01/24 12:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Amazon
[2008/11/12 15:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Digital Album Organizer
[2005/03/07 13:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Leadertech
[2007/07/14 12:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Snapfish
[2009/04/02 09:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\W Photo Studio Viewer
[2009/10/26 19:21:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2009/01/24 11:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2005/09/29 20:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\CyberLink
[2005/03/25 15:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2009/10/22 16:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2007/11/19 18:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Walgreens
[2007/04/09 16:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/08/07 12:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2005/02/05 07:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/29 09:47:10 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/02/08 19:02:17 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/10/29 09:46:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS
[2004/08/04 06:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ACPI.SYS
[2004/08/04 06:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ACPIEC.SYS
[2001/08/17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ADPU160M.SYS
[2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys
[2006/02/14 19:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 04:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/04 00:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS
[2001/08/17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AHA154X.SYS
[2001/08/17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AIC78U2.SYS
[2001/08/17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AIC78XX.SYS
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ALIIDE.SYS
[2004/08/04 00:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ALIM1541.SYS
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS
[2004/08/04 06:00:00 | 00,036,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMDK6.SYS
[2004/08/04 06:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMDK7.SYS
[2001/08/17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMSINT.SYS
[2004/08/04 06:00:00 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ARP1394.SYS
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\ASC.SYS
[2001/08/17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ASC3350P.SYS
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\ASC3550.SYS
[2005/02/05 08:02:20 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2004/08/04 06:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ASYNCMAC.SYS
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMARPC.SYS
[2004/08/04 06:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMEPVC.SYS
[2004/08/04 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMLANE.SYS
[2004/08/04 06:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMUNI.SYS
[2001/08/17 14:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AUDSTUB.SYS
[2009/02/13 12:17:49 | 00,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2009/02/13 12:29:11 | 00,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2004/08/04 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BEEP.SYS
[2004/08/04 06:00:00 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BRIDGE.SYS
[2008/06/13 08:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2001/08/17 14:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CBIDF2K.SYS
[2004/08/04 00:10:18 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CCDECODE.sys
[2001/08/17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CD20XRNT.SYS
[2004/08/04 06:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDAUDIO.SYS
[2004/08/04 06:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDFS.SYS
[2004/08/04 06:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDROM.SYS
[2004/08/04 06:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\CINEMST2.SYS
[2004/08/04 06:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CLASSPNP.SYS
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\CMDIDE.SYS
[2001/08/17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CPQARRAY.SYS
[2004/08/04 06:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\CPQDAP01.SYS
[2004/08/04 06:00:00 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CRUSOE.SYS
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\DAC2W2K.SYS
[2001/08/17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DAC960NT.SYS
[2004/05/20 09:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys
[2004/05/20 09:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys
[2004/06/02 14:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys
[2004/05/20 09:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys
[2004/05/20 09:45:20 | 00,068,950 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys
[2004/08/04 06:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DISK.SYS
[2004/08/04 06:00:00 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DISKDUMP.SYS
[2004/08/04 06:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMBOOT.SYS
[2004/08/04 06:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMIO.SYS
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\DMLOAD.SYS
[2004/08/04 00:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys
[2001/08/17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DPTI2O.SYS
[2004/08/04 00:08:00 | 00,060,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2004/08/04 00:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys
[2004/08/04 06:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXAPI.SYS
[2004/08/04 06:00:00 | 00,071,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXG.SYS
[2004/08/04 06:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXGTHK.SYS
[2004/02/10 16:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2004/06/02 14:17:56 | 00,151,985 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys
[2004/08/04 06:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FASTFAT.SYS
[2004/08/04 06:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FDC.SYS
[2004/08/04 06:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FIPS.SYS
[2004/08/04 06:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FLPYDISK.SYS
[2006/08/21 04:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 06:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FSVGA.SYS
[2004/08/04 06:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FS_REC.SYS
[2001/08/17 14:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FTDISK.SYS
[2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2004/08/04 06:00:00 | 00,036,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDCLASS.SYS
[2004/08/04 06:00:00 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDPARSE.SYS
[2001/08/17 15:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2001/08/17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HPN.SYS
[2004/01/05 02:27:32 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys
[2004/01/05 02:27:34 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
[2004/01/05 02:27:34 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys
[2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
[2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys
[2006/03/16 19:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2004/08/04 00:00:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I2OMGMT.SYS
[2004/08/04 00:00:52 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I2OMP.SYS
[2004/08/04 06:00:00 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I8042PRT.SYS
[2005/10/14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2004/08/04 06:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IMAPI.SYS
[2001/08/17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INI910U.SYS
[2004/08/03 23:59:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INTELIDE.SYS
[2004/08/04 06:00:00 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INTELPPM.SYS
[2004/08/04 06:00:00 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IP6FW.SYS
[2004/08/04 06:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPFLTDRV.SYS
[2004/08/04 06:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPINIP.SYS
[2004/09/29 17:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2004/08/04 06:00:00 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPSEC.SYS
[2004/02/11 15:27:38 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys
[2004/08/04 06:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IRENUM.SYS
[2001/08/17 14:58:02 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ISAPNP.SYS
[2004/08/03 23:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\KBDCLASS.SYS
[2006/06/14 03:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2004/08/04 06:00:00 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\KS.SYS
[2009/06/22 06:34:52 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2004/08/04 06:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MCD.SYS
[2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2004/08/04 06:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MF.SYS
[2004/08/04 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MNMDD.SYS
[2004/08/04 06:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEM.SYS
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys
[2004/08/03 23:58:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MOUCLASS.SYS
[2001/08/17 14:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2004/08/04 06:00:00 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MOUNTMGR.SYS
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\MRAID35X.SYS
[2007/12/18 04:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/04 06:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSFS.SYS
[2004/08/04 06:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSGPC.SYS
[2004/08/03 23:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys
[2004/08/03 23:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[2004/08/03 23:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys
[2004/08/04 00:07:48 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSSMBIOS.SYS
[2004/08/03 23:58:40 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys
[2004/08/04 06:00:00 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MUP.SYS
[2004/08/04 00:10:30 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NABTSFEC.sys
[2004/08/04 06:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDIS.SYS
[2004/08/04 00:10:14 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NdisIP.sys
[2004/08/04 06:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISTAPI.SYS
[2004/08/04 06:00:00 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISUIO.SYS
[2004/08/04 06:00:00 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISWAN.SYS
[2004/08/04 06:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDPROXY.SYS
[2004/08/04 06:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NETBIOS.SYS
[2004/08/04 06:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NETBT.SYS
[2004/08/04 06:00:00 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NIC1394.SYS
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\NIKEDRV.SYS
[2004/08/04 06:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NMNT.SYS
[2004/08/04 06:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NPFS.SYS
[2007/02/09 06:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 06:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NULL.SYS
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NV4_MINI.SYS
[2004/08/04 06:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKFLT.SYS
[2004/08/04 06:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKFWD.SYS
[2004/08/04 06:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKIPX.SYS
[2004/08/04 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKNB.SYS
[2004/08/04 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKSPX.SYS
[2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys
[2004/08/04 06:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OPRGHDLR.SYS
[2004/08/04 06:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\P3.SYS
[2004/08/04 06:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARPORT.SYS
[2004/08/04 06:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARTMGR.SYS
[2004/08/04 06:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARVDM.SYS
[2004/08/04 00:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCI.SYS
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2004/08/03 23:59:42 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2004/08/04 06:00:00 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCMCIA.SYS
[2001/08/17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PERC2.SYS
[2001/08/17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PERC2HIB.SYS
[2004/08/04 00:15:50 | 00,145,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2004/08/04 06:00:00 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PROCESSR.SYS
[2004/08/04 06:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PSCHED.SYS
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PTILINK.SYS
[2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL1080.SYS
[2001/08/17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\QL10WNT.SYS
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL12160.SYS
[2001/08/17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\QL1240.SYS
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL1280.SYS
[2004/08/04 06:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASACD.SYS
[2004/08/04 06:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASL2TP.SYS
[2004/08/04 06:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPPPOE.SYS
[2004/08/04 06:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPPTP.SYS
[2004/08/04 06:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPTI.SYS
[2004/08/04 06:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RAWWAN.SYS
[2006/05/05 04:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPCDD.SYS
[2004/08/04 00:01:16 | 00,196,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPDR.SYS
[2005/06/09 23:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 23:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\REDBOOK.SYS
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\RIO8DRV.SYS
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\RIODRV.SYS
[2008/05/08 07:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2004/08/04 06:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RNDISMP.SYS
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ROOTMDM.SYS
[2004/08/04 06:00:00 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SCSIPORT.SYS
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SDBUS.SYS
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SERENUM.SYS
[2004/08/04 06:00:00 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SERIAL.SYS
[2004/08/04 06:00:00 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFFDISK.SYS
[2004/08/04 06:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFFP_SD.SYS
[2004/08/04 06:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFLOPPY.SYS
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS
[2004/08/04 00:10:18 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SLIP.sys
[2004/08/04 06:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMCLIB.SYS
[2003/04/08 11:30:48 | 00,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smsens.sys
[2004/04/09 13:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys
[2004/08/04 06:00:00 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SONYDCAM.SYS
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\SPARROW.SYS
[2006/06/14 03:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2004/08/04 06:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SR.SYS
[2008/12/11 06:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys
[2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys
[2004/08/04 06:00:00 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\STREAM.SYS
[2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\StreamIP.sys
[2004/08/03 23:58:42 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SWENUM.SYS
[2001/08/17 15:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\SYMC810.SYS
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYMC8XX.SYS
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYM_HI.SYS
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYM_U3.SYS
[2004/08/04 00:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2004/08/04 06:00:00 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TAPE.SYS
[2008/06/20 05:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 04:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2004/08/04 06:00:00 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDI.SYS
[2004/08/04 06:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDPIPE.SYS
[2004/08/04 06:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDTCP.SYS
[2004/08/04 02:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TERMDD.SYS
[2004/08/04 06:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TOSDVD.SYS
[2001/08/17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TOSIDE.SYS
[2004/08/04 06:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\TSBVCAP.SYS
[2004/08/04 06:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TUNMP.SYS
[2004/08/04 06:00:00 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UDFS.SYS
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ULTRA.SYS
[2007/04/23 05:32:54 | 00,364,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2004/08/04 06:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USB8023.SYS
[2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2004/08/04 06:00:00 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBCAMD.SYS
[2004/08/04 06:00:00 | 00,023,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBCAMD2.SYS
[2004/08/03 23:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 06:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBD.SYS
[2004/08/04 06:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBEHCI.SYS
[2004/08/04 00:08:44 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2004/08/04 06:00:00 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBINTEL.SYS
[2004/08/04 00:08:44 | 00,142,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2004/08/03 23:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2004/08/03 22:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 23:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2004/08/04 00:08:38 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2004/08/04 00:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/04 06:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\VDMINDVD.SYS
[2004/08/04 06:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VGA.SYS
[2004/08/04 00:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAAGP.SYS
[2004/08/03 23:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAIDE.SYS
[2004/08/04 06:00:00 | 00,079,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIDEOPRT.SYS
[2004/08/04 06:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VOLSNAP.SYS
[2004/08/04 06:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WANARP.SYS
[2006/06/14 04:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 06:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WMILIB.SYS
[2004/09/15 13:28:06 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WS2IFSL.SYS
[2004/08/04 00:10:22 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


MBAM RESULTS+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.41
Database version: 3053
Windows 5.1.2600 Service Pack 2

10/29/2009 10:01:42 AM
mbam-log-2009-10-29 (10-01-42).txt

Scan type: Quick Scan
Objects scanned: 115512
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wiyewawab (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\54722424 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\dijuzihi.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\54722424\54722424.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cheryl\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:56 PM

Posted 30 October 2009 - 07:04 AM

Looks pretty good. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 October 2009 - 10:14 AM

I haven't noticed any more problem. So it's gone? Thank you, Sam. I appreciate that you took the time to help me.

#8 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 October 2009 - 10:40 AM

Looks like I spoke too soon. When I rebooted, it gave me
"Error loading C:\WINDOWS\ugezanijudulige.dll"
"The specified module could not be found."

#9 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 October 2009 - 01:27 PM

Avira has also just finished a scan and has detected "gerizoha.dll" a "TR/Crypt.ZPACK.Gen".
I can "Repair all."
I have not taken any action yet.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:56 PM

Posted 30 October 2009 - 04:54 PM

I think there's just a few remnants that need cleaned up. You can have Avira delete any malware that it finds. Chances are it's already quarantined by OTL.

Please run OTL and post a new log.
We'll clean anything that's left and resolve that error on startup.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 October 2009 - 12:05 PM

I am away for the weekend and will be back on Sunday night. At that time I will be able to follow you instructions and post. Thanks again for your help and patience.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:56 PM

Posted 01 November 2009 - 09:36 AM

Sounds good. I'll be around. :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 02 November 2009 - 10:51 AM

Ok,
I'm back! :(
I repaired all, and here is the new OTL log:

OTL logfile created on: 11/2/2009 9:46:57 AM - Run 5
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 140.27 Mb Available Physical Memory | 27.94% Memory free
1.20 Gb Paging File | 0.68 Gb Available in Paging File | 56.97% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.76 Gb Total Space | 126.10 Gb Free Space | 86.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/29 17:26:51 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 16:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2009/10/23 14:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/23 14:40:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/22 15:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2009/10/22 15:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
PRC - [2009/10/12 20:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/07/21 13:40:24 | 00,404,737 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 10:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/13 12:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/25 19:31:40 | 00,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/10/14 13:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/10/14 13:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/02/05 07:02:16 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/11/16 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/10/12 16:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 12:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/14 08:50:48 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
PRC - [2004/08/11 02:22:40 | 00,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 05:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/16 04:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/23 14:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/10/22 15:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/10/22 15:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Running])
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/11/13 12:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service [Auto | Running])
SRV - [2008/11/12 15:44:18 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/15 12:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/05 01:27:32 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2002/12/17 19:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2002/12/17 19:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/28 16:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
MOD - [2004/08/04 05:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll
MOD - [2004/08/04 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\serwvdrv.dll
MOD - [2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\umdmxfrm.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4FB9BDA5-413E-49D7-B288-9F93DD39069E}:1.9.1
FF - prefs.js..extensions.enabledItems: {A2123010-4D71-45A4-AB29-1EE4F5BFF508}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{4FB9BDA5-413E-49D7-B288-9F93DD39069E}: C:\Documents and Settings\Dan\Local Settings\Application Data\{4FB9BDA5-413E-49D7-B288-9F93DD39069E} [2009/10/16 20:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A2123010-4D71-45A4-AB29-1EE4F5BFF508}: C:\Documents and Settings\Cheryl\Local Settings\Application Data\{A2123010-4D71-45A4-AB29-1EE4F5BFF508} [2009/10/16 20:32:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/23 14:40:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 17:27:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 17:27:01 | 00,000,000 | ---D | M]

[2009/10/23 10:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2009/10/23 10:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/30 12:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions
[2009/10/23 14:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/30 12:35:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/29 17:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/23 14:40:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/29 17:26:48 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/29 17:26:48 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/23 14:40:06 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/10/29 17:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/29 17:26:56 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/10/29 17:26:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/29 17:26:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/10/29 17:26:56 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/10/29 17:26:56 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/10/29 17:26:56 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/10/29 17:26:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Rrerucokuh] C:\WINDOWS\ugezanijudulige.DLL File not found
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://www.ritzpix.com/net/Uploader/LPUploader41.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gerizoha.dll) - C:\WINDOWS\System32\gerizoha.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: kawalukaz - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/22 15:42:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 11:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/22 15:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/22 16:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/23 13:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/22 15:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 15:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/22 15:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2009/10/23 10:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2009/10/23 13:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
[2009/10/22 15:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2009/10/23 10:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla
[2009/10/22 16:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Threat Expert
[2009/10/22 16:12:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/23 13:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/23 14:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/10/23 11:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/23 11:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/23 13:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/23 10:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/23 13:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/23 14:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 15:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/10/23 14:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/10/29 08:55:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 08:55:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 08:55:23 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan\Desktop\mbam-setup.exe
[2009/10/29 08:24:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 16:49:15 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 14:36:34 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/26 17:28:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/24 22:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Maintenance
[2009/10/23 14:56:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/23 14:56:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/10/23 11:00:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/23 11:00:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/23 11:00:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/23 11:00:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/23 11:00:38 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/22 15:43:10 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 15:43:08 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/10/22 15:43:05 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/10/22 14:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 14 Days ==========

[2009/11/02 09:00:00 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/10/30 09:37:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/30 09:36:48 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/30 09:36:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/30 09:36:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/30 09:36:16 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/29 08:55:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/29 08:55:28 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan\Desktop\mbam-setup.exe
[2009/10/28 16:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 14:36:35 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/28 14:34:40 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 14:56:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 14:29:20 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zulugopa
[2009/10/23 10:58:21 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 10:14:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 15:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 15:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe

========== Files - No Company Name ==========
[2009/10/29 08:55:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 14:34:40 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 14:56:50 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 14:56:38 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/23 10:57:14 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 10:14:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 15:43:08 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/06 09:17:23 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Cheryl.ini
[2009/03/08 16:02:13 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 15:16:26 | 00,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2008/02/19 00:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/10/10 09:01:04 | 00,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/06 06:42:53 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/06 13:27:08 | 00,069,784 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/03/06 13:27:04 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2005/02/27 18:11:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/22 20:33:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan\Application Data\DESKTOP.INI
[2005/02/22 20:33:24 | 05,903,882 | -H-- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2005/02/05 07:04:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/05 06:58:23 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/05 06:49:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/05 06:16:58 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:04:08 | 00,000,709 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 12:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 12:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 01:27:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/04/09 15:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/29 09:01:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/25 14:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/22 15:42:07 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2008/01/19 08:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/03/22 10:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2005/02/05 06:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/02/19 11:13:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/01/19 08:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/26 18:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/04 14:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/10/22 15:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/27 14:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cheryl\Application Data
[2009/01/24 11:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Amazon
[2008/11/12 14:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Digital Album Organizer
[2005/03/07 12:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Leadertech
[2007/07/14 11:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Snapfish
[2009/04/02 08:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\W Photo Studio Viewer
[2009/10/26 18:21:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2009/01/24 10:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2005/09/29 19:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\CyberLink
[2005/03/25 14:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2009/10/22 15:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2007/11/19 17:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Walgreens
[2007/04/09 15:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/08/07 11:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2005/02/05 06:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/11/02 09:00:00 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/02/08 18:02:17 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/10/30 09:36:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 13:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS
[2004/08/04 05:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ACPI.SYS
[2004/08/04 05:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ACPIEC.SYS
[2001/08/17 14:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ADPU160M.SYS
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys
[2006/02/14 18:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 03:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 19:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/03 23:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS
[2001/08/17 13:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AHA154X.SYS
[2001/08/17 14:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AIC78U2.SYS
[2001/08/17 14:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AIC78XX.SYS
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ALIIDE.SYS
[2004/08/03 23:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ALIM1541.SYS
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS
[2004/08/04 05:00:00 | 00,036,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMDK6.SYS
[2004/08/04 05:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMDK7.SYS
[2001/08/17 13:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AMSINT.SYS
[2004/08/04 05:00:00 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ARP1394.SYS
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\ASC.SYS
[2001/08/17 13:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ASC3350P.SYS
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\ASC3550.SYS
[2005/02/05 07:02:20 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ASYNCMAC.SYS
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMARPC.SYS
[2004/08/04 05:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMEPVC.SYS
[2004/08/04 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMLANE.SYS
[2004/08/04 05:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ATMUNI.SYS
[2001/08/17 13:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AUDSTUB.SYS
[2009/02/13 11:17:49 | 00,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2009/07/28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2009/02/13 11:29:11 | 00,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BEEP.SYS
[2004/08/04 05:00:00 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BRIDGE.SYS
[2008/06/13 07:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2001/08/17 13:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CBIDF2K.SYS
[2004/08/03 23:10:18 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CCDECODE.sys
[2001/08/17 13:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CD20XRNT.SYS
[2004/08/04 05:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDAUDIO.SYS
[2004/08/04 05:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDFS.SYS
[2004/08/04 05:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CDROM.SYS
[2004/08/04 05:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\CINEMST2.SYS
[2004/08/04 05:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CLASSPNP.SYS
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\CMDIDE.SYS
[2001/08/17 13:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CPQARRAY.SYS
[2004/08/04 05:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\CPQDAP01.SYS
[2004/08/04 05:00:00 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CRUSOE.SYS
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\DAC2W2K.SYS
[2001/08/17 13:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DAC960NT.SYS
[2004/05/20 08:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys
[2004/05/20 08:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys
[2004/06/02 13:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys
[2004/05/20 08:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys
[2004/05/20 08:45:20 | 00,068,950 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys
[2004/08/04 05:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DISK.SYS
[2004/08/04 05:00:00 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DISKDUMP.SYS
[2004/08/04 05:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMBOOT.SYS
[2004/08/04 05:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMIO.SYS
[2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\DMLOAD.SYS
[2004/08/03 23:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys
[2001/08/17 14:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DPTI2O.SYS
[2004/08/03 23:08:00 | 00,060,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2004/08/03 23:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys
[2004/08/04 05:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXAPI.SYS
[2004/08/04 05:00:00 | 00,071,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXG.SYS
[2004/08/04 05:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DXGTHK.SYS
[2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2004/06/02 13:17:56 | 00,151,985 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys
[2004/08/04 05:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FASTFAT.SYS
[2004/08/04 05:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FDC.SYS
[2004/08/04 05:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FIPS.SYS
[2004/08/04 05:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FLPYDISK.SYS
[2006/08/21 03:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 05:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FSVGA.SYS
[2004/08/04 05:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FS_REC.SYS
[2001/08/17 13:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\FTDISK.SYS
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2004/08/04 05:00:00 | 00,036,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDCLASS.SYS
[2004/08/04 05:00:00 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDPARSE.SYS
[2001/08/17 14:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2001/08/17 14:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HPN.SYS
[2004/01/05 01:27:32 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys
[2004/01/05 01:27:34 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
[2004/01/05 01:27:34 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys
[2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
[2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys
[2006/03/16 18:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2004/08/03 23:00:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I2OMGMT.SYS
[2004/08/03 23:00:52 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I2OMP.SYS
[2004/08/04 05:00:00 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\I8042PRT.SYS
[2005/10/14 14:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2004/08/04 05:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IMAPI.SYS
[2001/08/17 13:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INI910U.SYS
[2004/08/03 22:59:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INTELIDE.SYS
[2004/08/04 05:00:00 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\INTELPPM.SYS
[2004/08/04 05:00:00 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IP6FW.SYS
[2004/08/04 05:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPFLTDRV.SYS
[2004/08/04 05:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPINIP.SYS
[2004/09/29 16:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2004/08/04 05:00:00 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IPSEC.SYS
[2004/02/11 14:27:38 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys
[2004/08/04 05:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IRENUM.SYS
[2001/08/17 13:58:02 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ISAPNP.SYS
[2004/08/03 22:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\KBDCLASS.SYS
[2006/06/14 02:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2004/08/04 05:00:00 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\KS.SYS
[2009/06/22 05:34:52 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2004/08/04 05:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MCD.SYS
[2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2004/08/04 05:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MF.SYS
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MNMDD.SYS
[2004/08/04 05:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEM.SYS
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys
[2004/08/03 22:58:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MOUCLASS.SYS
[2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2004/08/04 05:00:00 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MOUNTMGR.SYS
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\MRAID35X.SYS
[2007/12/18 03:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 05:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/04 05:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSFS.SYS
[2004/08/04 05:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSGPC.SYS
[2004/08/03 22:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys
[2004/08/03 22:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[2004/08/03 22:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys
[2004/08/03 23:07:48 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSSMBIOS.SYS
[2004/08/03 22:58:40 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys
[2004/08/04 05:00:00 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MUP.SYS
[2004/08/03 23:10:30 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NABTSFEC.sys
[2004/08/04 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDIS.SYS
[2004/08/03 23:10:14 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NdisIP.sys
[2004/08/04 05:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISTAPI.SYS
[2004/08/04 05:00:00 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISUIO.SYS
[2004/08/04 05:00:00 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDISWAN.SYS
[2004/08/04 05:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NDPROXY.SYS
[2004/08/04 05:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NETBIOS.SYS
[2004/08/04 05:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NETBT.SYS
[2004/08/04 05:00:00 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NIC1394.SYS
[2004/08/04 05:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\NIKEDRV.SYS
[2004/08/04 05:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NMNT.SYS
[2004/08/04 05:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NPFS.SYS
[2007/02/09 05:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 05:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NULL.SYS
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NV4_MINI.SYS
[2004/08/04 05:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKFLT.SYS
[2004/08/04 05:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKFWD.SYS
[2004/08/04 05:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKIPX.SYS
[2004/08/04 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKNB.SYS
[2004/08/04 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NWLNKSPX.SYS
[2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys
[2004/08/04 05:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OPRGHDLR.SYS
[2004/08/04 05:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\P3.SYS
[2004/08/04 05:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARPORT.SYS
[2004/08/04 05:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARTMGR.SYS
[2004/08/04 05:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PARVDM.SYS
[2004/08/03 23:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCI.SYS
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2004/08/03 22:59:42 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2004/08/04 05:00:00 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCMCIA.SYS
[2001/08/17 14:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PERC2.SYS
[2001/08/17 14:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PERC2HIB.SYS
[2004/08/03 23:15:50 | 00,145,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2004/08/04 05:00:00 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PROCESSR.SYS
[2004/08/04 05:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PSCHED.SYS
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PTILINK.SYS
[2004/08/02 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL1080.SYS
[2001/08/17 13:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\QL10WNT.SYS
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL12160.SYS
[2001/08/17 13:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\QL1240.SYS
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\QL1280.SYS
[2004/08/04 05:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASACD.SYS
[2004/08/04 05:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASL2TP.SYS
[2004/08/04 05:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPPPOE.SYS
[2004/08/04 05:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPPTP.SYS
[2004/08/04 05:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RASPTI.SYS
[2004/08/04 05:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RAWWAN.SYS
[2006/05/05 03:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPCDD.SYS
[2004/08/03 23:01:16 | 00,196,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPDR.SYS
[2005/06/09 22:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\REDBOOK.SYS
[2004/08/04 05:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\RIO8DRV.SYS
[2004/08/04 05:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\RIODRV.SYS
[2008/05/08 06:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2004/08/04 05:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RNDISMP.SYS
[2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ROOTMDM.SYS
[2004/08/04 05:00:00 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SCSIPORT.SYS
[2004/08/04 05:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SDBUS.SYS
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SERENUM.SYS
[2004/08/04 05:00:00 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SERIAL.SYS
[2004/08/04 05:00:00 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFFDISK.SYS
[2004/08/04 05:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFFP_SD.SYS
[2004/08/04 05:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SFLOPPY.SYS
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS
[2004/08/03 23:10:18 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SLIP.sys
[2004/08/04 05:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMCLIB.SYS
[2003/04/08 10:30:48 | 00,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smsens.sys
[2004/04/09 12:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys
[2004/08/04 05:00:00 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SONYDCAM.SYS
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\SPARROW.SYS
[2006/06/14 02:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2004/08/04 05:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SR.SYS
[2008/12/11 05:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys
[2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys
[2004/08/04 05:00:00 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\STREAM.SYS
[2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\StreamIP.sys
[2004/08/03 22:58:42 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SWENUM.SYS
[2001/08/17 14:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\SYMC810.SYS
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYMC8XX.SYS
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYM_HI.SYS
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\SYM_U3.SYS
[2004/08/03 23:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2004/08/04 05:00:00 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TAPE.SYS
[2008/06/20 04:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 03:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2004/08/04 05:00:00 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDI.SYS
[2004/08/04 05:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDPIPE.SYS
[2004/08/04 05:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TDTCP.SYS
[2004/08/04 01:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TERMDD.SYS
[2004/08/04 05:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TOSDVD.SYS
[2001/08/17 13:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TOSIDE.SYS
[2004/08/04 05:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\TSBVCAP.SYS
[2004/08/04 05:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TUNMP.SYS
[2004/08/04 05:00:00 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UDFS.SYS
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ULTRA.SYS
[2007/04/23 04:32:54 | 00,364,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2004/08/04 05:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USB8023.SYS
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2004/08/04 05:00:00 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBCAMD.SYS
[2004/08/04 05:00:00 | 00,023,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBCAMD2.SYS
[2004/08/03 22:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 05:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBD.SYS
[2004/08/04 05:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBEHCI.SYS
[2004/08/03 23:08:44 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2004/08/04 05:00:00 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBINTEL.SYS
[2004/08/03 23:08:44 | 00,142,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2004/08/03 22:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2004/08/03 21:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 22:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2004/08/03 23:08:38 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2004/08/03 23:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/04 05:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\VDMINDVD.SYS
[2004/08/04 05:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VGA.SYS
[2004/08/03 23:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAAGP.SYS
[2004/08/03 22:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAIDE.SYS
[2004/08/04 05:00:00 | 00,079,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIDEOPRT.SYS
[2004/08/04 05:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VOLSNAP.SYS
[2004/08/04 05:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WANARP.SYS
[2006/06/14 03:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 05:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WMILIB.SYS
[2004/09/15 12:28:06 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WS2IFSL.SYS
[2004/08/03 23:10:22 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:56 PM

Posted 02 November 2009 - 07:06 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [Rrerucokuh] C:\WINDOWS\ugezanijudulige.DLL File not found
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
    O20 - AppInit_DLLs: (c:\windows\system32\gerizoha.dll) - C:\WINDOWS\System32\gerizoha.dll File not found
    O21 - SSODL: kawalukaz - {dfd5fa50-bc93-43d0-bf5f-9402d4965411} - CLSID or File not found.
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

After rebooting, let me know if you still get errors on startup.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 MarkiusSchu

MarkiusSchu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 02 November 2009 - 08:51 PM

Results of the log fix:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Rrerucokuh deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\gerizoha.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kawalukaz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfd5fa50-bc93-43d0-bf5f-9402d4965411}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Cheryl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Dan
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temp\~DFF9F.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 777071 bytes
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3369078 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 59127830 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT02571.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 33688 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.41 mb


OTL by OldTimer - Version 3.0.22.1 log created on 11022009_184635

Files\Folders moved on Reboot...
C:\Documents and Settings\Dan\Local Settings\Temp\~DFF9F.tmp moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\z0894p1s.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4b4.dat not found!
File\Folder C:\WINDOWS\temp\ZLT02571.TMP not found!

Registry entries deleted on Reboot...


RESULTS OF OTL SCAN+++++++++++++++++++++++++++++++++++++++++++++++++++++++


OTL logfile created on: 11/2/2009 7:08:21 PM - Run 6
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 125.95 Mb Available Physical Memory | 25.08% Memory free
1.20 Gb Paging File | 0.73 Gb Available in Paging File | 60.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.76 Gb Total Space | 126.21 Gb Free Space | 86.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/29 17:26:51 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 16:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2009/10/23 14:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/23 14:40:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/22 15:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2009/10/12 20:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 10:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/13 12:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/25 19:31:40 | 00,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/10/14 13:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/10/14 13:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/02/05 07:02:16 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/11/16 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/10/12 16:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 12:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/14 08:50:48 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
PRC - [2004/08/11 02:22:40 | 00,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 05:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/16 04:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/23 14:40:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/10/22 15:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/10/22 15:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/11/13 12:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service [Auto | Running])
SRV - [2008/11/12 15:44:18 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/15 12:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/05 01:27:32 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2002/12/17 19:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2002/12/17 19:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/28 16:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
MOD - [2004/08/04 05:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll
MOD - [2004/08/04 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\serwvdrv.dll
MOD - [2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\umdmxfrm.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\S-1-5-21-2229718711-4139157738-2168484239-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4FB9BDA5-413E-49D7-B288-9F93DD39069E}:1.9.1
FF - prefs.js..extensions.enabledItems: {A2123010-4D71-45A4-AB29-1EE4F5BFF508}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{4FB9BDA5-413E-49D7-B288-9F93DD39069E}: C:\Documents and Settings\Dan\Local Settings\Application Data\{4FB9BDA5-413E-49D7-B288-9F93DD39069E} [2009/10/16 20:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A2123010-4D71-45A4-AB29-1EE4F5BFF508}: C:\Documents and Settings\Cheryl\Local Settings\Application Data\{A2123010-4D71-45A4-AB29-1EE4F5BFF508} [2009/10/16 20:32:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/23 14:40:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 17:27:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 17:27:01 | 00,000,000 | ---D | M]

[2009/10/23 10:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2009/10/23 10:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/30 12:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions
[2009/10/23 14:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\z0894p1s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/30 12:35:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/29 17:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/23 14:40:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/29 17:26:48 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/29 17:26:48 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/23 14:40:06 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/10/29 17:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/29 17:26:56 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/10/29 17:26:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/29 17:26:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/10/29 17:26:56 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/10/29 17:26:56 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/10/29 17:26:56 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/10/29 17:26:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-2229718711-4139157738-2168484239-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://www.ritzpix.com/net/Uploader/LPUploader41.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/22 15:42:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 11:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/22 15:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/22 16:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/23 13:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/22 15:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 15:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/22 15:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2009/10/23 10:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2009/10/23 13:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
[2009/10/22 15:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2009/10/23 10:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla
[2009/10/22 16:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Threat Expert
[2009/10/22 16:12:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/23 13:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/23 14:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/10/23 11:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/23 11:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/23 13:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/23 10:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/23 13:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/23 14:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 15:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/10/23 14:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/10/29 08:55:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 08:55:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 08:55:23 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan\Desktop\mbam-setup.exe
[2009/10/29 08:24:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 16:49:15 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 14:36:34 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/26 17:28:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/24 22:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Maintenance
[2009/10/23 14:56:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/23 14:56:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/10/23 11:00:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/23 11:00:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/23 11:00:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/23 11:00:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/23 11:00:38 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/22 15:43:10 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 15:43:08 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/10/22 15:43:05 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/10/22 14:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 14 Days ==========

[2009/11/02 19:00:00 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/11/02 18:58:53 | 00,471,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 18:58:53 | 00,402,426 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/02 18:58:53 | 00,061,930 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/02 18:57:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/02 18:54:36 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/02 18:54:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/02 18:54:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/02 18:53:58 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/29 08:55:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/29 08:55:28 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan\Desktop\mbam-setup.exe
[2009/10/28 16:49:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2009/10/28 14:36:35 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan\Desktop\RootRepeal.exe
[2009/10/28 14:34:40 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 14:56:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 14:29:20 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zulugopa
[2009/10/23 10:58:21 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 10:14:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 15:43:11 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/10/22 15:43:06 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe

========== Files - No Company Name ==========
[2009/10/29 08:55:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 14:34:40 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/10/23 14:56:50 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/23 14:56:38 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/23 10:57:14 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\avira_antivir_personal_en.exe
[2009/10/23 10:14:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/22 15:43:08 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/06 09:17:23 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Cheryl.ini
[2009/03/08 16:02:13 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 15:16:26 | 00,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2008/02/19 00:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/10/10 09:01:04 | 00,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/06 06:42:53 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/06 13:27:08 | 00,069,784 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/03/06 13:27:04 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2005/02/27 18:11:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/22 20:33:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan\Application Data\DESKTOP.INI
[2005/02/22 20:33:24 | 05,903,882 | -H-- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2005/02/05 07:04:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/05 06:58:23 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/05 06:49:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/05 06:16:58 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:04:08 | 00,000,709 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 12:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 12:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 01:27:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/04/09 15:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/29 09:01:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/25 14:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/22 15:42:07 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2008/01/19 08:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/03/22 10:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2005/02/05 06:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/02/19 11:13:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/01/19 08:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/26 18:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/04 14:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/10/22 15:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/27 14:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cheryl\Application Data
[2009/01/24 11:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Amazon
[2008/11/12 14:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Digital Album Organizer
[2005/03/07 12:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Leadertech
[2007/07/14 11:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Snapfish
[2009/04/02 08:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\W Photo Studio Viewer
[2009/10/26 18:21:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2009/01/24 10:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2005/09/29 19:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\CyberLink
[2005/03/25 14:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2009/10/22 15:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TuneUp Software
[2007/11/19 17:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Walgreens
[2007/04/09 15:45:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/08/07 11:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2005/02/05 06:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/11/02 19:00:00 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/02/08 18:02:17 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/11/02 18:54:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users