Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirecting Malware

Started by jcdertrommler , Jul 29 2011 10:47 AM

This topic is locked

#1
jcdertrommler

Posted 29 July 2011 - 10:47 AM

New Member

Member
4 posts

It was a couple days ago when i was searching for some glockenspiels my avria anti virus system(free), scanned and picked up the EXP/pidief.hdi explotive virus. after a complete system scan it found a couple of these with in the walls of my computer. They are currently in quarantine and were found in these files (C:\Users\Clay\AppData\Local\Temp\plugtmp-7\plugin-csbpjvjldueuewi.pdf C:\Users\Clay\AppData\Local\Mozilla\Firefox\Profiles\90jlvv6w.default\Cache\F\00\3B249d01. I then downloaded malwarebytes and it ran a system scan and found 6 malware and have been promptly removed and deleted. My computer was clean for a bout 20 hours when the regular scheduled avria scan found a TR/Hiloti.D.1289 Trojan ( in this file C:\Users\Clay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9IT54CM\docpjqhvew1[1]) and it was removed using avira and copied into quarantine where the early virus is being kept. Since then my searches on google are rediected at times to a yellowpages or random website. I cannot find this malware. some assitance would be much apprciated. here is the OLT scan as requested.

OTL logfile created on: 7/29/2011 12:25:08 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Clay\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 30.91% Memory free
4.19 Gb Paging File | 2.24 Gb Available in Paging File | 53.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 93.37 Gb Free Space | 68.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.68 Gb Free Space | 56.82% Space Free | Partition Type: NTFS

Computer Name: LAPTOP13 | User Name: Clay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/29 12:24:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Clay\Downloads\OTL.exe
PRC - [2011/07/26 17:48:32 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 20:38:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/12/07 17:14:12 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 14:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/29 01:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/20 20:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/17 01:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/04/17 00:55:00 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/04/16 18:10:26 | 000,040,960 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\MDirect.exe
PRC - [2007/03/15 14:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/10/03 13:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

========== Modules (SafeList) ==========

MOD - [2011/07/29 12:24:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Clay\Downloads\OTL.exe
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/02 20:38:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/12/07 17:14:12 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/02 20:38:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 20:38:12 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/07 14:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 01:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/29 01:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/28 07:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 07:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 07:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 04:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=3071207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Clay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 21:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}: C:\Users\Clay\AppData\Local\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD} [2011/07/26 00:04:11 | 000,000,000 | ---D | M]

[2011/05/09 19:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clay\AppData\Roaming\Mozilla\Extensions
[2011/06/19 19:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clay\AppData\Roaming\Mozilla\Firefox\Profiles\90jlvv6w.default\extensions
[2011/06/06 19:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/06 20:03:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/07/26 00:04:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CLAY\APPDATA\LOCAL\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}
[2011/07/02 21:54:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [%PROVIDERID%] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Clay\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Clay\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Spotify
[2011/07/28 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\Spotify
[2011/07/28 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2011/07/26 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\Clay\Documents\MAGIX Downloads
[2011/07/26 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\MAGIX
[2011/07/26 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011/07/26 23:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/07/26 23:17:02 | 000,000,000 | ---D | C] -- C:\Users\Clay\Documents\VirtualDJ
[2011/07/26 17:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/26 13:59:19 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Malwarebytes
[2011/07/26 13:59:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/26 13:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 13:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/26 13:58:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/26 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/26 00:04:11 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}
[2011/07/23 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 16:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 16:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/23 15:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/18 09:48:03 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Unity
[2011/07/18 09:35:46 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\Unity
[2011/07/06 20:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/04 23:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/04 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/04 13:54:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/07/02 20:10:01 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\Deployment
[2011/07/02 20:10:01 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\Apps
[2011/07/02 19:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2006/09/14 13:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/07/29 11:50:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/29 11:50:33 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 11:50:32 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/26 23:17:22 | 000,000,845 | ---- | M] () -- C:\Users\Clay\Desktop\VirtualDJ.lnk
[2011/07/26 22:57:02 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/26 22:57:02 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/26 18:45:44 | 000,319,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/26 18:45:05 | 2137,194,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/26 18:00:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/26 13:35:05 | 000,000,120 | ---- | M] () -- C:\Users\Clay\AppData\Local\Isesilila.dat
[2011/07/26 00:04:12 | 000,000,000 | ---- | M] () -- C:\Users\Clay\AppData\Local\Mcojigo.bin
[2011/07/24 01:00:23 | 271,208,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/23 16:02:07 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/06 20:03:37 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/06 11:55:05 | 000,000,680 | ---- | M] () -- C:\Users\Clay\AppData\Local\d3d9caps.dat
[2011/07/04 19:03:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/07/02 20:38:12 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/02 20:38:12 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/07/28 13:45:52 | 000,000,820 | ---- | C] () -- C:\Users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/07/26 23:17:22 | 000,000,845 | ---- | C] () -- C:\Users\Clay\Desktop\VirtualDJ.lnk
[2011/07/26 13:33:56 | 2137,194,496 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/26 00:04:12 | 000,000,120 | ---- | C] () -- C:\Users\Clay\AppData\Local\Isesilila.dat
[2011/07/26 00:04:12 | 000,000,000 | ---- | C] () -- C:\Users\Clay\AppData\Local\Mcojigo.bin
[2011/07/23 16:02:07 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/06 20:03:37 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/04 19:03:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/06/27 16:58:41 | 000,118,898 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011/06/27 16:58:41 | 000,000,449 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011/06/06 19:22:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/16 20:46:10 | 000,000,680 | ---- | C] () -- C:\Users\Clay\AppData\Local\d3d9caps.dat
[2011/05/09 21:49:44 | 000,006,144 | ---- | C] () -- C:\Users\Clay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/07 17:36:03 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/07 17:36:03 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/07 17:36:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/12/07 17:35:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/07 17:35:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/07 14:08:42 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/07 12:05:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/03 08:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,319,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,618,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,024 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/26 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\MAGIX
[2011/07/28 14:12:29 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\Spotify
[2011/06/06 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\tmp
[2011/07/18 09:48:03 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\Unity
[2011/07/26 18:00:34 | 000,009,200 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by Render, 03 August 2011 - 03:24 PM.

#2
Render

Posted 03 August 2011 - 03:23 PM

Trusted Helper

Malware Removal
4,195 posts

Hi, jcdertrommler! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select No.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

We need to run an OTL Fix

Please right click on on your desktop and click on Run as administrator.

Under the Custom Scans/Fixes box copy and paste this in:

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}: C:\Users\Clay\AppData\Local\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD} [2011/07/26 00:04:11 | 000,000,000 | ---D | M]
[2011/07/26 00:04:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CLAY\APPDATA\LOCAL\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}
O4 - HKLM..\Run: [%PROVIDERID%] File not found
[2011/07/26 13:35:05 | 000,000,120 | ---- | M] () -- C:\Users\Clay\AppData\Local\Isesilila.dat
[2011/07/26 00:04:12 | 000,000,000 | ---- | M] () -- C:\Users\Clay\AppData\Local\Mcojigo.bin

:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Please delete your copy of OTL.exe located in C:\Users\Clay\Downloads\ folder.

Posted Image

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

aswMBR log
OTL fix log
OTL scan log
Extras log

#3
jcdertrommler

Posted 06 August 2011 - 12:29 PM

New Member

Topic Starter
Member
4 posts

Here are the post. the first time i ran the aswMBR my computer shut down but was back up.
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 13:29:05
-----------------------------
13:29:05.881 OS Version: Windows 6.0.6000
13:29:05.881 Number of processors: 2 586 0xF0D
13:29:05.882 ComputerName: LAPTOP13 UserName: Clay
13:29:08.657 Initialize success
13:29:13.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:29:13.973 Disk 0 Vendor: ST916082 3.CD Size: 152627MB BusType: 3
13:29:14.004 Disk 0 MBR read successfully
13:29:14.020 Disk 0 MBR scan
13:29:14.020 Disk 0 Windows VISTA default MBR code
13:29:14.051 Disk 0 scanning sectors +312578048
13:29:14.119 Disk 0 scanning C:\Windows\system32\drivers
13:29:39.786 Service scanning
13:29:58.460 Modules scanning
13:30:33.223 Disk 0 trace - called modules:
13:30:33.238
13:30:33.238 Scan finished successfully
13:36:34.606 Disk 0 MBR has been saved successfully to "C:\Users\Clay\Desktop\MBR.dat"
13:36:34.606 The log file has been saved successfully to "C:\Users\Clay\Desktop\Virus Scan 3.txt"

OLT Fix
All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}: C:\Users\Clay\AppData\Local\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD} not found.
C:\USERS\CLAY\APPDATA\LOCAL\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}\chrome\content folder moved successfully.
C:\USERS\CLAY\APPDATA\LOCAL\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}\chrome folder moved successfully.
C:\USERS\CLAY\APPDATA\LOCAL\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\%PROVIDERID% deleted successfully.
C:\Users\Clay\AppData\Local\Isesilila.dat moved successfully.
C:\Users\Clay\AppData\Local\Mcojigo.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Clay\Desktop\cmd.bat deleted successfully.
C:\Users\Clay\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Clay
->Temp folder emptied: 162836495 bytes
->Temporary Internet Files folder emptied: 18075606 bytes
->FireFox cache emptied: 2415512 bytes
->Flash cache emptied: 98864 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35241402 bytes
RecycleBin emptied: 2291386 bytes

Total Files Cleaned = 211.00 mb

[EMPTYFLASH]

User: All Users

User: Clay
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08062011_134037

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OLT Scan and Extra
OTL logfile created on: 8/6/2011 2:13:05 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Clay\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.15% Memory free
4.19 Gb Paging File | 2.86 Gb Available in Paging File | 68.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 94.65 Gb Free Space | 69.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.68 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
Drive E: | 7.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAPTOP13 | User Name: Clay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 14:09:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Clay\Downloads\OTL.exe
PRC - [2011/07/26 17:48:32 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 20:38:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/12/07 17:14:12 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 14:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/29 01:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/20 20:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/17 01:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/04/17 00:55:00 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 14:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (SafeList) ==========

MOD - [2011/08/06 14:09:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Clay\Downloads\OTL.exe
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/02 20:38:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/12/07 17:14:12 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/07/02 20:38:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 20:38:12 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/07 14:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 01:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/29 01:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/28 07:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 07:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 07:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 04:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=3071207
IE - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Clay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 21:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}: C:\Users\Clay\AppData\Local\{FE9FCDEC-1B6F-4FC5-A032-73B6425B69AD}

[2011/05/09 19:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clay\AppData\Roaming\Mozilla\Extensions
[2011/06/19 19:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clay\AppData\Roaming\Mozilla\Firefox\Profiles\90jlvv6w.default\extensions
[2011/06/06 19:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/06 20:03:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/07/02 21:54:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/06 13:40:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1612204117-3966250314-2622601390-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Clay\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Clay\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 13:40:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/28 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Spotify
[2011/07/28 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\Spotify
[2011/07/28 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2011/07/26 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\Clay\Documents\MAGIX Downloads
[2011/07/26 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\MAGIX
[2011/07/26 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011/07/26 23:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/07/26 23:17:02 | 000,000,000 | ---D | C] -- C:\Users\Clay\Documents\VirtualDJ
[2011/07/26 18:00:08 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/07/26 18:00:08 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/07/26 18:00:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/07/26 18:00:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/07/26 18:00:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/07/26 17:59:34 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2011/07/26 17:59:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2011/07/26 17:59:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/07/26 17:57:34 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/07/26 17:57:33 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/07/26 17:57:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/07/26 17:57:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/07/26 17:57:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/07/26 17:57:32 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/07/26 17:56:27 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/07/26 17:54:06 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/07/26 17:54:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/07/26 17:53:12 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/07/26 17:52:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2011/07/26 17:48:49 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/07/26 17:48:32 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/07/26 17:48:13 | 000,216,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/07/26 17:48:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/07/26 17:48:12 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/07/26 17:48:12 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/07/26 17:48:01 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011/07/26 17:47:47 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/07/26 17:47:47 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/07/26 17:47:32 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/26 17:47:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2011/07/26 17:47:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2011/07/26 17:47:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2011/07/26 17:46:38 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/07/26 17:46:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2011/07/26 17:46:24 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/26 17:45:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/07/26 17:45:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2011/07/26 17:45:37 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/07/26 17:45:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/07/26 17:45:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/07/26 17:45:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/07/26 17:45:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/07/26 17:45:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/07/26 17:44:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/07/26 17:44:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/07/26 17:44:06 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2011/07/26 17:43:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/07/26 17:43:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/07/26 17:41:27 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/07/26 17:41:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/07/26 17:41:18 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/07/26 17:41:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/07/26 17:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/26 17:40:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2011/07/26 17:40:25 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/07/26 17:40:25 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/07/26 17:40:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/07/26 17:40:24 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/07/26 17:40:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/07/26 17:39:46 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/07/26 17:39:30 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/07/26 13:59:19 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Malwarebytes
[2011/07/26 13:59:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/26 13:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 13:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/26 13:58:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/26 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/23 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 16:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 16:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/23 15:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/18 09:48:03 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Roaming\Unity
[2011/07/18 09:35:46 | 000,000,000 | ---D | C] -- C:\Users\Clay\AppData\Local\Unity
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/07/10 19:22:02 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/07/10 19:22:02 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/07/10 19:21:29 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/07/10 19:21:29 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/07/10 19:21:29 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/07/10 19:21:07 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/07/10 19:21:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2006/09/14 13:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/08/06 14:03:29 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 14:03:28 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 13:57:45 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 13:57:44 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 13:57:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 13:57:30 | 2137,194,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 13:45:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/06 13:40:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/06 13:36:34 | 000,000,512 | ---- | M] () -- C:\Users\Clay\Desktop\MBR.dat
[2011/08/06 13:27:05 | 255,815,370 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/31 22:38:31 | 000,321,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/26 23:17:22 | 000,000,845 | ---- | M] () -- C:\Users\Clay\Desktop\VirtualDJ.lnk
[2011/07/26 18:00:08 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/07/26 18:00:08 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/07/26 18:00:08 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/07/26 18:00:08 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/07/26 18:00:08 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/07/26 17:59:34 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2011/07/26 17:59:34 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2011/07/26 17:59:34 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/07/26 17:57:34 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/07/26 17:57:33 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/07/26 17:57:33 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/07/26 17:57:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/07/26 17:57:33 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/07/26 17:57:32 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/07/26 17:56:27 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/07/26 17:54:06 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/07/26 17:54:06 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/07/26 17:53:12 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/07/26 17:52:46 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2011/07/26 17:48:49 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/07/26 17:48:32 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/07/26 17:48:13 | 000,216,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/07/26 17:48:13 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/07/26 17:48:13 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/07/26 17:48:12 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/07/26 17:48:01 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011/07/26 17:47:47 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/07/26 17:47:47 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/07/26 17:47:32 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/26 17:47:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2011/07/26 17:47:02 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2011/07/26 17:47:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2011/07/26 17:46:38 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/07/26 17:46:38 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2011/07/26 17:46:24 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/26 17:45:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/07/26 17:45:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2011/07/26 17:45:38 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/07/26 17:45:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/07/26 17:45:33 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/07/26 17:45:27 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/07/26 17:45:27 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/07/26 17:44:48 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/07/26 17:44:23 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/07/26 17:44:06 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2011/07/26 17:43:20 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/07/26 17:43:20 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/07/26 17:41:27 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/07/26 17:41:27 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/07/26 17:41:18 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/07/26 17:41:10 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/07/26 17:40:42 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2011/07/26 17:40:25 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/07/26 17:40:25 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/07/26 17:40:24 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/07/26 17:40:24 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/07/26 17:39:30 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/07/23 16:02:07 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/07/10 19:22:02 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/07/10 19:22:02 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/07/10 19:21:29 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/07/10 19:21:29 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/07/10 19:21:29 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/07/10 19:21:07 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/07/10 19:21:07 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files Created - No Company Name ==========

[2011/08/06 13:36:34 | 000,000,512 | ---- | C] () -- C:\Users\Clay\Desktop\MBR.dat
[2011/07/28 13:45:52 | 000,000,820 | ---- | C] () -- C:\Users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/07/26 23:17:22 | 000,000,845 | ---- | C] () -- C:\Users\Clay\Desktop\VirtualDJ.lnk
[2011/07/26 13:33:56 | 2137,194,496 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/23 16:02:07 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/27 16:58:41 | 000,118,898 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011/06/27 16:58:41 | 000,000,449 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011/06/06 19:22:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/16 20:46:10 | 000,000,680 | ---- | C] () -- C:\Users\Clay\AppData\Local\d3d9caps.dat
[2011/05/09 21:49:44 | 000,006,144 | ---- | C] () -- C:\Users\Clay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/07 17:36:03 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/07 17:36:03 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/07 17:36:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/12/07 17:35:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/07 17:35:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/07 14:08:42 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/07 12:05:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/03 08:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,321,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,618,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,024 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/26 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\MAGIX
[2011/07/28 14:12:29 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\Spotify
[2011/06/06 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\tmp
[2011/07/18 09:48:03 | 000,000,000 | ---D | M] -- C:\Users\Clay\AppData\Roaming\Unity
[2011/08/06 13:45:56 | 000,010,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/07/26 17:48:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2011/07/26 17:48:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/07/26 17:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/07/26 17:48:29 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/07/26 17:48:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\drivers\volsnap.sys
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/02 21:54:53 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/02 21:54:53 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/02 21:54:53 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2007/12/07 17:11:17 | 000,063,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2007/12/07 17:11:17 | 000,063,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2007/12/07 17:11:17 | 000,063,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2007/12/07 17:11:16 | 000,625,152 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/02 21:54:53 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/02 21:54:53 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/02 21:54:53 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/02 21:54:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2007/12/07 17:11:17 | 000,063,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2007/12/07 17:11:17 | 000,063,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2007/12/07 17:11:17 | 000,063,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2007/12/07 17:11:16 | 000,625,152 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 8/6/2011 2:13:05 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Clay\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.15% Memory free
4.19 Gb Paging File | 2.86 Gb Available in Paging File | 68.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 94.65 Gb Free Space | 69.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.68 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
Drive E: | 7.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAPTOP13 | User Name: Clay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1612204117-3966250314-2622601390-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025B12CD-A98F-45BF-B718-F6E8C801DAD9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0BB107C6-F7DA-4DFC-B664-C0A645960593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{116E4184-063B-4848-87AB-4980F3C23C1E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{13DB139A-7F54-4272-8639-5B4C8048C3AE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{155B407B-D969-47D6-A2FE-9A6193D413BB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2865B669-55BE-42A1-8591-5DFD6DE1F25B}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{376380DC-4971-48D8-8D62-16419F2F2E7C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{388766EF-D194-4DAC-8C4C-F8E99024E573}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3B8ED7E1-6592-4EE2-BECB-132235CFC5C2}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{4B2B9DE7-20EC-4D7A-9714-47677664705A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5007EF74-3512-4B50-99E1-D8CDD30197F2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{68C81C57-3B32-4550-8ECF-80CEAE474C2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{885C21A8-643F-4AB8-9739-F9270243696F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{941BAA52-4448-4530-9152-DF4E1868CF6B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC1DCCBF-430E-4105-95DF-36ED3FD44570}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC14C162-BAE6-4C3E-8AAE-FA66179D1AE0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFFB8B9A-8C28-4EFA-BBBC-3E5A558ED869}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4745FEE-27AC-48A4-8DBD-17FC41C64DCE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F2931640-2789-4A01-8687-89920747CFE4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F2B91258-FF04-4463-9AB5-950F1A9F1A9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{73F80A29-67F6-4F11-BF99-AC977DC9D362}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{B358162B-DD9B-4FCF-8188-9E1779685189}C:\program files\steam\steamapps\cyclist13\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\cyclist13\team fortress 2\hl2.exe |
"UDP Query User{2CBD991A-53BB-482C-A701-54AD74E26D30}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{7AE7B2E6-E445-4F14-B95F-D9D3964ED441}C:\program files\steam\steamapps\cyclist13\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\cyclist13\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"ProInst" = Intel® PROSet/Wireless Software
"Spotify" = Spotify
"SynTPDeinstKey" = Dell Touchpad
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1612204117-3966250314-2622601390-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2011 3:22:05 PM | Computer Name = laptop13 | Source = ESENT | ID = 482
Description = Catalog Database (1636) Catalog Database: An attempt to write to the
file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 7008256 (0x00000000006af000) for 4096 (0x00001000) bytes failed after
2 seconds with system error 8 (0x00000008): "Not enough storage is available to
process this command. ". The write operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/26/2011 3:25:29 PM | Computer Name = laptop13 | Source = ESENT | ID = 482
Description = Catalog Database (1636) Catalog Database: An attempt to write to the
file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 4923392 (0x00000000004b2000) for 4096 (0x00001000) bytes failed after
0 seconds with system error 8 (0x00000008): "Not enough storage is available to
process this command. ". The write operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/26/2011 3:25:29 PM | Computer Name = laptop13 | Source = ESENT | ID = 482
Description = Catalog Database (1636) Catalog Database: An attempt to write to the
file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 2756608 (0x00000000002a1000) for 4096 (0x00001000) bytes failed after
0 seconds with system error 8 (0x00000008): "Not enough storage is available to
process this command. ". The write operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/26/2011 3:25:29 PM | Computer Name = laptop13 | Source = ESENT | ID = 482
Description = Catalog Database (1636) Catalog Database: An attempt to write to the
file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 233472 (0x0000000000039000) for 4096 (0x00001000) bytes failed after
0 seconds with system error 8 (0x00000008): "Not enough storage is available to
process this command. ". The write operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/26/2011 3:25:29 PM | Computer Name = laptop13 | Source = ESENT | ID = 482
Description = Catalog Database (1636) Catalog Database: An attempt to write to the
file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 7340032 (0x0000000000700000) for 4096 (0x00001000) bytes failed after
0 seconds with system error 8 (0x00000008): "Not enough storage is available to
process this command. ". The write operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/26/2011 3:25:29 PM | Computer Name = laptop13 | Source = ESENT | ID = 482
Description = Catalog Database (1636) Catalog Database: An attempt to write to the
file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 7188480 (0x00000000006db000) for 4096 (0x00001000) bytes failed after
0 seconds with system error 8 (0x00000008): "Not enough storage is available to
process this command. ". The write operation will fail with error -1011 (0xfffffc0d).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/26/2011 3:27:12 PM | Computer Name = laptop13 | Source = VSS | ID = 12289
Description =

Error - 7/26/2011 3:47:20 PM | Computer Name = laptop13 | Source = VSS | ID = 12289
Description =

Error - 7/28/2011 6:51:10 PM | Computer Name = laptop13 | Source = Application Error | ID = 1000
Description = Faulting application taskeng.exe, version 6.0.6000.16386, time stamp
0x4549af28, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xc975c567, process id 0x448, application start time
0x01cc4be61f465e7a.

Error - 8/6/2011 1:30:40 PM | Computer Name = laptop13 | Source = Application Error | ID = 1000
Description = Faulting application Skype.exe, version 5.3.0.120, time stamp 0x4df89ed9,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00022a7f, process id 0xcf8, application start time
0x01cc545e4323a4a4.

[ System Events ]
Error - 7/31/2011 11:16:51 PM | Computer Name = laptop13 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:15:04 PM on 7/31/2011 was unexpected.

Error - 8/1/2011 6:54:00 AM | Computer Name = laptop13 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 8/3/2011 8:36:09 PM | Computer Name = laptop13 | Source = Service Control Manager | ID = 7009
Description =

Error - 8/3/2011 8:36:09 PM | Computer Name = laptop13 | Source = Service Control Manager | ID = 7000
Description =

Error - 8/3/2011 8:36:09 PM | Computer Name = laptop13 | Source = DCOM | ID = 10005
Description =

Error - 8/6/2011 1:13:57 PM | Computer Name = laptop13 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:12:06 PM on 8/6/2011 was unexpected.

Error - 8/6/2011 1:19:39 PM | Computer Name = laptop13 | Source = Service Control Manager | ID = 7022
Description =

Error - 8/6/2011 1:27:17 PM | Computer Name = laptop13 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:25:48 PM on 8/6/2011 was unexpected.

Error - 8/6/2011 1:31:54 PM | Computer Name = laptop13 | Source = Service Control Manager | ID = 7022
Description =

Error - 8/6/2011 1:34:45 PM | Computer Name = laptop13 | Source = Service Control Manager | ID = 7022
Description =

< End of report >

#4
Render

Posted 06 August 2011 - 02:18 PM

Trusted Helper

Malware Removal
4,195 posts

Thank you. Please proceed with following steps:

Step 1

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2

Rootkit Unhooker:

Please download Rootkit Unhooker and save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

When completed the above, please post back the following in the order asked for:

MBRCheck log
Rootkit Unhooker log

#5
jcdertrommler

Posted 06 August 2011 - 09:37 PM

New Member

Topic Starter
Member
4 posts

all the redirecting seems to be fixed thanks a ton. here are the logs anywho though
MBR
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 162):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804AE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8046B000 \SystemRoot\system32\drivers\acpi.sys
0x80203000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80463000 \SystemRoot\system32\drivers\msisadrv.sys
0x8043E000 \SystemRoot\system32\drivers\pci.sys
0x8042F000 \SystemRoot\system32\drivers\volmgr.sys
0x80200000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80425000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80400000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807F9000 \SystemRoot\system32\drivers\pciide.sys
0x807AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8070F000 \SystemRoot\system32\drivers\iastorv.sys
0x80651000 \SystemRoot\system32\drivers\iastor.sys
0x80649000 \SystemRoot\system32\drivers\atapi.sys
0x8062B000 \SystemRoot\system32\drivers\ataport.SYS
0x829CF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8061B000 \SystemRoot\system32\drivers\fileinfo.sys
0x80612000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x828CB000 \SystemRoot\system32\drivers\ndis.sys
0x828A0000 \SystemRoot\system32\drivers\msrpc.sys
0x82867000 \SystemRoot\system32\drivers\NETIO.SYS
0x82AF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82A8E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82831000 \SystemRoot\system32\drivers\volsnap.sys
0x8060A000 \SystemRoot\System32\Drivers\spldr.sys
0x82822000 \SystemRoot\System32\drivers\partmgr.sys
0x82813000 \SystemRoot\System32\Drivers\mup.sys
0x82A69000 \SystemRoot\System32\drivers\ecache.sys
0x82802000 \SystemRoot\system32\drivers\disk.sys
0x82A48000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80601000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AE57000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AF3B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AE49000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE1A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B0C3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AE3C000 \SystemRoot\System32\drivers\watchdog.sys
0x8AE31000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B086000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AE23000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C5D7000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8B057000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x83980000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AE03000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B03F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B031000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B01D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C586000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8B00A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C55B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8383B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BE0F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BE04000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C543000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x83D5A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x83C56000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AF83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C518000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C4D8000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C4CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C4B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C4AB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BADD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x83494000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BACA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BB10000 \SystemRoot\system32\DRIVERS\termdd.sys
0x83829000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BA88000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B160000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BAB2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BA54000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x839E0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DC5B000 \SystemRoot\system32\drivers\stwrt.sys
0x8DC2E000 \SystemRoot\system32\drivers\portcls.sys
0x8DC09000 \SystemRoot\system32\drivers\drmk.sys
0x8DFC1000 \SystemRoot\system32\drivers\HdAudio.sys
0x834A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x83DC2000 \SystemRoot\System32\Drivers\Null.SYS
0x83DC9000 \SystemRoot\System32\Drivers\Beep.SYS
0x83876000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DA02000 \SystemRoot\System32\drivers\vga.sys
0x8DFA0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x83CB2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x83CBA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DD50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DF72000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AF29000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DEA1000 \SystemRoot\System32\drivers\tcpip.sys
0x8DE88000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8DE73000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DE5F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DE18000 \SystemRoot\system32\drivers\afd.sys
0x8E3CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DE02000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E3C0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E3AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x83D00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E372000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B16A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E31B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E2F4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8B17E000 \SystemRoot\System32\Drivers\tcusb.sys
0x8AEED000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8AEB3000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x8DCB0000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x8AF14000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8AE79000 \SystemRoot\System32\Drivers\bthport.sys
0x8AE68000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8B188000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8F516000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8F4DB000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8F475000 \SystemRoot\system32\drivers\btwavdt.sys
0x91D85000 \SystemRoot\system32\drivers\btwaudio.sys
0x83DF7000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x83920000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AFA7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8AF32000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F530000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91CC7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x83CDA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F40D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x95000000 \SystemRoot\System32\win32k.sys
0x8B192000 \SystemRoot\System32\drivers\Dxapi.sys
0x95E00000 \SystemRoot\System32\TSDDD.dll
0x95E10000 \SystemRoot\System32\cdd.dll
0xA7C34000 \SystemRoot\system32\drivers\luafv.sys
0xA7C1D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA7C03000 \SystemRoot\system32\drivers\WudfPf.sys
0xA9EE2000 \SystemRoot\system32\drivers\spsys.sys
0x839F0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA1B5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8B1C4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA1A2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA04C000 \SystemRoot\system32\drivers\HTTP.sys
0xAAFE5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAF93000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAE7F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAAE5F000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAE41000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAE08000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAF81000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAAF5D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAAECC000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA1E0000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xABADE000 \SystemRoot\system32\drivers\peauth.sys
0x8B1E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8DDD4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8BB4C000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA9FD3000 \SystemRoot\System32\Drivers\BlackBox.SYS
0x77800000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
572 csrss.exe
616 C:\Windows\System32\wininit.exe
624 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\SLsvc.exe
1340 C:\Windows\System32\svchost.exe
1464 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
1644 C:\Windows\System32\svchost.exe
1804 C:\Windows\System32\wlanext.exe
1888 C:\Windows\System32\spoolsv.exe
1988 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2044 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\AEstSrv.exe
1672 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
836 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1948 C:\Program Files\Bonjour\mDNSResponder.exe
1996 C:\Windows\System32\svchost.exe
2024 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
352 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2136 C:\Windows\System32\svchost.exe
2208 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2260 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2304 C:\Windows\System32\stacsv.exe
2512 C:\Windows\System32\svchost.exe
2556 C:\Windows\System32\svchost.exe
2584 C:\Windows\System32\SearchIndexer.exe
2844 C:\Windows\System32\taskeng.exe
3616 C:\Windows\System32\dwm.exe
3664 C:\Windows\System32\taskeng.exe
3740 C:\Windows\explorer.exe
1548 C:\Program Files\Windows Defender\MSASCui.exe
2500 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2892 C:\Windows\OEM02Mon.exe
1580 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
2732 C:\Windows\System32\igfxsrvc.exe
3348 C:\Windows\System32\hkcmd.exe
1536 C:\Windows\System32\igfxpers.exe
2984 C:\Windows\WindowsMobile\wmdc.exe
2384 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
2604 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
368 C:\Program Files\Dell\MediaDirect\PCMService.exe
3044 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2008 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3600 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
992 C:\Program Files\Zune\ZuneLauncher.exe
3400 C:\Windows\System32\svchost.exe
1760 C:\Program Files\iTunes\iTunesHelper.exe
3588 C:\Program Files\DellSupport\DSAgnt.exe
3980 C:\Windows\ehome\ehtray.exe
548 C:\Windows\ehome\ehmsas.exe
1316 C:\Program Files\Skype\Phone\Skype.exe
2228 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3192 C:\Program Files\Dell\QuickSet\quickset.exe
712 WmiPrvSE.exe
2576 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4296 C:\Program Files\iPod\bin\iPodService.exe
4668 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\wuauclt.exe
4212 C:\Program Files\Mozilla Firefox\firefox.exe
464 C:\Program Files\Mozilla Firefox\plugin-container.exe
5196 RKUnhookerLE.EXE
4780 dllhost.exe
1768 dllhost.exe
5668 C:\Users\Clay\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Unhook
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x8BE1A000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x8C5D7000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2265088 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x95000000 Win32k 2097152 bytes
0x95000000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x82AF8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x828CB000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xABADE000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DEA1000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x91CC7000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
0x80651000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8070F000 C:\Windows\system32\drivers\iastorv.sys 655360 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x8B0C3000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xA9EE2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x91D85000 C:\Windows\system32\drivers\btwaudio.sys 503808 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x804AE000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x82A8E000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAA04C000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F475000 C:\Windows\system32\drivers\btwavdt.sys 417792 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8DC5B000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8C586000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAAECC000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x807AF000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DE18000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8046B000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8C4D8000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8DFC1000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8B086000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E372000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8F4DB000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0x8AE79000 C:\Windows\System32\Drivers\bthport.sys 237568 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8AEB3000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xAAE08000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x82867000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x82831000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BA54000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8E3CE000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x829CF000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8B057000 C:\Windows\system32\DRIVERS\b57nd60x.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x8DC2E000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C518000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x828A0000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xAA1B5000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8C55B000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8BA88000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8F40D000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8E2F4000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8DC09000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82A69000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8043E000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAAF5D000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8BADD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x82A48000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8DFA0000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAAE5F000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8062B000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAAE41000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA7C34000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAAFE5000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x8F516000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0xA7C03000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xAAF93000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DE88000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C543000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8B03F000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA7C1D000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x8E31B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8C4B6000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8AEED000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8DE02000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8DE73000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xAAE7F000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B01D000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8DE5F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B00A000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8BACA000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAA1A2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E3AD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8AE11000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xAAF81000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x82802000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8AE68000 C:\Windows\system32\DRIVERS\rfcomm.sys 69632 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x8061B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x83920000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x839F0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80415000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x839E0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x83980000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8BB4C000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82813000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82822000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x83494000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8BB10000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8042F000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8AE03000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8AE49000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8E3C0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8DF72000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80400000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B031000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x8AE23000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8020C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F530000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8BAB2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8AE3C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8AF14000 C:\Windows\System32\Drivers\BTHUSB.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8DA02000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BE04000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BE0F000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8DD50000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C4AB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DDD4000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C4CD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AE57000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AE31000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80425000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8B188000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8B192000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B160000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B1C4000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B16A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8B1E2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B17E000 C:\Windows\System32\Drivers\tcusb.sys 40960 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xA9FD3000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x80601000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x834A3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8AFA7000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8AF32000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x80612000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8AF29000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AF3B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AF83000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80203000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80649000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x83CDA000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80463000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x83CB2000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x83CBA000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8060A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x83DC9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x83876000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040E000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x83DC2000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807F9000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x83D5A000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x83D00000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x83C56000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x83DF7000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x80200000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA1E0000 C:\Windows\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8DCB0000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x83829000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8383B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#6
Render

Posted 07 August 2011 - 03:45 PM

Trusted Helper

Malware Removal
4,195 posts

Please do the following now:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer (included) and then select start scan
Once it has finished select Report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

How to add an attachment to a new topic or reply

#7
jcdertrommler

Posted 09 August 2011 - 12:22 PM

New Member

Topic Starter
Member
4 posts

I went to download the program but its a newer version and after the 1st scan I recieved no report

#8
Render

Posted 09 August 2011 - 12:36 PM

Trusted Helper

Malware Removal
4,195 posts

Sorry, the link is no longer valid. Please download this tool here and follow instructions from my previous post.

#9
Render

Posted 25 August 2011 - 01:01 PM

Trusted Helper

Malware Removal
4,195 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.