Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Redirect


  • Please log in to reply

#1
Kaitlynsmom

Kaitlynsmom

    New Member

  • Member
  • Pip
  • 5 posts
OK so I somehow got some search redirect trojan. I run Vipre Antivirus, which didn't find it but the Vipre website said to run Vipre rescue and Malwarebyte's Anti-Malware in safe mode, which I did. Anti-Malware found some stuff, which I assumed was it, because after I cleaned the system and did another search, it went to websites that had previously been redirected. However, the next time I logged on and did an online search I was getting redirects again. At first it was just IE, now it is doing it in Firefox also. I managed to find you guys when Firefox was working so I downloaded and ran OTL and here is the resulting log:

OTL logfile created on: 5/16/2011 10:53:56 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Shasta\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457.08 Gb Total Space | 321.59 Gb Free Space | 70.36% Space Free | Partition Type: NTFS
Drive D: | 8.68 Gb Total Space | 4.63 Gb Free Space | 53.31% Space Free | Partition Type: NTFS
Drive F: | 62.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 62.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHASTAS-DESKTOP | User Name: Shasta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 08:28:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shasta\Downloads\OTL.exe
PRC - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/01/12 17:14:34 | 003,376,408 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2009/08/24 07:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/03/09 14:50:00 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/21 19:12:55 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


========== Modules (SafeList) ==========

MOD - [2011/05/16 08:28:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shasta\Downloads\OTL.exe
MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Themes32)
SRV - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/12/24 01:40:25 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/24 07:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/21 19:12:55 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/07/27 04:48:30 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/03/31 07:51:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/31 06:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/02/23 05:12:44 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/03/06 22:51:52 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/03/06 22:51:52 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/03/06 22:51:50 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/11/24 18:04:10 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV - [2008/04/15 12:17:32 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/01/18 22:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2007/08/17 18:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 18:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 18:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 18:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/10/18 17:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 51 8C 01 0E A4 AE 4F A6 60 96 84 57 B0 56 30 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {1c17194e-147b-4b16-a232-ecc51302cd7b}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/03/23 14:01:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/13 12:40:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 09:31:16 | 000,000,000 | ---D | M]

[2011/03/13 14:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Extensions
[2011/05/16 09:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions
[2011/05/11 02:14:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{1c17194e-147b-4b16-a232-ecc51302cd7b}
[2011/05/16 09:46:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 12:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 14:01:59 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2009/09/14 10:02:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\SHASTA\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/05/14 12:41:47 | 000,434,201 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14946 more lines...
O2 - BHO: (no name) - {018C51C0-A40E-4FAE-A660-968457B05630} - C:\Windows\System32\audiodev32.dll (Borland Software Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [EPSON NX410 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [RGSC] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: e-rewards.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinn...ems/zengems.cab (ZenGems Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinn...0/pool/pool.cab (Pool Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinn...litairerush.cab (SolitaireRush Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://provantage.w...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\audiodev32.dll) - C:\ProgramData\audiodev32.dll (Borland Software Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shasta\Pictures\Cat Pictures\Snow leopard babies2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shasta\Pictures\Cat Pictures\Snow leopard babies2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 08:39:48 | 000,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/08/21 08:39:48 | 000,000,074 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\Shell - "" = AutoRun
O33 - MountPoints2\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/08/18 03:07:30 | 002,310,824 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\Shell - "" = AutoRun
O33 - MountPoints2\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/08/18 03:07:30 | 002,310,824 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{49472bfb-675e-11dc-8079-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49472bfb-675e-11dc-8079-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{77b57f33-30b1-11df-9c75-001bfcfcc196}\Shell - "" = AutoRun
O33 - MountPoints2\{77b57f33-30b1-11df-9c75-001bfcfcc196}\Shell\AutoRun\command - "" = G:\Start.exe -- [2008/09/08 07:39:34 | 000,099,656 | R--- | M] (Smith Micro Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 20:30:50 | 000,000,000 | RH-D | C] -- C:\Users\Shasta\AppData\Roaming\SecuROM
[2011/05/15 02:02:01 | 000,000,000 | ---D | C] -- C:\Users\Shasta\AppData\Roaming\Malwarebytes
[2011/05/15 02:01:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/15 02:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/15 02:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/15 02:01:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/15 02:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/15 01:40:21 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shasta\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/14 12:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/13 05:36:29 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/05/11 02:14:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED
[2011/05/11 02:14:06 | 000,240,640 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\audiodev32.dll
[2011/05/11 02:14:03 | 000,412,672 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\audiodev32.dll
[2011/05/10 01:46:05 | 000,000,000 | ---D | C] -- C:\Users\Shasta\AppData\Roaming\Quirky Games
[2011/05/10 01:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\3 Blokes Studios
[2011/05/10 01:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Magical Forest
[2011/05/06 20:11:58 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\Convergance Documents
[2011/05/06 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\Apollo Water Heater Endcap Reset
[2011/05/06 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\Apollo Paint Sprayer Demo
[2011/04/26 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Documents\Shasta Motherboard Manual
[2011/04/25 23:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass-2.09
[2011/04/19 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Shasta\AppData\Roaming\Awem
[2011/04/19 10:54:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Romance of Rome

========== Files - Modified Within 30 Days ==========

[2011/05/16 10:55:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F75C605-2235-4894-AEA0-DD925CBA7628}.job
[2011/05/16 10:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79CA8C52-29E0-4C98-B079-AE08F2C0AB9A}.job
[2011/05/16 10:38:39 | 000,000,294 | ---- | M] () -- C:\Users\Shasta\AppData\Roaming\default.rss
[2011/05/16 10:35:38 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 10:35:38 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 10:15:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 09:43:10 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/16 09:43:10 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/16 09:39:07 | 000,122,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/16 09:39:07 | 000,122,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/16 09:38:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 09:37:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/16 09:37:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 09:36:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/15 01:41:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shasta\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/14 12:41:47 | 000,434,201 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/13 04:50:15 | 089,866,240 | ---- | M] () -- C:\Users\Shasta\Desktop\VIPRERescue9267.exe
[2011/05/13 04:14:24 | 000,001,185 | ---- | M] () -- C:\ProgramData\438157693
[2011/05/13 04:13:20 | 000,000,021 | ---- | M] () -- C:\ProgramData\3ae7bd06
[2011/05/13 03:15:15 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl1540782275
[2011/05/12 15:48:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/11 02:15:07 | 000,000,144 | -HS- | M] () -- C:\ProgramData\976742993
[2011/05/11 02:14:50 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/05/11 02:14:07 | 000,000,085 | ---- | M] () -- C:\Windows\System32\281652598
[2011/05/11 02:14:06 | 000,240,640 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\audiodev32.dll
[2011/05/11 02:14:03 | 000,412,672 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\audiodev32.dll
[2011/05/10 03:44:49 | 007,070,043 | ---- | M] () -- C:\Users\Shasta\Desktop\MagicInlaySetup.exe
[2011/05/09 20:58:33 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Magical Forest.lnk
[2011/05/09 20:49:38 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\Lost Fortunes.lnk
[2011/05/02 04:37:15 | 000,160,683 | ---- | M] () -- C:\Users\Shasta\Desktop\Mortimer Beckett Time Paradox Walkthrough.rtf
[2011/04/28 09:00:33 | 000,371,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/26 08:16:04 | 000,063,915 | ---- | M] () -- C:\Users\Shasta\Documents\Merchandising Resume Current.rtf
[2011/04/23 13:45:26 | 000,001,040 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/04/19 09:38:15 | 000,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

========== Files Created - No Company Name ==========

[2011/05/13 04:50:13 | 089,866,240 | ---- | C] () -- C:\Users\Shasta\Desktop\VIPRERescue9267.exe
[2011/05/13 03:32:02 | 000,000,021 | ---- | C] () -- C:\ProgramData\3ae7bd06
[2011/05/13 03:15:15 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl1540782275
[2011/05/12 15:48:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/11 02:15:06 | 000,001,185 | ---- | C] () -- C:\ProgramData\438157693
[2011/05/11 02:14:50 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/05/11 02:14:50 | 000,000,144 | -HS- | C] () -- C:\ProgramData\976742993
[2011/05/11 02:14:05 | 000,000,085 | ---- | C] () -- C:\Windows\System32\281652598
[2011/05/10 03:44:43 | 007,070,043 | ---- | C] () -- C:\Users\Shasta\Desktop\MagicInlaySetup.exe
[2011/05/09 20:58:33 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Magical Forest.lnk
[2011/05/09 20:49:38 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\Lost Fortunes.lnk
[2011/05/02 04:37:15 | 000,160,683 | ---- | C] () -- C:\Users\Shasta\Desktop\Mortimer Beckett Time Paradox Walkthrough.rtf
[2010/07/30 21:18:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/07 13:42:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/18 21:43:42 | 000,000,294 | ---- | C] () -- C:\Users\Shasta\AppData\Roaming\default.rss
[2010/03/22 03:07:45 | 000,163,187 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010/03/22 03:07:45 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/02/24 15:56:40 | 000,007,168 | ---- | C] () -- C:\Users\Shasta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/17 12:09:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/02/10 16:53:37 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/03 17:18:13 | 000,001,040 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2010/01/31 14:06:38 | 000,122,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/31 14:06:37 | 000,122,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/31 05:03:32 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/31 05:03:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/12/28 01:28:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/08 14:50:38 | 000,002,089 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/07 14:46:19 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/12/02 02:16:08 | 000,027,153 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2009/12/02 01:21:36 | 000,000,036 | ---- | C] () -- C:\Windows\1000GAME.INI
[2009/09/23 23:52:24 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/06 22:51:52 | 000,026,888 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/11 08:18:41 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/27 18:51:03 | 000,107,422 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/06/28 11:38:01 | 000,001,923 | ---- | C] () -- C:\Windows\checkip.dat
[2008/05/27 13:56:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/01/06 22:28:54 | 000,020,454 | ---- | C] () -- C:\Windows\hpoins01.dat
[2008/01/06 22:28:54 | 000,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2007/09/20 00:32:01 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/09/19 23:55:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006/12/21 19:12:58 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,371,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,107,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/03/17 02:29:42 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2004/03/17 02:29:40 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2004/03/17 02:29:38 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/01/17 14:59:39 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\2monkeys
[2009/08/31 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\3 Days Zoo Mystery
[2009/08/31 13:23:08 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Aisle 5 Games, Inc
[2010/10/07 07:01:09 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Alawar Entertainment
[2011/03/14 14:44:44 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Audacity
[2011/04/19 10:54:06 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Awem
[2010/07/10 03:46:45 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\BitTorrent
[2010/11/25 14:54:18 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\BlamGames
[2010/10/24 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\BloodTies
[2010/08/17 07:13:11 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Braintonik
[2011/05/16 08:32:38 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\BVS Solitaire Collection
[2009/10/19 21:13:27 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Cat's Eye Games
[2010/10/11 07:47:58 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\cerasus.media
[2010/01/23 06:25:49 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/16 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Cricket
[2010/07/14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Curious Sense
[2010/11/05 11:29:48 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\DarkParablesBriarRoseSE_RA
[2010/11/15 07:20:40 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Dekovir
[2010/01/29 04:59:59 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Dragon Altar Games
[2009/10/19 23:04:36 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\eGames
[2011/04/19 09:43:05 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\EleFun Games
[2009/11/21 18:00:27 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\EscapeFromParadise2
[2010/09/18 09:58:41 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\FairyNook
[2009/09/16 12:03:58 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Flood Light Games
[2011/02/26 21:51:42 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\FreezeTag
[2009/12/24 10:54:30 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Friday's games
[2011/05/11 02:10:42 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\FrostWire
[2009/10/19 23:33:30 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\funkitron
[2010/10/23 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\GameHouse
[2011/02/02 10:25:39 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\GameInvest
[2010/01/05 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Gamers Digital
[2010/07/14 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\GamersDigital
[2011/02/05 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\gemsweeperextractedgfx
[2010/03/01 02:34:33 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Gestalt Games
[2010/06/30 11:39:18 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\GhostFleet
[2010/10/22 08:52:42 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\GTM_Bodie
[2009/11/19 04:49:01 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\HdO Adventure
[2009/11/09 03:27:43 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Home Sweet Home Christmas
[2010/09/01 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\iMaxGen
[2009/08/31 08:55:23 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\IronCode
[2010/04/11 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Jetsetter
[2010/10/17 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\JewelMatch2
[2010/06/14 01:51:27 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Lazy Turtle Games
[2009/12/13 06:47:22 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Little Games Company
[2010/09/08 14:05:53 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\MastersOfMystery2
[2011/01/04 09:57:58 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\MBT
[2009/12/27 13:37:47 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Mean Hamster Software
[2011/01/08 10:18:03 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Meridian93
[2011/02/15 07:46:44 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Merscom
[2010/11/25 00:25:58 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\MysteryStudio
[2010/07/10 06:53:16 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Pi Eye Games
[2010/03/29 06:41:58 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\PlayFirst
[2009/12/26 08:12:55 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\PoBros
[2011/05/10 01:46:05 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Quirky Games
[2009/12/07 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Restorer
[2009/09/15 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\SampleView
[2009/12/15 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\SecondLife
[2010/01/11 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\SecretIslandEng
[2010/05/07 13:51:36 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Sierra Wireless
[2010/02/17 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Smith Micro
[2010/03/29 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\SpinTop
[2010/01/17 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\SpinTop Games
[2009/08/31 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\SulusGames
[2010/07/08 12:04:35 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\TheFixerUpper
[2010/03/29 01:43:53 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\TitanicMystery
[2010/02/23 05:24:48 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\TrueCrypt
[2010/09/02 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\URSE Games
[2010/09/29 13:35:16 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Virtual City
[2010/02/10 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\Virtual Prophecy
[2010/08/14 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Shasta\AppData\Roaming\World-Loom
[2011/05/16 09:37:01 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/16 10:55:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3F75C605-2235-4894-AEA0-DD925CBA7628}.job
[2011/05/16 10:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79CA8C52-29E0-4C98-B079-AE08F2C0AB9A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5A99DEB7
@Alternate Data Stream - 328 bytes -> C:\ProgramData\TEMP:1387592D
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E101DD94
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:38D7EDFD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:31D032DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3DBE30A1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C1ECC69C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0FC57F99
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F1D9186A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:42F5BBCE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:127BB39D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E3E01C22
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D97A9919
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C7F3F179
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:87A1C898
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:42C1964D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8DED4A5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:81AF749E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80D975A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DE22ABA0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B4F28B0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4BFE8B22
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E010A554
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:65241CBC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B0F20871
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DC85983B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E98B604F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2E426A1F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D26B6B0A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:EEB25EAE

< End of report >

I hope someone can help me clear this mess up! Thanks in advance for your time.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,660 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer



Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
FF - prefs.js..extensions.enabledItems: {1c17194e-147b-4b16-a232-ecc51302cd7b}:1.0
[2011/05/11 02:14:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{1c17194e-147b-4b16-a232-ecc51302cd7b}
O2 - BHO: (no name) - {018C51C0-A40E-4FAE-A660-968457B05630} - C:\Windows\System32\audiodev32.dll (Borland Software Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [RGSC] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\ProgramData\audiodev32.dll) - C:\ProgramData\audiodev32.dll (Borland Software Corporation)
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 08:39:48 | 000,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/08/21 08:39:48 | 000,000,074 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\Shell - "" = AutoRun
O33 - MountPoints2\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/08/18 03:07:30 | 002,310,824 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\Shell - "" = AutoRun
O33 - MountPoints2\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/08/18 03:07:30 | 002,310,824 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{49472bfb-675e-11dc-8079-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49472bfb-675e-11dc-8079-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{77b57f33-30b1-11df-9c75-001bfcfcc196}\Shell - "" = AutoRun
O33 - MountPoints2\{77b57f33-30b1-11df-9c75-001bfcfcc196}\Shell\AutoRun\command - "" = G:\Start.exe -- [2008/09/08 07:39:34 | 000,099,656 | R--- | M] (Smith Micro Software, Inc.)
[2011/05/11 02:14:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED
[2011/05/11 02:14:06 | 000,240,640 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\audiodev32.dll
[2011/05/11 02:14:03 | 000,412,672 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\audiodev32.dll
[2011/05/13 04:14:24 | 000,001,185 | ---- | M] () -- C:\ProgramData\438157693
[2011/05/13 04:13:20 | 000,000,021 | ---- | M] () -- C:\ProgramData\3ae7bd06
[2011/05/13 03:15:15 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl1540782275
[2011/05/11 02:15:07 | 000,000,144 | -HS- | M] () -- C:\ProgramData\976742993
[2011/05/11 02:14:50 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/05/11 02:14:07 | 000,000,085 | ---- | M] () -- C:\Windows\System32\281652598

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select either the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on george and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#3
Kaitlynsmom

Kaitlynsmom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry it took me so long to get back to post but I got about halfway through the process and an emergency came up and I wasn't able to get back to the computer until tonight. I couldn't get Combofix to run at first so I actually ran that last instead.

First I ran Spybot Search and Destroy in advanced mode as you requested and it found my system clean, therefore put out no log. Here are all of the other logs:

OTL - This is the log that resulted after the fix you had me apply:

All processes killed
========== OTL ==========
Prefs.js: {1c17194e-147b-4b16-a232-ecc51302cd7b}:1.0 removed from extensions.enabledItems
C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{1c17194e-147b-4b16-a232-ecc51302cd7b}\defaults\preferences folder moved successfully.
C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{1c17194e-147b-4b16-a232-ecc51302cd7b}\defaults folder moved successfully.
C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{1c17194e-147b-4b16-a232-ecc51302cd7b}\chrome folder moved successfully.
C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{1c17194e-147b-4b16-a232-ecc51302cd7b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{018C51C0-A40E-4FAE-A660-968457B05630}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{018C51C0-A40E-4FAE-A660-968457B05630}\ not found.
File C:\Windows\System32\audiodev32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\audiodev32.dll deleted successfully.
C:\ProgramData\audiodev32.dll moved successfully.
D:\autorun.inf moved successfully.
File F:\AUTORUN.INF not found.
File G:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a21a1a2-29d4-11e0-a249-001bfcfcc196}\ not found.
File F:\VZAccess_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27b1d90f-2f4e-11e0-a81d-001bfcfcc196}\ not found.
File F:\VZAccess_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49472bfb-675e-11dc-8079-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49472bfb-675e-11dc-8079-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49472bfb-675e-11dc-8079-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49472bfb-675e-11dc-8079-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b57f33-30b1-11df-9c75-001bfcfcc196}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77b57f33-30b1-11df-9c75-001bfcfcc196}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b57f33-30b1-11df-9c75-001bfcfcc196}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77b57f33-30b1-11df-9c75-001bfcfcc196}\ not found.
File G:\Start.exe not found.
C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED\h\f1\content folder moved successfully.
C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED\h\f1 folder moved successfully.
C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED\h folder moved successfully.
C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED\b folder moved successfully.
C:\ProgramData\87F6923E91143B0B41A8DED7C1FB46ED folder moved successfully.
File C:\ProgramData\audiodev32.dll not found.
File C:\Windows\System32\audiodev32.dll not found.
C:\ProgramData\438157693 moved successfully.
C:\ProgramData\3ae7bd06 moved successfully.
C:\ProgramData\sl1540782275 moved successfully.
C:\ProgramData\976742993 moved successfully.
C:\ProgramData\unrar.exe moved successfully.
C:\Windows\System32\281652598 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kaitlyn
->Temp folder emptied: 11074468 bytes
->Temporary Internet Files folder emptied: 122410877 bytes
->Java cache emptied: 25493434 bytes
->Flash cache emptied: 5954 bytes

User: KITTY
->Temp folder emptied: 1802291 bytes
->Temporary Internet Files folder emptied: 96863 bytes
->Java cache emptied: 8551185 bytes
->Flash cache emptied: 76861 bytes

User: Public

User: Shasta
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 88966629 bytes
->Java cache emptied: 55721867 bytes
->FireFox cache emptied: 59940268 bytes
->Flash cache emptied: 677451 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5271 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 358.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05162011_210055

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


And this is the log that resulted after the rescan:

OTL logfile created on: 5/16/2011 9:08:53 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Shasta\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457.08 Gb Total Space | 323.80 Gb Free Space | 70.84% Space Free | Partition Type: NTFS
Drive D: | 8.68 Gb Total Space | 4.63 Gb Free Space | 53.31% Space Free | Partition Type: NTFS

Computer Name: SHASTAS-DESKTOP | User Name: Shasta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 08:28:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shasta\Downloads\OTL.exe
PRC - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/08/24 07:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/03/09 14:50:00 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/21 19:12:55 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


========== Modules (SafeList) ==========

MOD - [2011/05/16 08:28:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shasta\Downloads\OTL.exe
MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Themes32)
SRV - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/12/24 01:40:25 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/24 07:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/21 19:12:55 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/07/27 04:48:30 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/03/31 07:51:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/31 06:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/02/23 05:12:44 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/03/06 22:51:52 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/03/06 22:51:52 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/03/06 22:51:50 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/11/24 18:04:10 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/15 12:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV - [2008/04/15 12:17:32 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/01/18 22:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2007/08/17 18:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 18:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 18:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 18:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/10/18 17:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 51 8C 01 0E A4 AE 4F A6 60 96 84 57 B0 56 30 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/06 10:32:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/03/23 14:01:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/13 12:40:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 09:31:16 | 000,000,000 | ---D | M]

[2011/03/13 14:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Extensions
[2011/03/13 14:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/16 21:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions
[2011/05/16 09:46:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 12:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/13 12:40:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/23 14:01:59 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2009/09/14 10:02:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\SHASTA\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\SHASTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q9SDNXB2.DEFAULT\EXTENSIONS\{1C17194E-147B-4B16-A232-ECC51302CD7B}
[2011/03/03 11:16:49 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/03/03 11:16:49 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2011/03/03 11:16:50 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011/04/14 03:39:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/03/03 09:07:02 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/03 09:07:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/03 09:07:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/03 09:07:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/03/03 09:07:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/03 09:07:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/03 09:07:02 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/05/14 12:41:47 | 000,434,201 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14946 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON NX410 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: e-rewards.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinn...ems/zengems.cab (ZenGems Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinn...0/pool/pool.cab (Pool Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinn...litairerush.cab (SolitaireRush Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://provantage.w...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shasta\Pictures\Cat Pictures\Snow leopard babies2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shasta\Pictures\Cat Pictures\Snow leopard babies2.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 21:00:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 13:40:45 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\ADI Endcap Program
[2011/05/15 20:30:50 | 000,000,000 | RH-D | C] -- C:\Users\Shasta\AppData\Roaming\SecuROM
[2011/05/15 02:02:01 | 000,000,000 | ---D | C] -- C:\Users\Shasta\AppData\Roaming\Malwarebytes
[2011/05/15 02:01:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/15 02:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/15 02:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/15 02:01:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/15 02:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/14 12:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/13 05:36:29 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/05/10 01:46:05 | 000,000,000 | ---D | C] -- C:\Users\Shasta\AppData\Roaming\Quirky Games
[2011/05/10 01:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\3 Blokes Studios
[2011/05/10 01:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Magical Forest
[2011/05/06 20:11:58 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\Convergance Documents
[2011/05/06 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\Apollo Water Heater Endcap Reset
[2011/05/06 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Desktop\Apollo Paint Sprayer Demo
[2011/04/28 08:52:27 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/28 08:52:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/28 08:52:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/04/28 08:52:23 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/28 08:52:23 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/28 08:52:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/28 08:52:19 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/04/28 08:51:05 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/04/28 08:51:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/04/28 08:51:05 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/04/28 08:51:05 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/04/28 08:50:45 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/28 08:50:45 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/26 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Shasta\Documents\Shasta Motherboard Manual
[2011/04/25 23:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass-2.09
[2011/04/19 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Shasta\AppData\Roaming\Awem
[2011/04/19 10:54:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Romance of Rome

========== Files - Modified Within 30 Days ==========

[2011/05/16 21:10:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F75C605-2235-4894-AEA0-DD925CBA7628}.job
[2011/05/16 21:10:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79CA8C52-29E0-4C98-B079-AE08F2C0AB9A}.job
[2011/05/16 21:08:21 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/16 21:08:21 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/16 21:04:16 | 000,122,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/16 21:04:16 | 000,122,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/16 21:04:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 21:03:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 21:03:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 21:03:49 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/16 21:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 21:02:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/16 20:28:52 | 000,008,619 | ---- | M] () -- C:\Users\Shasta\Desktop\Directions for fix.rtf
[2011/05/16 20:22:40 | 000,003,607 | ---- | M] () -- C:\Users\Shasta\Desktop\otl.rtf
[2011/05/16 20:15:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 13:36:03 | 000,001,318 | ---- | M] () -- C:\Users\Shasta\Desktop\Food Stamp App.rtf
[2011/05/16 11:50:54 | 000,018,969 | ---- | M] () -- C:\Users\Shasta\Desktop\Masters of Mystery Blood of Betrayal Walkthrough.rtf
[2011/05/16 10:38:39 | 000,000,294 | ---- | M] () -- C:\Users\Shasta\AppData\Roaming\default.rss
[2011/05/14 12:41:47 | 000,434,201 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/13 04:50:15 | 089,866,240 | ---- | M] () -- C:\Users\Shasta\Desktop\VIPRERescue9267.exe
[2011/05/12 15:48:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/10 03:44:49 | 007,070,043 | ---- | M] () -- C:\Users\Shasta\Desktop\MagicInlaySetup.exe
[2011/05/09 20:58:33 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Magical Forest.lnk
[2011/05/09 20:49:38 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\Lost Fortunes.lnk
[2011/05/02 04:37:15 | 000,160,683 | ---- | M] () -- C:\Users\Shasta\Desktop\Mortimer Beckett Time Paradox Walkthrough.rtf
[2011/04/28 09:00:33 | 000,371,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/26 08:16:04 | 000,063,915 | ---- | M] () -- C:\Users\Shasta\Documents\Merchandising Resume Current.rtf
[2011/04/23 13:45:26 | 000,001,040 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/04/19 09:38:15 | 000,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

========== Files Created - No Company Name ==========

[2011/05/16 20:28:52 | 000,008,619 | ---- | C] () -- C:\Users\Shasta\Desktop\Directions for fix.rtf
[2011/05/16 20:22:40 | 000,003,607 | ---- | C] () -- C:\Users\Shasta\Desktop\otl.rtf
[2011/05/16 13:36:03 | 000,001,318 | ---- | C] () -- C:\Users\Shasta\Desktop\Food Stamp App.rtf
[2011/05/16 11:50:54 | 000,018,969 | ---- | C] () -- C:\Users\Shasta\Desktop\Masters of Mystery Blood of Betrayal Walkthrough.rtf
[2011/05/13 04:50:13 | 089,866,240 | ---- | C] () -- C:\Users\Shasta\Desktop\VIPRERescue9267.exe
[2011/05/12 15:48:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/10 03:44:43 | 007,070,043 | ---- | C] () -- C:\Users\Shasta\Desktop\MagicInlaySetup.exe
[2011/05/09 20:58:33 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Magical Forest.lnk
[2011/05/09 20:49:38 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\Lost Fortunes.lnk
[2011/05/02 04:37:15 | 000,160,683 | ---- | C] () -- C:\Users\Shasta\Desktop\Mortimer Beckett Time Paradox Walkthrough.rtf
[2010/07/30 21:18:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/07 13:42:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/18 21:43:42 | 000,000,294 | ---- | C] () -- C:\Users\Shasta\AppData\Roaming\default.rss
[2010/03/22 03:07:45 | 000,163,187 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010/03/22 03:07:45 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/02/24 15:56:40 | 000,007,168 | ---- | C] () -- C:\Users\Shasta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/17 12:09:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/02/10 16:53:37 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/03 17:18:13 | 000,001,040 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2010/01/31 14:06:38 | 000,122,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/31 14:06:37 | 000,122,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/31 05:03:32 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/31 05:03:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/12/28 01:28:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/08 14:50:38 | 000,002,089 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/07 14:46:19 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/12/02 02:16:08 | 000,027,153 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2009/12/02 01:21:36 | 000,000,036 | ---- | C] () -- C:\Windows\1000GAME.INI
[2009/09/23 23:52:24 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/06 22:51:52 | 000,026,888 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/11 08:18:41 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/27 18:51:03 | 000,107,422 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/06/28 11:38:01 | 000,001,923 | ---- | C] () -- C:\Windows\checkip.dat
[2008/05/27 13:56:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/01/06 22:28:54 | 000,020,454 | ---- | C] () -- C:\Windows\hpoins01.dat
[2008/01/06 22:28:54 | 000,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2007/09/20 00:32:01 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/09/19 23:55:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006/12/21 19:12:58 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,371,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,107,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/03/17 02:29:42 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2004/03/17 02:29:40 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2004/03/17 02:29:38 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5A99DEB7
@Alternate Data Stream - 328 bytes -> C:\ProgramData\TEMP:1387592D
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E101DD94
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:38D7EDFD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:31D032DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3DBE30A1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C1ECC69C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0FC57F99
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F1D9186A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:42F5BBCE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:127BB39D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E3E01C22
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D97A9919
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C7F3F179
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:87A1C898
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:42C1964D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8DED4A5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:81AF749E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80D975A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DE22ABA0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B4F28B0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4BFE8B22
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E010A554
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:65241CBC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B0F20871
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DC85983B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E98B604F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2E426A1F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D26B6B0A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:EEB25EAE

< End of report >


Malwarebyte's Anti-Malware reported finding nothing but here is the log from the scan anyway:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6587

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

5/16/2011 11:18:02 PM
mbam-log-2011-05-16 (23-18-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 391706
Time elapsed: 1 hour(s), 34 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


TDSSKiller reported finding one suspicious item, which I copied to quarantine because you didn't mention what I should do with anything it found. It did not require a reboot. Here is the resulting log:

2011/05/17 21:36:55.0357 0208 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 21:36:55.0373 0208 ================================================================================
2011/05/17 21:36:55.0373 0208 SystemInfo:
2011/05/17 21:36:55.0373 0208
2011/05/17 21:36:55.0373 0208 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/17 21:36:55.0373 0208 Product type: Workstation
2011/05/17 21:36:55.0373 0208 ComputerName: SHASTAS-DESKTOP
2011/05/17 21:36:55.0373 0208 UserName: Shasta
2011/05/17 21:36:55.0373 0208 Windows directory: C:\Windows
2011/05/17 21:36:55.0373 0208 System windows directory: C:\Windows
2011/05/17 21:36:55.0373 0208 Processor architecture: Intel x86
2011/05/17 21:36:55.0373 0208 Number of processors: 2
2011/05/17 21:36:55.0373 0208 Page size: 0x1000
2011/05/17 21:36:55.0373 0208 Boot type: Normal boot
2011/05/17 21:36:55.0373 0208 ================================================================================
2011/05/17 21:36:55.0685 0208 Initialize success
2011/05/17 21:37:02.0377 1924 ================================================================================
2011/05/17 21:37:02.0377 1924 Scan started
2011/05/17 21:37:02.0377 1924 Mode: Manual;
2011/05/17 21:37:02.0377 1924 ================================================================================
2011/05/17 21:37:03.0610 1924 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/17 21:37:03.0672 1924 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/17 21:37:03.0719 1924 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/17 21:37:03.0766 1924 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/17 21:37:03.0813 1924 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/17 21:37:03.0906 1924 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/17 21:37:04.0031 1924 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/17 21:37:04.0093 1924 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/17 21:37:04.0125 1924 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/17 21:37:04.0171 1924 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/17 21:37:04.0281 1924 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/17 21:37:04.0327 1924 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/17 21:37:04.0359 1924 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/17 21:37:04.0390 1924 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/17 21:37:04.0499 1924 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/17 21:37:04.0593 1924 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/17 21:37:04.0686 1924 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/17 21:37:04.0733 1924 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/17 21:37:04.0967 1924 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/17 21:37:05.0076 1924 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/17 21:37:05.0123 1924 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/17 21:37:05.0170 1924 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/17 21:37:05.0217 1924 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/17 21:37:05.0232 1924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/17 21:37:05.0263 1924 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/17 21:37:05.0295 1924 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/17 21:37:05.0326 1924 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/17 21:37:05.0404 1924 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/17 21:37:05.0466 1924 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/17 21:37:05.0513 1924 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/17 21:37:05.0544 1924 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/17 21:37:05.0638 1924 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/17 21:37:05.0653 1924 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/17 21:37:05.0685 1924 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/17 21:37:05.0700 1924 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/17 21:37:05.0763 1924 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/17 21:37:05.0841 1924 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/17 21:37:05.0903 1924 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/17 21:37:05.0950 1924 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/17 21:37:05.0981 1924 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/17 21:37:06.0028 1924 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/17 21:37:06.0059 1924 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/17 21:37:06.0121 1924 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/17 21:37:06.0199 1924 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/17 21:37:06.0262 1924 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/17 21:37:06.0340 1924 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/17 21:37:06.0402 1924 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/17 21:37:06.0449 1924 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/17 21:37:06.0496 1924 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/17 21:37:06.0527 1924 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/17 21:37:06.0574 1924 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/17 21:37:06.0621 1924 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/17 21:37:06.0636 1924 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/17 21:37:06.0667 1924 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/17 21:37:06.0714 1924 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/17 21:37:06.0745 1924 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/05/17 21:37:06.0839 1924 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/17 21:37:06.0886 1924 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/17 21:37:06.0917 1924 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/17 21:37:06.0948 1924 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/17 21:37:06.0995 1924 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/17 21:37:07.0026 1924 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/17 21:37:07.0120 1924 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/17 21:37:07.0182 1924 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/17 21:37:07.0229 1924 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/17 21:37:07.0307 1924 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/05/17 21:37:07.0369 1924 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/17 21:37:07.0401 1924 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/17 21:37:07.0510 1924 IntcAzAudAddService (8d7eb1fd498fd0a34c95a298685ec1c7) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/17 21:37:07.0572 1924 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/17 21:37:07.0619 1924 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/17 21:37:07.0650 1924 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/17 21:37:07.0713 1924 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/17 21:37:07.0744 1924 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/17 21:37:07.0806 1924 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/17 21:37:07.0853 1924 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/17 21:37:07.0900 1924 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/17 21:37:07.0931 1924 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/17 21:37:07.0962 1924 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/17 21:37:08.0009 1924 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/17 21:37:08.0056 1924 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/17 21:37:08.0087 1924 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/17 21:37:08.0165 1924 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/17 21:37:08.0212 1924 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/17 21:37:08.0274 1924 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/17 21:37:08.0337 1924 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/17 21:37:08.0368 1924 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/17 21:37:08.0415 1924 massfilter (082ea07b461d1d184a82fdcb8b38a753) C:\Windows\system32\drivers\massfilter.sys
2011/05/17 21:37:08.0524 1924 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/17 21:37:08.0555 1924 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/17 21:37:08.0602 1924 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/17 21:37:08.0664 1924 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2011/05/17 21:37:08.0695 1924 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/17 21:37:08.0727 1924 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/17 21:37:08.0773 1924 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/17 21:37:08.0836 1924 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/17 21:37:08.0867 1924 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/17 21:37:08.0914 1924 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/17 21:37:08.0929 1924 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/17 21:37:08.0961 1924 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/17 21:37:08.0976 1924 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/17 21:37:09.0007 1924 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/17 21:37:09.0039 1924 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/17 21:37:09.0101 1924 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/17 21:37:09.0148 1924 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/17 21:37:09.0195 1924 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/17 21:37:09.0241 1924 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/17 21:37:09.0288 1924 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/17 21:37:09.0335 1924 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/17 21:37:09.0382 1924 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/17 21:37:09.0413 1924 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/17 21:37:09.0429 1924 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/17 21:37:09.0475 1924 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/17 21:37:09.0522 1924 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/17 21:37:09.0569 1924 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/17 21:37:09.0631 1924 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/17 21:37:09.0678 1924 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/17 21:37:09.0709 1924 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/17 21:37:09.0756 1924 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/17 21:37:09.0787 1924 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/17 21:37:09.0850 1924 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/17 21:37:09.0865 1924 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/17 21:37:09.0928 1924 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/17 21:37:09.0990 1924 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/17 21:37:10.0037 1924 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/17 21:37:10.0099 1924 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/17 21:37:10.0131 1924 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/17 21:37:10.0162 1924 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/17 21:37:10.0224 1924 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/17 21:37:10.0489 1924 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/17 21:37:10.0645 1924 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/17 21:37:10.0677 1924 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/17 21:37:10.0708 1924 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/05/17 21:37:10.0739 1924 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/17 21:37:10.0786 1924 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/17 21:37:10.0911 1924 NWADI (8261ca50939f83b87c0e474c51c8ef67) C:\Windows\system32\DRIVERS\NWADIenum.sys
2011/05/17 21:37:11.0004 1924 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2011/05/17 21:37:11.0035 1924 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
2011/05/17 21:37:11.0098 1924 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/17 21:37:11.0207 1924 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/17 21:37:11.0238 1924 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/17 21:37:11.0254 1924 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/17 21:37:11.0301 1924 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/05/17 21:37:11.0332 1924 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/17 21:37:11.0441 1924 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/17 21:37:11.0472 1924 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/17 21:37:11.0581 1924 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/17 21:37:11.0706 1924 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/17 21:37:11.0769 1924 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/17 21:37:11.0847 1924 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/17 21:37:11.0878 1924 PTDMBus (785e1032c8f3c8c60aa8e2b7fe377869) C:\Windows\system32\DRIVERS\PTDMBus.sys
2011/05/17 21:37:11.0909 1924 PTDMMdm (924c2b2dca76d2bd7d44b3bb968b344f) C:\Windows\system32\DRIVERS\PTDMMdm.sys
2011/05/17 21:37:11.0956 1924 PTDMVsp (58ad3ccdd567fa45fd94af15229ace7c) C:\Windows\system32\DRIVERS\PTDMVsp.sys
2011/05/17 21:37:12.0096 1924 PTDMWWAN (49f773decbcd6a555c7a8694d37d232e) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
2011/05/17 21:37:12.0205 1924 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/17 21:37:12.0237 1924 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/17 21:37:12.0268 1924 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/17 21:37:12.0346 1924 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/17 21:37:12.0408 1924 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/17 21:37:12.0439 1924 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/17 21:37:12.0471 1924 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/17 21:37:12.0486 1924 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/17 21:37:12.0517 1924 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/17 21:37:12.0549 1924 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/17 21:37:12.0595 1924 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/17 21:37:12.0627 1924 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/17 21:37:12.0705 1924 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/05/17 21:37:12.0736 1924 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/17 21:37:12.0783 1924 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/17 21:37:12.0814 1924 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/05/17 21:37:12.0876 1924 RTL8187B (661af6a63dff9f23b1dc3fb7b3e7a917) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/05/17 21:37:12.0939 1924 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2011/05/17 21:37:12.0985 1924 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\Windows\system32\DRIVERS\sbapifs.sys
2011/05/17 21:37:13.0048 1924 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/17 21:37:13.0110 1924 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREDrv.sys
2011/05/17 21:37:13.0188 1924 SbTis (5aa20102504a98f8c3653d99a0923e8b) C:\Windows\system32\drivers\sbtis.sys
2011/05/17 21:37:13.0235 1924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/17 21:37:13.0282 1924 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/17 21:37:13.0329 1924 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/17 21:37:13.0375 1924 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/17 21:37:13.0453 1924 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/17 21:37:13.0469 1924 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/17 21:37:13.0485 1924 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/17 21:37:13.0516 1924 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/17 21:37:13.0563 1924 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/17 21:37:13.0578 1924 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/17 21:37:13.0609 1924 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/17 21:37:13.0703 1924 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/17 21:37:13.0781 1924 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/05/17 21:37:13.0797 1924 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/17 21:37:13.0859 1924 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/17 21:37:13.0859 1924 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/17 21:37:13.0859 1924 sptd - detected LockedFile.Multi.Generic (1)
2011/05/17 21:37:13.0921 1924 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/17 21:37:13.0953 1924 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/17 21:37:13.0984 1924 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/17 21:37:14.0077 1924 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/17 21:37:14.0109 1924 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\Windows\System32\drivers\swmsflt.sys
2011/05/17 21:37:14.0155 1924 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\Windows\system32\DRIVERS\swmx00.sys
2011/05/17 21:37:14.0202 1924 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\Windows\system32\DRIVERS\SWNC5E00.sys
2011/05/17 21:37:14.0233 1924 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/17 21:37:14.0265 1924 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/17 21:37:14.0311 1924 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/17 21:37:14.0374 1924 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/17 21:37:14.0421 1924 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/17 21:37:14.0452 1924 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/17 21:37:14.0499 1924 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/17 21:37:14.0530 1924 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/17 21:37:14.0623 1924 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/17 21:37:14.0655 1924 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/17 21:37:14.0733 1924 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/05/17 21:37:14.0795 1924 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/17 21:37:14.0857 1924 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/17 21:37:14.0889 1924 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/17 21:37:14.0920 1924 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/17 21:37:14.0967 1924 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/17 21:37:15.0013 1924 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/17 21:37:15.0076 1924 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/17 21:37:15.0107 1924 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/17 21:37:15.0138 1924 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/17 21:37:15.0169 1924 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/17 21:37:15.0232 1924 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/05/17 21:37:15.0279 1924 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/17 21:37:15.0341 1924 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/17 21:37:15.0372 1924 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/17 21:37:15.0419 1924 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/17 21:37:15.0435 1924 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/17 21:37:15.0466 1924 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/17 21:37:15.0513 1924 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/17 21:37:15.0575 1924 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/17 21:37:15.0622 1924 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/17 21:37:15.0669 1924 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/17 21:37:15.0715 1924 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/17 21:37:15.0747 1924 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/17 21:37:15.0793 1924 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/17 21:37:15.0809 1924 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/17 21:37:15.0856 1924 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/17 21:37:15.0903 1924 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/17 21:37:15.0934 1924 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/17 21:37:15.0965 1924 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/17 21:37:15.0996 1924 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/17 21:37:16.0074 1924 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/05/17 21:37:16.0137 1924 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/17 21:37:16.0183 1924 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/17 21:37:16.0230 1924 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 21:37:16.0246 1924 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 21:37:16.0324 1924 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/17 21:37:16.0386 1924 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/17 21:37:16.0480 1924 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/17 21:37:16.0558 1924 WINUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/17 21:37:16.0651 1924 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/17 21:37:16.0745 1924 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/17 21:37:16.0792 1924 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/17 21:37:16.0854 1924 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/17 21:37:16.0917 1924 ZTEusbgps (d1d32a7fb32603f922f233f86a019c9f) C:\Windows\system32\DRIVERS\ZTEusbgps.sys
2011/05/17 21:37:16.0963 1924 ZTEusbmdm6k (d1d32a7fb32603f922f233f86a019c9f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/05/17 21:37:17.0010 1924 ZTEusbnmea (d1d32a7fb32603f922f233f86a019c9f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/05/17 21:37:17.0026 1924 ZTEusbnmeaext (d1d32a7fb32603f922f233f86a019c9f) C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
2011/05/17 21:37:17.0073 1924 ZTEusbser6k (d1d32a7fb32603f922f233f86a019c9f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/05/17 21:37:17.0213 1924 ================================================================================
2011/05/17 21:37:17.0213 1924 Scan finished
2011/05/17 21:37:17.0213 1924 ================================================================================
2011/05/17 21:37:17.0229 1932 Detected object count: 1
2011/05/17 21:37:42.0563 1932 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/17 21:37:42.0563 1932 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/17 21:37:42.0579 1932 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/05/17 21:37:42.0579 1932 LockedFile.Multi.Generic(sptd) - User select action: Quarantine


aswMBR found two things it considered suspicious. The "Fix MBR" button appeared enabled from the moment I started the program. The other fix button never was. Here is that log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-17 21:38:57
-----------------------------
21:38:57.887 OS Version: Windows 6.0.6001 Service Pack 1
21:38:57.887 Number of processors: 2 586 0x6B01
21:38:57.887 ComputerName: SHASTAS-DESKTOP UserName: Shasta
21:38:59.494 Initialize success
21:39:07.309 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
21:39:07.309 Disk 0 Vendor: Hitachi_ V56O Size: 476940MB BusType: 6
21:39:09.337 Disk 0 MBR read successfully
21:39:09.337 Disk 0 MBR scan
21:39:09.337 Disk 0 unknown MBR code
21:39:11.350 Disk 0 scanning sectors +976768065
21:39:11.365 Disk 0 scanning C:\Windows\system32\drivers
21:39:16.108 Service scanning
21:39:17.324 Disk 0 trace - called modules:
21:39:17.324 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859441f8]<<
21:39:17.340 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f75ac8]
21:39:17.340 3 CLASSPNP.SYS[885a5745] -> nt!IofCallDriver -> [0x859c71b0]
21:39:17.340 5 acpi.sys[8072c6a0] -> nt!IofCallDriver -> \Device\0000006b[0x859c7580]
21:39:17.340 \Driver\nvstor32[0x859a0e20] -> IRP_MJ_CREATE -> 0x859441f8
21:39:17.356 Scan finished successfully
21:39:47.198 Disk 0 MBR has been saved successfully to "C:\Users\Shasta\Desktop\MBR.dat"
21:39:47.214 The log file has been saved successfully to "C:\Users\Shasta\Desktop\aswMBR.txt"


Last but not least, the Combofix log:

ComboFix 11-05-17.01 - Shasta 05/17/2011 22:05:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1919.1049 [GMT -7:00]
Running from: c:\users\Shasta\Downloads\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iWin Games\iWinGamesHookIE.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 05:12 . 2011-05-18 05:12 -------- d-----w- c:\users\Shasta\AppData\Local\temp
2011-05-18 04:37 . 2011-05-18 04:37 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-17 04:00 . 2011-05-17 04:00 -------- d-----w- C:\_OTL
2011-05-16 03:30 . 2011-05-16 03:30 -------- d--h--r- c:\users\Shasta\AppData\Roaming\SecuROM
2011-05-15 09:02 . 2011-05-15 09:02 -------- d-----w- c:\users\Shasta\AppData\Roaming\Malwarebytes
2011-05-15 09:01 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 09:01 . 2011-05-15 09:01 -------- d-----w- c:\programdata\Malwarebytes
2011-05-15 09:01 . 2011-05-15 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 09:01 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 12:36 . 2011-05-14 00:42 -------- d-----w- C:\VIPRERESCUE
2011-05-10 08:46 . 2011-05-10 08:46 -------- d-----w- c:\users\Shasta\AppData\Roaming\Quirky Games
2011-05-10 08:43 . 2011-05-10 08:43 -------- d-----w- c:\programdata\3 Blokes Studios
2011-05-10 08:42 . 2011-05-10 08:42 -------- d-----w- c:\programdata\Magical Forest
2011-04-28 15:51 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-04-28 15:51 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-04-28 15:51 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-04-28 15:51 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-28 15:50 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-28 15:50 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-04-28 15:50 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-04-26 06:16 . 2011-04-26 06:18 -------- d-----w- c:\program files\KeePass-2.09
2011-04-19 17:54 . 2011-04-19 17:54 -------- d-----w- c:\users\Shasta\AppData\Roaming\Awem
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:27 . 2011-02-23 15:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 15:27 . 2011-02-23 15:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 15:27 . 2011-02-23 15:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 15:27 . 2011-02-23 15:27 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 15:27 . 2011-02-23 15:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 15:27 . 2011-02-23 15:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 15:27 . 2011-02-23 15:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 15:27 . 2011-02-23 15:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 15:27 . 2011-02-23 15:27 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-02-23 15:27 . 2011-02-23 15:27 10468360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 15:27 . 2007-09-20 06:56 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-23 15:27 . 2007-09-20 06:56 1965672 ----a-w- c:\windows\system32\nvapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"Skytel"="Skytel.exe" [2007-03-10 1822720]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-30 122368]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640]
R2 Themes32;Themes ;c:\windows\system32\unbcl32.exe [x]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-04-15 9216]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [x]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-18 59520]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [2008-04-15 105856]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-15 105856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-31 691696]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-11-09 98392]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 78936]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 69976]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - KLMD25
*Deregistered* - aswMBR
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 01:38]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 01:38]
.
2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{3F75C605-2235-4894-AEA0-DD925CBA7628}.job
- c:\windows\system32\msfeedssync.exe [2011-01-10 04:25]
.
2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{79CA8C52-29E0-4C98-B079-AE08F2C0AB9A}.job
- c:\windows\system32\msfeedssync.exe [2011-01-10 04:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: e-rewards.com\www
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\programdata\iWin Games\firefox
FF - Ext: Move Media Player: [email protected] - c:\users\Shasta\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
AddRemove-Text Twist 2 1.00 - c:\program files\Games\Text Twist 2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 22:12
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Shasta\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1148052350-3659404677-460808176-1001\Software\SecuROM\License information*]
"datasecu"=hex:f0,93,de,19,54,1a,2b,12,16,96,07,bf,e0,1f,32,c3,00,30,3e,7d,68,
7e,57,56,a8,67,50,98,ce,ed,9c,15,92,c2,2d,dd,f6,40,d8,37,e4,7c,ef,be,80,ec,\
"rkeysecu"=hex:47,0f,91,2e,dd,71,3e,e7,af,39,65,36,b3,9d,32,2a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-17 22:15:32
ComboFix-quarantined-files.txt 2011-05-18 05:15
.
Pre-Run: 347,494,825,984 bytes free
Post-Run: 346,348,605,440 bytes free
.
- - End Of File - - CDF8B556AABD93934F10E850A52E1727

Thanks again for all of your assistance. I will be eagerly awaiting your next response.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,660 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\Drivers\sptd.sys

Driver::
sptd



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Run TDSSKiller one more time and post the log then run aswmbr one more time and post the log.

What make and mode PC is this? Do you have the original Windows CD or DVD?

Ron
  • 0

#5
Kaitlynsmom

Kaitlynsmom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
First off I apologize I should have listed all the specs to begin with. Purely an over site on my part.

Operating System:
Windows Vista Home Premium SP1 32 Bit
System Specs:
AMD Athlon 64 X2 Dual Core 4800+ 2.5GHz
2.00 GB RAM
Motherboard Asus M2N-MX SE
NVIDIA GeForce 6150SE nForce 430 Integrated graphics

Disabled antivirus again and ran the fix with George and saved the log. Went to look at the set of instructions that you had given me to see what ran next (I had copied and pasted into another Notepad file) and received the following error message:

C:|Users\Shasta\Desktop\Directions 2.txt
Illegal operation attempted on a registry key that has been marked for deletion

It wouldn't allow me to access that file. I am getting the same error message when I try to run any program or open any file on my computer. I could, however, run TDSSKiller by running as Administrator, which I did. This time it came up clean, no log created. Same situation with opening aswMBR. The problem is now I can't open the logs from George and aswMBR because I can't open any files! Any idea how to fix the fix?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,660 posts
  • MVP
I think it just wants a reboot.
  • 0

#7
Kaitlynsmom

Kaitlynsmom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Boy, you give these computer programs an inch and they want a mile! It already had one reboot but I just gifted it another as you suggested and that seems to have done the trick. Here are the logs beginning with the George fix log:

ComboFix 11-05-17.01 - Shasta 05/18/2011 3:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1919.1111 [GMT -7:00]
Running from: c:\users\Shasta\Desktop\George.exe
Command switches used :: c:\users\Shasta\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\Drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 10:53 . 2011-05-18 10:59 -------- d-----w- c:\users\Shasta\AppData\Local\temp
2011-05-18 10:53 . 2011-05-18 10:53 -------- d-----w- c:\users\KITTY\AppData\Local\temp
2011-05-18 10:53 . 2011-05-18 10:53 -------- d-----w- c:\users\Kaitlyn\AppData\Local\temp
2011-05-18 04:37 . 2011-05-18 04:37 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-17 04:00 . 2011-05-17 04:00 -------- d-----w- C:\_OTL
2011-05-16 03:30 . 2011-05-16 03:30 -------- d--h--r- c:\users\Shasta\AppData\Roaming\SecuROM
2011-05-15 09:02 . 2011-05-15 09:02 -------- d-----w- c:\users\Shasta\AppData\Roaming\Malwarebytes
2011-05-15 09:01 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 09:01 . 2011-05-15 09:01 -------- d-----w- c:\programdata\Malwarebytes
2011-05-15 09:01 . 2011-05-15 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 09:01 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 12:36 . 2011-05-14 00:42 -------- d-----w- C:\VIPRERESCUE
2011-05-10 08:46 . 2011-05-10 08:46 -------- d-----w- c:\users\Shasta\AppData\Roaming\Quirky Games
2011-05-10 08:43 . 2011-05-10 08:43 -------- d-----w- c:\programdata\3 Blokes Studios
2011-05-10 08:42 . 2011-05-10 08:42 -------- d-----w- c:\programdata\Magical Forest
2011-04-28 15:51 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-04-28 15:51 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-04-28 15:51 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-04-28 15:51 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-28 15:50 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-28 15:50 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-04-28 15:50 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-04-26 06:16 . 2011-04-26 06:18 -------- d-----w- c:\program files\KeePass-2.09
2011-04-19 17:54 . 2011-04-19 17:54 -------- d-----w- c:\users\Shasta\AppData\Roaming\Awem
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:27 . 2011-02-23 15:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 15:27 . 2011-02-23 15:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 15:27 . 2011-02-23 15:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 15:27 . 2011-02-23 15:27 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 15:27 . 2011-02-23 15:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 15:27 . 2011-02-23 15:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 15:27 . 2011-02-23 15:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 15:27 . 2011-02-23 15:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 15:27 . 2011-02-23 15:27 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-02-23 15:27 . 2011-02-23 15:27 10468360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 15:27 . 2007-09-20 06:56 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-23 15:27 . 2007-09-20 06:56 1965672 ----a-w- c:\windows\system32\nvapi.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"Skytel"="Skytel.exe" [2007-03-10 1822720]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-30 122368]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 Themes32;Themes ;c:\windows\system32\unbcl32.exe [x]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-04-15 9216]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [x]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-18 59520]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [2008-04-15 105856]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-15 105856]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-11-09 98392]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 78936]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 69976]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 01:38]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 01:38]
.
2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{3F75C605-2235-4894-AEA0-DD925CBA7628}.job
- c:\windows\system32\msfeedssync.exe [2011-01-10 04:25]
.
2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{79CA8C52-29E0-4C98-B079-AE08F2C0AB9A}.job
- c:\windows\system32\msfeedssync.exe [2011-01-10 04:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: e-rewards.com\www
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Shasta\AppData\Roaming\Mozilla\Firefox\Profiles\q9sdnxb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\programdata\iWin Games\firefox
FF - Ext: Move Media Player: [email protected] - c:\users\Shasta\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 03:59
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1148052350-3659404677-460808176-1001\Software\SecuROM\License information*]
"datasecu"=hex:f0,93,de,19,54,1a,2b,12,16,96,07,bf,e0,1f,32,c3,00,30,3e,7d,68,
7e,57,56,a8,67,50,98,ce,ed,9c,15,92,c2,2d,dd,f6,40,d8,37,e4,7c,ef,be,80,ec,\
"rkeysecu"=hex:47,0f,91,2e,dd,71,3e,e7,af,39,65,36,b3,9d,32,2a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4896)
c:\program files\Sunbelt Software\VIPRE\oehook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-18 04:04:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-18 11:04
ComboFix2.txt 2011-05-18 05:15
.
Pre-Run: 346,471,530,496 bytes free
Post-Run: 345,780,813,824 bytes free
.
- - End Of File - - 19B97B641BC1A2E5D1EC8DC994507637


And then aswMBR:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-18 04:15:20
-----------------------------
04:15:20.068 OS Version: Windows 6.0.6001 Service Pack 1
04:15:20.068 Number of processors: 2 586 0x6B01
04:15:20.068 ComputerName: SHASTAS-DESKTOP UserName: Shasta
04:15:21.675 Initialize success
04:15:30.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
04:15:30.099 Disk 0 Vendor: Hitachi_ V56O Size: 476940MB BusType: 6
04:15:32.127 Disk 0 MBR read successfully
04:15:32.127 Disk 0 MBR scan
04:15:32.127 Disk 0 unknown MBR code
04:15:34.139 Disk 0 scanning sectors +976768065
04:15:34.155 Disk 0 scanning C:\Windows\system32\drivers
04:15:38.803 Service scanning
04:15:40.051 Disk 0 trace - called modules:
04:15:40.067 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
04:15:40.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c935b8]
04:15:40.067 3 CLASSPNP.SYS[837a1745] -> nt!IofCallDriver -> [0x84db5258]
04:15:40.067 5 acpi.sys[806106a0] -> nt!IofCallDriver -> \Device\0000006b[0x84db5c90]
04:15:40.083 Scan finished successfully
04:17:24.634 Disk 0 MBR has been saved successfully to "C:\Users\Shasta\Desktop\MBR.dat"
04:17:24.649 The log file has been saved successfully to "C:\Users\Shasta\Desktop\aswMBR Log 2.txt"
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,660 posts
  • MVP
Is the redirect gone?

Ron
  • 0

#9
Kaitlynsmom

Kaitlynsmom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It certainly seems to be. I tried both Firefox and IE and they are both working fine now. Thanks a million, Ron. I can't tell you how much I appreciate it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP