TechSpot

Bamital-ac infected explorer.exe and wininit.exe

By Murmur
Oct 9, 2010
  1. Hey all.

    Avast says Win32:bamital.ac has infected explorer.exe and wininit.exe (which explains that I'm now opening programs from my task manager as my desktop has died). I used to get redirected but that seems to have stopped (or maybe it's because I switched to Safari). Also CPU usage keeps hitting 100% and all processes freeze, so I keep having to reboot. At the moment for now, I'm in safe mode.

    Seems quite a few people are having the same problem as me (at least with the bamital-ac virus), so fingers crossed my laptop doesn't take exception.

    Thanks for any help that you will be able to give.

    Logs:

    MBAM:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4735

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    9/10/2010 2:10:25 p.m.
    mbam-log-2010-10-09 (14-10-25).txt

    Scan type: Quick scan
    Objects scanned: 134358
    Time elapsed: 9 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------------

    GMER:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-09 16:14:31
    Windows 6.1.7600
    Running: 4hk4fzdv.exe; Driver: C:\Users\Mistaria\AppData\Local\Temp\fxloipoc.sys


    ---- System - GMER 1.0.15 ----

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830473F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830302D8
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830471DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830476F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830481A8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C6B1BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8C6B19D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8C6B1B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C60579 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    PAGE ntkrnlpa.exe!ZwLoadDriver 82DBE279 7 Bytes JMP 8C6B1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E25F59 5 Bytes JMP 8C6AD5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 82E3FC5F 5 Bytes JMP 8C6AF012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82E4DCE3 7 Bytes JMP 8C6B19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EF7E52 7 Bytes JMP 8C6B1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text peauth.sys A976AC9D 28 Bytes [1E, ED, 3B, 68, DB, A3, E3, ...]
    .text peauth.sys A976ACC1 28 Bytes [1E, ED, 3B, 68, DB, A3, E3, ...]
    PAGE peauth.sys A9770B9B 1 Byte [67]
    PAGE peauth.sys A9770B9B 72 Bytes [67, E4, B3, CB, 63, F2, 15, ...]
    PAGE peauth.sys A9770BEC 111 Bytes JMP AF66CA22
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 764F3142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Windows\Explorer.EXE[1600] kernel32.dll!CreateProcessInternalW 764F42AE 5 Bytes JMP 00288328

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
  2. Murmur

    Murmur TS Rookie Topic Starter

    DDS:

    DDS (Ver_10-10-05.01) - NTFSx86
    Run by Mistaria at 16:16:34.75 on Sat 09/10/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.1014.193 [GMT 13:00]

    AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: avast! antivirus 4.8.1351 [VPS 091026-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\SystemScheduler\WScheduler.exe
    C:\Windows\System32\iprntctl.exe
    C:\Windows\System32\iprntlgn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
    C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\BandwidthMeter\BandwidthMeter.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mistaria\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = proxy.student.otago.ac.nz:3128
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [bandmon] c:\program files\rokario\bandwidth monitor\bandmon.exe
    uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
    uRun: [JITScheduler] "c:\program files\gipo@utilities\jit scheduler\sched.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [WScheduler] c:\progra~1\system~1\WScheduler.exe /LOGON
    mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
    mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
    mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ShaPlus Bandwidth Meter] "c:\program files\shaplus bandwidth meter\ShaPlus Bandwidth Meter" /s
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\mistaria\appdata\roaming\micros~1\windows\startm~1\programs\startup\bandwi~1.lnk - c:\program files\bandwidthmeter\BandwidthMeter.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\
    FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
    FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
    FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\windows\system32\npnipp.dll
    FF - plugin: c:\windows\system32\npnisp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-4 165584]
    R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2010-6-10 34592]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-4 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-4 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
    R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-16 20968]
    R2 JIT Scheduler;JIT Scheduler;c:\program files\gipo@utilities\jit scheduler\schednt.exe [2010-5-18 176128]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-14 84832]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

    ============== File Associations ===============

    .txt=UltraEdit.txt

    =============== Created Last 30 ================

    2010-10-04 07:44:22 1267259 ---ha-w- c:\users\mistaria\appdata\local\IconCache.db
    2010-10-03 05:57:45 -------- d-----w- c:\users\mistaria\appdata\roaming\SUPERAntiSpyware.com
    2010-10-03 05:57:45 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2010-10-03 05:57:36 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-10-03 05:07:48 -------- d-----w- c:\users\mistaria\appdata\roaming\Malwarebytes
    2010-10-03 05:07:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-03 05:07:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-03 05:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-03 05:07:40 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-03 01:10:46 -------- d-----w- c:\progra~2\MFAData
    2010-09-27 22:20:13 -------- d-----w- c:\program files\PDF Password Remover v3.1
    2010-09-27 22:17:18 -------- d-----w- c:\program files\uTorrent
    2010-09-26 00:00:46 -------- d-----w- c:\program files\ShaPlus Bandwidth Meter
    2010-09-24 06:37:55 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-24 06:36:34 -------- d-----w- c:\progra~2\Alwil Software
    2010-09-16 15:48:33 -------- d-----w- c:\program files\WinDirStat

    ==================== Find3M ====================

    2010-09-24 06:49:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-07 14:47:30 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-08-09 17:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-09 17:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 16:17:05.85 ===============
     
  3. Murmur

    Murmur TS Rookie Topic Starter

    DDS: Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-05.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/04/2010 7:01:46 p.m.
    System Uptime: 10/09/2010 3:26:51 p.m. (697 hours ago)

    Motherboard: Dell Inc. | | 0MD666
    Processor: Intel(R) Core(TM) Duo CPU T2250 @ 1.73GHz | Microprocessor | 1733/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 13.469 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    ==== System Restore Points ===================

    RP102: 9/10/2010 1:36:24 a.m. - Scheduled Checkpoint

    ==== Installed Programs ======================

    123 Free Solitaire 2009 v7.0
    32 Bit HP CIO Components Installer
    A4 DVD Shrinker
    AAC Decoder
    AC3Filter 1.63b
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.1
    Adobe Shockwave Player 11.5
    Agent Ransack Version 1.7.3
    All File Renamer
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    AutoUpdate
    avast! Free Antivirus
    Azureus Ultra Accelerator
    Bandwidth Monitor
    Bass Audio Decoder (remove only)
    Bonjour
    CD Audio Reader Filter (remove only)
    Comical 0.8
    Convert VOB to AVI 1.7
    CPUID CPU-Z 1.54
    Declan's Chinese FlashCards v1.6
    Dell Driver Download Manager
    Dell Resource CD
    DirectVobSub (remove only)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    DScaler 5 Mpeg Decoders
    DVD Shrink 3.2
    DVDFab HD Decrypter 3.1.8.0
    ffdshow [rev 2527] [2008-12-19]
    FFMPEG Core Files (remove only)
    FILE RECOVERY for Windows
    Free Audio CD Burner version 1.3
    Free Download Manager 3.0
    FreeStar Free DVD Ripper 3.0.1
    Gabest MPEG Splitter (remove only)
    H.264 Decoder
    Haali Media Splitter
    ImagXpress
    Intkey
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    JIT Scheduler
    LG PC Suite IV
    LG USB Modem Driver
    LimeWire 4.18.8
    Malwarebytes' Anti-Malware
    Microsoft Application Compatibility Toolkit 5.5
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 6-9 Converter
    Microsoft WSE 3.0 Runtime
    MKV Splitter
    MONOGRAM AMR Splitter/Decoder (remove only)
    Mozilla Firefox (3.5.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 7 Premium
    Nero 9 Trial
    Nero Installer
    neroxml
    Next DVD Ripper 3.3
    Novell iPrint Client v05.32.00
    OpenOffice.org 3.1
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    OpenSource Flash Video Splitter (remove only)
    Paint Shop Pro 7 Anniversary Edition
    Paint.NET v3.5.5
    PC Inspector File Recovery
    PDF Password Remover v3.1
    PDF Reader 2
    Pixillion Image Converter
    Prism Video Converter
    QuickTime
    RealMedia (remove only)
    RealPlayer
    RealUpgrade 1.0
    Safari
    ShaPlus Bandwidth Meter 1.3.1
    Shareaza 2.5.2.0
    SHOUTcast Source (remove only)
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    System Scheduler 4.15
    Tautology Bandwidth Meter 1.7 (remove only)
    The KMPlayer (remove only)
    Uninstall 1.0.0.1
    UnzipThemAll 1.3
    VC80CRTRedist - 8.0.50727.4053
    VideoLAN VLC media player 0.8.6c
    VideoPad Video Editor
    Vuse Information
    Vuse_Safe1
    Vuze
    Vuze_Remote Toolbar
    WinDirStat 1.1.2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinRAR archiver
    Xvid 1.2.2 final uninstall

    ==== Event Viewer Messages From Past Week ========

    9/10/2010 3:27:55 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    9/10/2010 3:26:55 p.m., Error: sptd [4] - Driver detected an internal error in its data structures for .
    9/10/2010 11:14:16 a.m., Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    9/10/2010 11:14:07 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    9/10/2010 11:14:07 a.m., Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/10/2010 1:17:04 p.m., Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    7/10/2010 12:39:20 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    7/10/2010 12:39:20 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
    7/10/2010 11:06:21 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
    6/10/2010 7:35:58 p.m., Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer ipp://iprint.otago.ac.nz using any of the configured protocols.
    6/10/2010 5:08:57 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    5/10/2010 1:13:46 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/10/2010 3:03:43 a.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    4/10/2010 1:38:42 a.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 9:08:22 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/10/2010 9:08:22 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/10/2010 9:08:18 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/10/2010 9:08:12 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/10/2010 9:07:53 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache nipplpt2 SASDIFSV SASKUTIL spldr sptd Wanarpv6
    3/10/2010 6:31:26 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    3/10/2010 5:54:17 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache nipplpt2 spldr sptd Wanarpv6
    3/10/2010 11:00:29 a.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 10:47:48 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/10/2010 10:47:48 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/10/2010 10:47:15 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi CSC DfsC discache NetBIOS NetBT nipplpt2 nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2010 1:54:08 p.m., Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {682159D9-C321-47CA-B3F1-30E36B2EC8B9} as /. The error: "225" Happened while starting this command: C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

    ==== End Of File ===========================


    Thanks.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Murmur

    Murmur TS Rookie Topic Starter

    Okay, next lot of logs you ordered :)
    Kinda worried about combofix, as it said that Avast, and superantispyware were still running, even though I'd disabled Avast, and SAS I can't even enable its protection..
    But I still ran it anyway, so I hope I didn't screw anything up? And explorer opened, but it's done that before, with the virus.. so who knows?

    MBR:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: MM061
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 164):
    0x8201C000 \SystemRoot\system32\ntkrnlpa.exe
    0x8242C000 \SystemRoot\system32\halmacpi.dll
    0x80BBB000 \SystemRoot\system32\kdcom.dll
    0x82612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8268A000 \SystemRoot\system32\PSHED.dll
    0x8269B000 \SystemRoot\system32\BOOTVID.dll
    0x826A3000 \SystemRoot\system32\CLFS.SYS
    0x826E5000 \SystemRoot\system32\CI.dll
    0x8640C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8647D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8648B000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x864D3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x864DC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x864E4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x864EF000 \SystemRoot\system32\DRIVERS\pci.sys
    0x86519000 \SystemRoot\System32\drivers\partmgr.sys
    0x8673C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x86762000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8676A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x86775000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x86785000 \SystemRoot\System32\drivers\volmgrx.sys
    0x867D0000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x867D7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x867E5000 \SystemRoot\System32\drivers\mountmgr.sys
    0x86600000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x86609000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8662C000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8652A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8655E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x86805000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x86934000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8695F000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x86972000 \SystemRoot\System32\Drivers\cng.sys
    0x869CF000 \SystemRoot\System32\drivers\pcw.sys
    0x869DD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x86A05000 \SystemRoot\system32\drivers\ndis.sys
    0x86ABC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x86AFA000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x86C25000 \SystemRoot\System32\drivers\tcpip.sys
    0x86D6E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x86D9F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x86DA8000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x86B1F000 \SystemRoot\System32\drivers\rdyboost.sys
    0x86DEF000 \SystemRoot\System32\Drivers\mup.sys
    0x86C00000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x86B4C000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x86C08000 \SystemRoot\system32\DRIVERS\disk.sys
    0x86B7E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x86DE7000 \SystemRoot\System32\Drivers\Null.SYS
    0x86BCA000 \SystemRoot\System32\Drivers\Beep.SYS
    0x86BD1000 \SystemRoot\System32\drivers\vga.sys
    0x86BDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x869E6000 \SystemRoot\System32\drivers\watchdog.sys
    0x869F3000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x86635000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x86640000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8664E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x86665000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8667A000 \SystemRoot\system32\drivers\afd.sys
    0x86A00000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x866D4000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x86706000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8670D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8672C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8656F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x86670000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x82790000 \SystemRoot\system32\drivers\csc.sys
    0x865B0000 \SystemRoot\System32\Drivers\dfsc.sys
    0x865C8000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x865E9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8A409000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8A608000 \SystemRoot\system32\DRIVERS\netw5v32.sys
    0x8AA1B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8AA26000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8AA71000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8AA80000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0x8AA91000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x8AABD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8AAC5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8AAD2000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8AB23000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8AB3B000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8AB66000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8AB68000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8AB75000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8AB82000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8ABA1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8ABA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8ABB5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8ABC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8ABCC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8ABDE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8A428000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8A433000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8A455000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8A46D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8A484000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8ABF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x8A49B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8A600000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8A4AB000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8A4DF000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8A4ED000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8A531000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8C380000 \SystemRoot\System32\win32k.sys
    0x8A542000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8C5D0000 \SystemRoot\System32\drivers\dxg.sys
    0x8C200000 \SystemRoot\System32\TSDDD.dll
    0x8C280000 \SystemRoot\System32\framebuf.dll
    0x8A54C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8A559000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8A564000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8A56D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x8A57E000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8A598000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8A5DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x86BA3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8A5EE000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9123C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9125F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9129A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x912B5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x912C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x912D3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x912DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x77870000 \Windows\System32\ntdll.dll
    0x48020000 \Windows\System32\smss.exe
    0x77AB0000 \Windows\System32\apisetschema.dll
    0x00330000 \Windows\System32\autochk.exe
    0x77770000 \Windows\System32\wininet.dll
    0x77A10000 \Windows\System32\clbcatq.dll
    0x776C0000 \Windows\System32\msvcrt.dll
    0x77A00000 \Windows\System32\lpk.dll
    0x779F0000 \Windows\System32\psapi.dll
    0x77520000 \Windows\System32\setupapi.dll
    0x768D0000 \Windows\System32\shell32.dll
    0x76790000 \Windows\System32\urlmon.dll
    0x779D0000 \Windows\System32\sechost.dll
    0x766E0000 \Windows\System32\rpcrt4.dll
    0x766A0000 \Windows\System32\ws2_32.dll
    0x76540000 \Windows\System32\ole32.dll
    0x779C0000 \Windows\System32\nsi.dll
    0x76520000 \Windows\System32\imm32.dll
    0x76490000 \Windows\System32\oleaut32.dll
    0x76290000 \Windows\System32\iertutil.dll
    0x76240000 \Windows\System32\Wldap32.dll
    0x761A0000 \Windows\System32\advapi32.dll
    0x760C0000 \Windows\System32\kernel32.dll
    0x76070000 \Windows\System32\gdi32.dll
    0x75FA0000 \Windows\System32\user32.dll
    0x75F40000 \Windows\System32\difxapi.dll
    0x75E70000 \Windows\System32\msctf.dll
    0x75DF0000 \Windows\System32\comdlg32.dll
    0x75DC0000 \Windows\System32\imagehlp.dll
    0x779B0000 \Windows\System32\normaliz.dll
    0x75D60000 \Windows\System32\shlwapi.dll
    0x75CC0000 \Windows\System32\usp10.dll
    0x75C30000 \Windows\System32\comctl32.dll
    0x75BE0000 \Windows\System32\KernelBase.dll
    0x75BB0000 \Windows\System32\cfgmgr32.dll
    0x75B90000 \Windows\System32\devobj.dll
    0x75A70000 \Windows\System32\crypt32.dll
    0x75A40000 \Windows\System32\wintrust.dll
    0x75A30000 \Windows\System32\msasn1.dll

    Processes (total 25):
    0 System Idle Process
    4 System
    248 C:\Windows\System32\smss.exe
    360 csrss.exe
    400 C:\Windows\System32\wininit.exe
    412 csrss.exe
    440 C:\Windows\System32\winlogon.exe
    504 C:\Windows\System32\services.exe
    516 C:\Windows\System32\lsass.exe
    524 C:\Windows\System32\lsm.exe
    620 C:\Windows\System32\svchost.exe
    692 C:\Windows\System32\svchost.exe
    796 C:\Windows\System32\svchost.exe
    832 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1364 C:\Windows\explorer.exe
    1420 C:\Windows\System32\ctfmon.exe
    1752 C:\Program Files\Safari\Safari.exe
    356 C:\Windows\System32\svchost.exe
    2036 C:\Users\Mistaria\Desktop\MBRCheck.exe
    2040 C:\Windows\System32\conhost.exe
    1212 <unknown>

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC74P

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  6. Murmur

    Murmur TS Rookie Topic Starter

    Combofix


    ComboFix 10-10-08.01 - Mistaria 09/10/2010 23:39:03.1.2 - x86 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.1014.505 [GMT 13:00]
    Running from: c:\users\Mistaria\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: avast! antivirus 4.8.1351 [VPS 091026-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Thumbs.db

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

    Infected copy of c:\windows\System32\wininit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
    .

    2010-10-09 10:44 . 2010-10-09 10:47 -------- d-----w- c:\users\Mistaria\AppData\Local\temp
    2010-10-09 10:44 . 2010-10-09 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-03 06:03 . 2010-10-03 06:03 63488 ----a-w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-10-03 06:03 . 2010-10-03 06:03 52224 ----a-w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-10-03 06:03 . 2010-10-03 06:03 117760 ----a-w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-10-03 05:57 . 2010-10-03 05:57 -------- d-----w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com
    2010-10-03 05:57 . 2010-10-03 05:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-10-03 05:57 . 2010-10-09 10:22 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-10-03 05:22 . 2010-10-03 05:22 117140 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-10-03 05:07 . 2010-10-03 05:07 -------- d-----w- c:\users\Mistaria\AppData\Roaming\Malwarebytes
    2010-10-03 05:07 . 2010-04-29 02:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-03 05:07 . 2010-10-03 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-03 05:07 . 2010-10-03 05:07 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-03 05:07 . 2010-04-29 02:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-03 01:10 . 2010-10-03 01:10 -------- d-----w- c:\programdata\MFAData
    2010-09-27 22:20 . 2010-09-27 22:20 -------- d-----w- c:\program files\PDF Password Remover v3.1
    2010-09-27 22:17 . 2010-09-27 22:17 -------- d-----w- c:\program files\uTorrent
    2010-09-26 00:00 . 2010-09-26 00:00 -------- d-----w- c:\program files\ShaPlus Bandwidth Meter
    2010-09-24 06:50 . 2010-09-24 06:50 -------- d-----w- c:\program files\Common Files\Java
    2010-09-24 06:49 . 2010-09-24 06:49 -------- d-----w- c:\program files\Java
    2010-09-24 06:37 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-24 06:36 . 2010-09-24 06:36 -------- d-----w- c:\programdata\Alwil Software
    2010-09-23 23:53 . 2010-08-19 10:03 52224 ----a-w- c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    2010-09-23 23:53 . 2010-08-19 10:03 101376 ----a-w- c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    2010-09-16 15:48 . 2010-09-16 15:48 -------- d-----w- c:\program files\WinDirStat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-09 03:28 . 2009-09-03 15:24 -------- d-----w- c:\users\Mistaria\AppData\Roaming\Free Download Manager
    2010-10-09 02:41 . 2010-09-02 23:16 -------- d-----w- c:\program files\FlashGet
    2010-10-08 22:17 . 2010-06-10 04:27 -------- d-----w- c:\program files\DVDVideoSoft
    2010-10-08 22:17 . 2010-06-10 04:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2010-10-08 14:38 . 2009-09-03 13:13 -------- d-----w- c:\users\Mistaria\AppData\Roaming\Azureus
    2010-10-04 09:14 . 2009-09-04 06:18 1 ----a-w- c:\users\Mistaria\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-09-29 02:26 . 2009-09-03 12:44 -------- d-----w- c:\users\Mistaria\AppData\Roaming\uTorrent
    2010-09-24 06:49 . 2010-05-01 05:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-24 06:45 . 2009-09-04 09:55 -------- d-----w- c:\program files\Alwil Software
    2010-09-07 15:11 . 2009-09-04 09:55 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-09-04 09:56 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-09-04 09:56 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-09-04 09:56 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-09-04 09:55 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-09-04 09:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-05 10:47 . 2009-09-22 13:38 178 ----a-w- c:\users\Mistaria\AppData\Roaming\Azureus\restart.bat
    2010-09-05 10:42 . 2010-09-05 10:42 310208 ----a-w- c:\users\Mistaria\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
    2010-09-05 10:41 . 2009-09-03 13:12 -------- d-----w- c:\program files\Vuze
    2010-09-03 00:01 . 2010-03-29 11:30 -------- d-----w- c:\users\Mistaria\AppData\Roaming\BitComet
    2010-09-02 23:16 . 2010-09-02 23:16 -------- d-----w- c:\users\Mistaria\AppData\Roaming\FlashGet
    2010-08-29 13:51 . 2010-06-16 00:14 -------- d-----w- c:\program files\Opera
    2010-08-29 13:50 . 2010-04-08 01:44 -------- d-----w- c:\program files\GameTop.com
    2010-08-29 13:30 . 2010-04-16 03:14 -------- d-----w- c:\programdata\Norton
    2010-08-29 13:30 . 2010-04-16 03:14 -------- d-----w- c:\programdata\Symantec
    2010-08-29 01:44 . 2010-08-29 01:44 -------- d-----w- c:\program files\Xvid
    2010-08-25 03:04 . 2009-11-18 01:27 -------- d-----w- c:\program files\Paint.NET
    2010-08-21 05:39 . 2010-05-08 04:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-08-19 07:50 . 2010-08-19 07:49 -------- d-----w- c:\program files\QuickTime
    2010-08-19 07:42 . 2010-06-21 02:50 -------- d-----w- c:\program files\Safari
    2010-08-19 07:39 . 2010-08-19 07:39 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
    2010-08-11 07:59 . 2010-08-11 07:59 -------- d-----w- c:\program files\DiskInternals
    2010-07-22 08:08 . 2010-07-22 08:08 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-07-17 23:57 . 2010-07-17 23:57 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-07-17 23:57 . 2010-07-17 23:57 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-07-17 23:57 . 2010-07-17 23:57 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-07-17 23:57 . 2010-07-17 23:57 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-07-17 23:57 . 2010-07-17 23:57 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-07-12 03:25 . 2010-07-12 03:25 452104 ----a-w- c:\users\Mistaria\AppData\Roaming\Real\Update\setup3.12\setup.exe
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-03-17 03:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "bandmon"="c:\program files\Rokario\Bandwidth Monitor\bandmon.exe" [2008-06-01 1529856]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
    "JITScheduler"="c:\program files\GiPo@Utilities\JIT Scheduler\sched.exe" [2008-03-23 188416]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
    "WScheduler"="c:\progra~1\SYSTEM~1\WScheduler.exe" [2010-04-23 272896]
    "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-19 317368]
    "iPrint Tray"="c:\windows\system32\iprntctl.exe" [2009-12-03 68120]
    "iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2009-12-03 72216]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-15 141608]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    c:\users\Mistaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2009-10-13 285184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-12-11 02:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-21 12:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 06:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-15 19:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 02:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-09 17:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-02 717296]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
    S1 aswSP;aswSP; [x]
    S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-12-04 34592]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
    S2 JIT Scheduler;JIT Scheduler;c:\program files\GiPo@Utilities\JIT Scheduler\schednt.exe [2008-03-23 176128]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = proxy.student.otago.ac.nz:3128
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    FF - ProfilePath - c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\
    FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Java\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
    FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\windows\system32\npnipp.dll
    FF - plugin: c:\windows\system32\npnisp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .
    .
    ------- File Associations -------
    .
    .txt=UltraEdit.txt
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-Intkey - c:\delta\Uninst.isu


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\rundll32.exe
    c:\program files\SystemScheduler\WScheduler.exe
    c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-09 23:52:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-09 10:52

    Pre-Run: 14,356,238,336 bytes free
    Post-Run: 14,204,010,496 bytes free

    - - End Of File - - D6EEFD0EB80A9924D03275407DE6F6B3
     
  7. Murmur

    Murmur TS Rookie Topic Starter

    Avast has detected threats:

    C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir (same for explorer.exe)

    Does this mean that they're quarantined? Or still active? I haven't touched them in case..

    Thanks.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    As long as you did, what you could to disable them, you're fine.

    Yes. It looks like Combofix was able to replace infected files with good copies.
    You can allow Avast to get rid of those files, if you wish. Those files in quarantine folder are safe and inactive and we'll remove that folder at the end of our cleaning process anyway.

    Combofix log looks good now :)

    I assume, you're familiar with this proxy?
    proxy.student.otago.ac.nz:3128


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Murmur

    Murmur TS Rookie Topic Starter

    O.o ... You now know the general area where I live?

    LOGS:

    OTL:

    OTL logfile created on: 10/10/2010 12:40:46 p.m. - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Mistaria\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    1,014.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 38.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1600 1600 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 12.80 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HISSYFIT
    Current User Name: Mistaria
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
    PRC - [2010/09/29 03:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/07/18 12:53:56 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/04/23 15:27:06 | 000,272,896 | ---- | M] (Splinterware Software Solutions) -- C:\Program Files\SystemScheduler\WScheduler.exe
    PRC - [2010/01/05 04:08:46 | 000,151,552 | ---- | M] (ShaPlus Software) -- C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
    PRC - [2009/12/04 04:13:22 | 000,072,216 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntlgn.exe
    PRC - [2009/12/04 04:13:20 | 000,068,120 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
    PRC - [2009/10/13 20:27:06 | 000,285,184 | ---- | M] (Senh Liu) -- C:\Program Files\BandwidthMeter\BandwidthMeter.exe
    PRC - [2009/07/14 14:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 14:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/31 04:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
    PRC - [2008/06/01 17:05:02 | 001,529,856 | ---- | M] (Rokario Software) -- C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
    PRC - [2008/03/24 01:00:00 | 000,188,416 | ---- | M] (Gibin Software House
    http://www.gibinsoft.com) -- C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
    PRC - [2008/03/24 01:00:00 | 000,176,128 | ---- | M] (Gibin Software House
    http://www.gibinsoft.com) -- C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
    MOD - [2009/07/14 14:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 14:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 14:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/14 14:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 14:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/14 14:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 14:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/14 14:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 14:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 14:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 14:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
    MOD - [2009/07/14 14:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/07/14 14:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 14:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 14:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 14:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 14:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 14:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 14:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 14:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 14:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 14:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 14:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 14:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 14:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/07/14 14:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/07/14 14:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 14:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 14:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 14:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 14:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 14:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009/07/14 14:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 14:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2008/03/24 01:00:00 | 000,176,128 | ---- | M] (Gibin Software House
    http://www.gibinsoft.com) [Auto | Running] -- C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe -- (JIT Scheduler)
     
  10. Murmur

    Murmur TS Rookie Topic Starter

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mistaria\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/09/08 03:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 03:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 03:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 03:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/08 03:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/11 07:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/31 00:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
    DRV - [2010/02/18 07:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/01/21 02:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2010/01/21 02:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2010/01/21 02:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2009/12/04 16:17:48 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
    DRV - [2009/09/03 09:40:51 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/07/14 14:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 14:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 14:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 14:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 14:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 14:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 14:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 14:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 14:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 14:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 14:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 14:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 14:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 14:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 14:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 14:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 14:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/07/14 14:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 14:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 14:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 14:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 14:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 14:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 14:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 14:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 14:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 14:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 14:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 14:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 14:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 14:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 14:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 14:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 14:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 14:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 14:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 14:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 14:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 14:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 14:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 14:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 14:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 13:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 13:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 13:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 12:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 12:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 12:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 12:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 12:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 12:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 12:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 12:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 12:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 12:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 12:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 12:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 12:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 12:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 12:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
    DRV - [2009/07/14 12:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 12:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 11:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 11:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 11:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 11:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 11:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 11:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 11:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
    DRV - [2009/07/14 11:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
    DRV - [2009/07/14 11:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
    DRV - [2009/07/14 11:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/07/14 11:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 11:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2009/07/14 11:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 11:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/06/11 10:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2006/11/15 20:06:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.student.otago.ac.nz:3128

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Ask"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
    FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
    FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
    FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\{88c0442b-6405-4382-b747-2af3030015d8}: C:\Program Files\gamesfree\firefox
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/18 12:57:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 00:09:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 00:09:20 | 000,000,000 | ---D | M]
     
  11. Murmur

    Murmur TS Rookie Topic Starter

    [2010/04/22 19:30:49 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Extensions
    [2010/10/09 13:25:27 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions
    [2010/09/03 12:11:23 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/05/09 17:35:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/24 12:53:11 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/06/10 17:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2010/04/22 19:30:51 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2010/08/17 16:00:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/04/22 19:30:53 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/09/03 12:11:23 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2010/07/18 19:24:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/18 19:24:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/07/01 12:08:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/09/03 11:51:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/05/09 23:52:15 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\chineseperakun@gmail.com
    [2009/09/04 02:13:24 | 000,000,687 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\searchplugins\ask.xml
    [2009/04/21 02:09:14 | 000,000,880 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\searchplugins\conduit.xml
    [2010/04/22 02:20:30 | 000,002,203 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\searchplugins\googlecom-in-english.xml
    [2010/09/24 19:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/01 18:29:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/24 19:49:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/02/21 23:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    [2010/09/24 19:49:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/22 10:41:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/07/22 10:41:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/07/22 10:41:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/07/22 10:41:31 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/10/09 23:46:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKLM..\Run: [iPrint Event Monitor] C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
    O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WScheduler] C:\Program Files\SystemScheduler\WScheduler.exe (Splinterware Software Solutions)
    O4 - HKCU..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe (Rokario Software)
    O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
    O4 - HKCU..\Run: [JITScheduler] C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe (Gibin Software House
    http://www.gibinsoft.com)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Mistaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe (Senh Liu)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
    O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll (Shareaza Development Team)
    O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O24 - Desktop WallPaper: C:\Users\Mistaria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mistaria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - xvidvfw.dll File not found
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/10 12:36:09 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
    [2010/10/09 23:46:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010/10/09 23:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Local\temp
    [2010/10/09 23:35:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/09 23:35:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/09 23:35:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/09 23:35:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/09 23:27:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/09 23:27:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/09 23:27:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/10/09 12:36:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\TFC.exe
    [2010/10/03 23:51:36 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\BackUp
    [2010/10/03 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com
    [2010/10/03 18:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/10/03 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/10/03 18:07:48 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\Malwarebytes
    [2010/10/03 18:07:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/10/03 18:07:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/10/03 18:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/03 18:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/03 14:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/09/28 11:23:27 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
    [2010/09/28 11:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover v3.1
    [2010/09/28 11:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2010/09/26 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\ShaPlus Bandwidth Meter
    [2010/09/24 19:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/09/24 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/09/24 19:37:55 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/09/24 19:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/09/18 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\~Anime
    [2010/09/18 01:53:46 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\~Manga
    [2010/09/17 04:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
    [2010/09/17 04:48:02 | 000,645,729 | ---- | C] (WDS Team) -- C:\Users\Mistaria\Documents\windirstat1_1_2_setup.exe
    [2010/09/03 12:16:28 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\FlashGet
    [2010/09/03 12:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet
    [2010/08/31 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\LING314
    [2010/08/31 13:19:01 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\LING316
    [2010/08/30 04:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\The KMPlayer
    [2010/08/30 02:51:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2010/08/30 02:22:51 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\Declan Software
    [2010/08/30 02:17:37 | 000,000,000 | R--D | C] -- C:\Users\Mistaria\Documents\To Sort
    [2010/08/29 14:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
    [2010/08/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/08/11 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
    [2010/08/05 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\IDMComp
    [2010/07/29 01:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\Visual Boy Advance
    [2010/07/22 21:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/07/22 21:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/07/18 12:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Local\Real
    [2010/07/18 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/07/18 12:54:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/10/10 12:44:40 | 004,980,736 | -HS- | M] () -- C:\Users\Mistaria\NTUSER.DAT
    [2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
    [2010/10/10 03:39:18 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/10 03:39:18 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/10 03:28:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/10/10 03:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/10 03:28:22 | 797,786,112 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/10 03:25:58 | 001,288,153 | -H-- | M] () -- C:\Users\Mistaria\AppData\Local\IconCache.db
    [2010/10/09 23:46:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/10/09 23:46:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/09 23:18:09 | 003,876,009 | R--- | M] () -- C:\Users\Mistaria\Desktop\ComboFix.exe
    [2010/10/09 23:16:10 | 000,080,384 | ---- | M] () -- C:\Users\Mistaria\Desktop\MBRCheck.exe
    [2010/10/09 13:06:28 | 000,007,623 | ---- | M] () -- C:\Users\Mistaria\AppData\Local\Resmon.ResmonCfg
    [2010/10/09 12:39:00 | 000,293,376 | ---- | M] () -- C:\Users\Mistaria\Documents\4hk4fzdv.exe
    [2010/10/09 12:36:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\TFC.exe
    [2010/10/08 19:43:11 | 000,504,462 | ---- | M] () -- C:\Users\Mistaria\Documents\98-0000-COLE-0-0.pdf
    [2010/10/08 19:42:48 | 000,283,098 | ---- | M] () -- C:\Users\Mistaria\Documents\LING215 HELP.pdf
    [2010/10/08 19:40:44 | 000,433,705 | ---- | M] () -- C:\Users\Mistaria\Documents\ArabicGrammarBookPDF.pdf
    [2010/10/08 19:36:50 | 000,060,542 | ---- | M] () -- C:\Users\Mistaria\Documents\10.1.1.44.8704.pdf
    [2010/10/08 19:35:21 | 000,543,023 | ---- | M] () -- C:\Users\Mistaria\Documents\10.1.1.122.3377.pdf
    [2010/10/08 16:08:19 | 000,794,990 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/10/08 16:08:19 | 000,678,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/08 16:08:19 | 000,127,492 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/08 13:13:45 | 000,036,881 | ---- | M] () -- C:\Users\Mistaria\Documents\LING314 Assignment Attempt 2.odt
    [2010/10/08 03:02:36 | 000,020,978 | ---- | M] () -- C:\Users\Mistaria\Documents\Greenberg orincipples.odt
    [2010/10/08 02:16:03 | 000,021,197 | ---- | M] () -- C:\Users\Mistaria\Documents\Greenberg's Universals.odt
    [2010/10/07 17:56:47 | 000,027,333 | ---- | M] () -- C:\Users\Mistaria\Documents\theseses.odt
    [2010/10/07 17:29:32 | 000,041,587 | ---- | M] () -- C:\Users\Mistaria\Documents\how do you write a comparison.odt
    [2010/10/07 01:57:55 | 001,066,100 | ---- | M] () -- C:\Users\Mistaria\Documents\10.1.1.161.596.pdf
    [2010/10/07 01:56:51 | 000,852,979 | ---- | M] () -- C:\Users\Mistaria\Documents\chinese examples useful maybe.pdf
    [2010/10/07 01:29:42 | 000,068,586 | ---- | M] () -- C:\Users\Mistaria\Documents\Bisang8.pdf
    [2010/10/07 01:29:00 | 000,009,878 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling215 Assignmeent2.odt
    [2010/10/07 01:28:37 | 000,025,685 | ---- | M] () -- C:\Users\Mistaria\Documents\DM.odt
    [2010/10/07 01:28:21 | 000,011,245 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling215 Assignment 2.odt
    [2010/10/07 01:27:56 | 000,033,686 | ---- | M] () -- C:\Users\Mistaria\Documents\Discourse Markers INFO.odt
     
  12. Murmur

    Murmur TS Rookie Topic Starter

    [2010/10/07 01:27:28 | 000,031,939 | ---- | M] () -- C:\Users\Mistaria\Documents\Hawkins.odt
    [2010/10/06 14:34:58 | 000,028,350 | ---- | M] () -- C:\Users\Mistaria\Documents\Speecj for ling316.odt
    [2010/10/04 16:26:58 | 000,008,418 | ---- | M] () -- C:\Users\Mistaria\Documents\Hello. LING SPEECH..odt
    [2010/10/04 16:01:56 | 000,283,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/03 19:57:30 | 001,230,934 | ---- | M] () -- C:\Users\Mistaria\Documents\4.pdf
    [2010/10/03 19:56:37 | 000,162,219 | ---- | M] () -- C:\Users\Mistaria\Documents\3.odt
    [2010/10/03 19:56:17 | 000,043,367 | ---- | M] () -- C:\Users\Mistaria\Documents\2.odt
    [2010/10/03 19:56:05 | 000,008,326 | ---- | M] () -- C:\Users\Mistaria\Documents\1.odt
    [2010/10/03 18:57:38 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/03 18:22:31 | 000,117,140 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
    [2010/10/03 18:07:44 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/03 17:03:48 | 000,018,831 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling Assignment.odt
    [2010/09/30 10:44:20 | 000,014,392 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling SLip.odt
    [2010/09/28 11:22:24 | 000,000,040 | ---- | M] () -- C:\Windows\winDecrypt.INI
    [2010/09/28 11:20:14 | 000,001,010 | ---- | M] () -- C:\Users\Mistaria\Documents\PDF Password Remover v3.1.lnk
    [2010/09/28 11:18:21 | 000,001,038 | ---- | M] () -- C:\Users\Mistaria\Documents\Easy Pdf Password Recovery Free.lnk
    [2010/09/28 11:17:19 | 000,000,937 | ---- | M] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010/09/28 11:17:19 | 000,000,913 | ---- | M] () -- C:\Users\Mistaria\Documents\µTorrent.lnk
    [2010/09/28 10:51:12 | 001,717,097 | ---- | M] () -- C:\Users\Mistaria\Documents\1CoverPolicy.pdf
    [2010/09/27 02:04:34 | 000,018,225 | ---- | M] () -- C:\Users\Mistaria\Documents\COMP.odt
    [2010/09/24 22:55:28 | 000,421,042 | ---- | M] () -- C:\Users\Mistaria\Documents\BandwidthLog.csv
    [2010/09/24 19:39:32 | 000,002,005 | ---- | M] () -- C:\Users\Mistaria\Documents\avast! Free Antivirus.lnk
    [2010/09/24 19:39:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/09/22 01:41:32 | 001,003,989 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Law.pdf
    [2010/09/22 01:00:05 | 002,001,625 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Curse.pdf
    [2010/09/21 17:25:50 | 002,178,579 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Highland_Wolves.pdf
    [2010/09/17 21:00:00 | 000,165,463 | ---- | M] () -- C:\Users\Mistaria\Documents\fish-bikini-mascot-sekiu-olympic-peninsula-strait-of-juan-de-fuca.jpg
    [2010/09/17 04:48:34 | 000,000,989 | ---- | M] () -- C:\Users\Mistaria\Documents\WinDirStat.lnk
    [2010/09/16 15:26:03 | 000,016,415 | ---- | M] () -- C:\Users\Mistaria\Documents\ling badly written 215 tut slip.odt
    [2010/09/12 06:56:38 | 003,010,534 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Bound.pdf
    [2010/09/09 00:50:01 | 003,260,616 | ---- | M] () -- C:\Users\Mistaria\Documents\overall_2007_aguaruna.pdf
    [2010/09/09 00:19:49 | 000,019,992 | ---- | M] () -- C:\Users\Mistaria\Documents\LING215 assignment.odt
    [2010/09/08 04:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/09/08 04:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/09/08 03:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/09/08 03:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/09/08 03:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/09/08 03:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/09/08 03:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/09/05 23:41:44 | 000,001,794 | ---- | M] () -- C:\Users\Mistaria\Documents\Vuze.lnk
    [2010/09/05 23:41:44 | 000,001,794 | ---- | M] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/09/04 15:43:04 | 032,782,310 | ---- | M] () -- C:\Users\Mistaria\Documents\Taize.rar
    [2010/09/04 08:20:35 | 366,755,680 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E20.HDTV.XviD-LOL.[VTV].avi
    [2010/09/04 04:15:26 | 366,789,158 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E21.HDTV.XviD-LOL.[VTV].avi
    [2010/09/03 12:16:20 | 000,000,965 | ---- | M] () -- C:\Users\Mistaria\Documents\FlashGet.lnk
    [2010/09/02 18:00:50 | 001,322,129 | ---- | M] () -- C:\Users\Mistaria\Documents\OToole_Zachary_-_Busted.pdf
    [2010/09/02 03:30:44 | 366,770,028 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E19.HDTV.XviD-LOL.[VTV].avi
    [2010/09/02 00:08:55 | 130,680,362 | ---- | M] () -- C:\Users\Mistaria\Documents\Ice Age Surviving Sid 2009 720p nHD x264 NhaNc3.mkv
    [2010/09/01 22:09:45 | 000,004,608 | ---- | M] () -- C:\Users\Mistaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/31 10:32:25 | 000,008,884 | ---- | M] () -- C:\Users\Mistaria\Documents\Group Room bookings.odt
    [2010/08/31 09:39:14 | 366,812,740 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E11.HDTV.XviD-LOL.[VTV].avi
    [2010/08/31 03:43:37 | 366,792,308 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E12.HDTV.XviD-LOL.[VTV].avi
    [2010/08/25 16:05:03 | 000,001,176 | ---- | M] () -- C:\Users\Mistaria\Documents\Paint.NET.lnk
    [2010/08/19 20:49:59 | 000,001,815 | ---- | M] () -- C:\Users\Mistaria\Documents\QuickTime Player.lnk
    [2010/08/19 20:42:42 | 000,002,503 | ---- | M] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/08/19 20:42:41 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/08/01 04:19:46 | 014,398,451 | ---- | M] () -- C:\Users\Mistaria\Documents\UltraEdit 16.00.0.1036 Portable.exe
    [2010/07/22 21:17:54 | 000,002,429 | ---- | M] () -- C:\Users\Mistaria\Documents\iTunes.lnk
    [2010/07/21 20:01:26 | 004,279,932 | ---- | M] () -- C:\Users\Mistaria\Documents\Epic Win FTW -Awesome Photos and Videos.flv
    [2010/07/18 12:54:04 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

    ========== Files Created - No Company Name ==========

    [2010/10/09 23:35:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/09 23:35:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/09 23:35:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/09 23:35:46 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/09 23:35:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/09 23:16:29 | 003,876,009 | R--- | C] () -- C:\Users\Mistaria\Desktop\ComboFix.exe
    [2010/10/09 23:16:07 | 000,080,384 | ---- | C] () -- C:\Users\Mistaria\Desktop\MBRCheck.exe
    [2010/10/09 12:38:56 | 000,293,376 | ---- | C] () -- C:\Users\Mistaria\Documents\4hk4fzdv.exe
    [2010/10/08 19:43:11 | 000,504,462 | ---- | C] () -- C:\Users\Mistaria\Documents\98-0000-COLE-0-0.pdf
    [2010/10/08 19:42:47 | 000,283,098 | ---- | C] () -- C:\Users\Mistaria\Documents\LING215 HELP.pdf
    [2010/10/08 19:40:44 | 000,433,705 | ---- | C] () -- C:\Users\Mistaria\Documents\ArabicGrammarBookPDF.pdf
    [2010/10/08 19:36:49 | 000,060,542 | ---- | C] () -- C:\Users\Mistaria\Documents\10.1.1.44.8704.pdf
    [2010/10/08 19:35:20 | 000,543,023 | ---- | C] () -- C:\Users\Mistaria\Documents\10.1.1.122.3377.pdf
    [2010/10/08 03:02:34 | 000,020,978 | ---- | C] () -- C:\Users\Mistaria\Documents\Greenberg orincipples.odt
    [2010/10/07 17:56:46 | 000,027,333 | ---- | C] () -- C:\Users\Mistaria\Documents\theseses.odt
    [2010/10/07 17:40:51 | 000,036,881 | ---- | C] () -- C:\Users\Mistaria\Documents\LING314 Assignment Attempt 2.odt
    [2010/10/07 17:29:31 | 000,041,587 | ---- | C] () -- C:\Users\Mistaria\Documents\how do you write a comparison.odt
    [2010/10/07 02:44:03 | 000,021,197 | ---- | C] () -- C:\Users\Mistaria\Documents\Greenberg's Universals.odt
    [2010/10/07 01:57:55 | 001,066,100 | ---- | C] () -- C:\Users\Mistaria\Documents\10.1.1.161.596.pdf
    [2010/10/07 01:56:48 | 000,852,979 | ---- | C] () -- C:\Users\Mistaria\Documents\chinese examples useful maybe.pdf
    [2010/10/07 01:29:42 | 000,068,586 | ---- | C] () -- C:\Users\Mistaria\Documents\Bisang8.pdf
    [2010/10/07 01:28:59 | 000,009,878 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling215 Assignmeent2.odt
    [2010/10/07 01:28:36 | 000,025,685 | ---- | C] () -- C:\Users\Mistaria\Documents\DM.odt
    [2010/10/07 01:28:16 | 000,011,245 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling215 Assignment 2.odt
    [2010/10/07 01:27:20 | 000,031,939 | ---- | C] () -- C:\Users\Mistaria\Documents\Hawkins.odt
    [2010/10/04 22:20:43 | 000,033,686 | ---- | C] () -- C:\Users\Mistaria\Documents\Discourse Markers INFO.odt
    [2010/10/04 16:26:51 | 000,008,418 | ---- | C] () -- C:\Users\Mistaria\Documents\Hello. LING SPEECH..odt
    [2010/10/03 19:57:30 | 001,230,934 | ---- | C] () -- C:\Users\Mistaria\Documents\4.pdf
    [2010/10/03 19:56:29 | 000,162,219 | ---- | C] () -- C:\Users\Mistaria\Documents\3.odt
    [2010/10/03 19:56:16 | 000,043,367 | ---- | C] () -- C:\Users\Mistaria\Documents\2.odt
    [2010/10/03 19:56:02 | 000,008,326 | ---- | C] () -- C:\Users\Mistaria\Documents\1.odt
    [2010/10/03 18:57:38 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/03 18:22:31 | 000,117,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/10/03 18:07:44 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/03 11:02:29 | 000,018,831 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling Assignment.odt
    [2010/10/01 16:10:40 | 000,028,350 | ---- | C] () -- C:\Users\Mistaria\Documents\Speecj for ling316.odt
    [2010/09/30 10:44:19 | 000,014,392 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling SLip.odt
    [2010/09/28 11:22:24 | 000,000,040 | ---- | C] () -- C:\Windows\winDecrypt.INI
    [2010/09/28 11:20:14 | 000,001,010 | ---- | C] () -- C:\Users\Mistaria\Documents\PDF Password Remover v3.1.lnk
    [2010/09/28 11:18:21 | 000,001,038 | ---- | C] () -- C:\Users\Mistaria\Documents\Easy Pdf Password Recovery Free.lnk
    [2010/09/28 11:17:19 | 000,000,937 | ---- | C] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010/09/28 11:17:19 | 000,000,913 | ---- | C] () -- C:\Users\Mistaria\Documents\µTorrent.lnk
    [2010/09/28 10:51:12 | 001,717,097 | ---- | C] () -- C:\Users\Mistaria\Documents\1CoverPolicy.pdf
    [2010/09/27 20:15:59 | 031,110,664 | ---- | C] () -- C:\Users\Mistaria\Documents\Trinty Blood AMV.wmv
    [2010/09/27 02:04:33 | 000,018,225 | ---- | C] () -- C:\Users\Mistaria\Documents\COMP.odt
    [2010/09/24 22:55:28 | 000,421,042 | ---- | C] () -- C:\Users\Mistaria\Documents\BandwidthLog.csv
    [2010/09/24 19:39:32 | 000,002,005 | ---- | C] () -- C:\Users\Mistaria\Documents\avast! Free Antivirus.lnk
    [2010/09/22 01:41:32 | 001,003,989 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Law.pdf
    [2010/09/22 01:00:04 | 002,001,625 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Curse.pdf
    [2010/09/21 17:25:49 | 002,178,579 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Highland_Wolves.pdf
    [2010/09/17 20:59:30 | 000,165,463 | ---- | C] () -- C:\Users\Mistaria\Documents\fish-bikini-mascot-sekiu-olympic-peninsula-strait-of-juan-de-fuca.jpg
    [2010/09/17 04:48:34 | 000,000,989 | ---- | C] () -- C:\Users\Mistaria\Documents\WinDirStat.lnk
    [2010/09/16 15:26:02 | 000,016,415 | ---- | C] () -- C:\Users\Mistaria\Documents\ling badly written 215 tut slip.odt
    [2010/09/12 06:56:38 | 003,010,534 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Bound.pdf
    [2010/09/09 00:50:00 | 003,260,616 | ---- | C] () -- C:\Users\Mistaria\Documents\overall_2007_aguaruna.pdf
    [2010/09/05 23:41:44 | 000,001,794 | ---- | C] () -- C:\Users\Mistaria\Documents\Vuze.lnk
    [2010/09/04 15:34:44 | 032,782,310 | ---- | C] () -- C:\Users\Mistaria\Documents\Taize.rar
    [2010/09/03 12:16:19 | 000,000,965 | ---- | C] () -- C:\Users\Mistaria\Documents\FlashGet.lnk
    [2010/09/02 18:00:50 | 001,322,129 | ---- | C] () -- C:\Users\Mistaria\Documents\OToole_Zachary_-_Busted.pdf
    [2010/09/02 02:37:30 | 366,770,028 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E19.HDTV.XviD-LOL.[VTV].avi
    [2010/09/02 02:35:34 | 366,755,680 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E20.HDTV.XviD-LOL.[VTV].avi
    [2010/09/02 02:35:25 | 366,789,158 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E21.HDTV.XviD-LOL.[VTV].avi
    [2010/08/31 10:32:21 | 000,008,884 | ---- | C] () -- C:\Users\Mistaria\Documents\Group Room bookings.odt
    [2010/08/31 01:21:44 | 366,792,308 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E12.HDTV.XviD-LOL.[VTV].avi
    [2010/08/31 01:21:38 | 366,812,740 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E11.HDTV.XviD-LOL.[VTV].avi
    [2010/08/31 01:10:56 | 130,680,362 | ---- | C] () -- C:\Users\Mistaria\Documents\Ice Age Surviving Sid 2009 720p nHD x264 NhaNc3.mkv
    [2010/08/30 15:44:50 | 000,019,992 | ---- | C] () -- C:\Users\Mistaria\Documents\LING215 assignment.odt
    [2010/08/25 16:05:03 | 000,001,176 | ---- | C] () -- C:\Users\Mistaria\Documents\Paint.NET.lnk
    [2010/08/19 20:49:59 | 000,001,815 | ---- | C] () -- C:\Users\Mistaria\Documents\QuickTime Player.lnk
    [2010/08/01 02:08:12 | 014,398,451 | ---- | C] () -- C:\Users\Mistaria\Documents\UltraEdit 16.00.0.1036 Portable.exe
    [2010/07/22 21:17:54 | 000,002,429 | ---- | C] () -- C:\Users\Mistaria\Documents\iTunes.lnk
    [2010/07/21 20:01:07 | 004,279,932 | ---- | C] () -- C:\Users\Mistaria\Documents\Epic Win FTW -Awesome Photos and Videos.flv
    [2010/07/04 02:54:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
    [2010/06/10 15:58:21 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2010/06/10 14:59:38 | 000,254,280 | ---- | C] () -- C:\Windows\System32\npnipp.dll
    [2010/06/10 14:59:38 | 000,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
    [2010/06/04 16:02:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
    [2010/06/04 16:02:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2010/05/17 23:53:25 | 000,004,608 | ---- | C] () -- C:\Users\Mistaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/27 22:44:39 | 000,007,623 | ---- | C] () -- C:\Users\Mistaria\AppData\Local\Resmon.ResmonCfg
    [2010/02/14 00:29:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/10/23 23:15:07 | 000,000,029 | ---- | C] () -- C:\Users\Mistaria\AppData\Roaming\default.rss
    [2009/10/23 23:15:04 | 000,000,000 | ---- | C] () -- C:\Users\Mistaria\AppData\Roaming\downloads.m3u
    [2009/09/04 13:22:59 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/09/04 13:22:59 | 000,077,312 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
    [2009/09/04 01:51:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/09/01 21:34:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2009/08/19 20:26:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
    [2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

    ========== LOP Check ==========

    [2010/10/10 12:33:51 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Azureus
    [2010/09/03 13:01:58 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\BitComet
    [2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\BSplayer
    [2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\BSplayer Pro
    [2009/09/03 09:45:57 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DAEMON Tools
    [2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DAEMON Tools Lite
    [2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DAEMON Tools Pro
    [2010/06/10 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/04/22 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\EleFun Games
    [2010/09/03 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\FlashGet
    [2010/10/10 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Free Download Manager
    [2010/04/22 19:30:16 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\LimeWire
    [2010/04/22 19:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\md studio
    [2010/07/04 02:54:42 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\NotMyIp
    [2010/04/22 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\OpenOffice.org
    [2010/06/16 13:15:31 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Opera
    [2010/04/22 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Playrix Entertainment
    [2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Rokario
    [2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Shareaza
    [2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\SpinTop
    [2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\TreeCardGames
    [2010/09/29 15:26:05 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\uTorrent
    [2009/07/14 17:53:46 | 000,030,050 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/09/01 20:14:05 | 000,000,355 | -HS- | M] () -- C:\Boot.BAK
    [2009/09/02 16:32:43 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
    [2009/07/14 14:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/23 15:06:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/04/22 20:08:37 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
    [2010/10/09 23:52:59 | 000,019,352 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/11 10:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/04/22 20:08:35 | 000,383,592 | RHS- | M] () -- C:\gdrop
    [2010/10/10 03:28:22 | 797,786,112 | -HS- | M] () -- C:\hiberfil.sys
    [2009/07/04 10:49:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/07/04 10:49:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/15 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/15 00:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/10 03:28:25 | 1677,721,600 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/03 18:01:14 | 000,000,405 | ---- | M] () -- C:\rkill.log
    [2010/04/22 20:08:35 | 000,171,136 | RHS- | M] () -- C:\xeldr

    < %systemroot%\Fonts\*.com >
    [2009/07/14 17:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 17:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 17:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 17:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 10:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >
     
  13. Murmur

    Murmur TS Rookie Topic Starter

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/12/03 22:53:54 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp094.dll
    [2009/07/14 14:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 14:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/08 04:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\Windows\Jasc Media Center Plus.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 17:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/06 20:35:18 | 000,000,286 | -HS- | M] () -- C:\Users\Mistaria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2010/04/22 20:02:54 | 000,000,221 | -HS- | M] () -- C:\Users\Mistaria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/09 23:18:09 | 003,876,009 | R--- | M] () -- C:\Users\Mistaria\Desktop\ComboFix.exe
    [2010/10/09 23:16:10 | 000,080,384 | ---- | M] () -- C:\Users\Mistaria\Desktop\MBRCheck.exe
    [2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
    [2010/10/09 12:36:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2010/05/21 03:34:03 | 000,000,706 | ---- | M] () -- C:\Windows\AppPatch\Custom\{ca0f61a9-eba0-4c63-a1a5-29be24986d72}.sdb
    [2010/05/20 02:41:34 | 000,000,662 | ---- | M] () -- C:\Windows\AppPatch\Custom\{e50ed635-3d0c-4a75-90ed-56d36c85d796}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 10:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/04/22 19:18:49 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/04/22 19:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/04/22 19:12:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/04/22 19:12:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/04/22 20:02:46 | 000,000,402 | -HS- | M] () -- C:\Users\Mistaria\Favorites\desktop.ini
    [2010/05/03 15:45:39 | 000,000,256 | ---- | M] () -- C:\Users\Mistaria\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52B72A7C
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AFFC859A

    < End of report >

    (Hopefully this will be in the correct order, as I went by quick reply as it was easier, but I didn't realise it had to be checked by a moderator) Will repost normally if necessary.

    Kinda creepy how you can tell so much about a girl by the files she keeps on her computer (or what she names her computer) :)
     
  14. Murmur

    Murmur TS Rookie Topic Starter

    Next Logs!

    Extra:


    OTL Extras logfile created on: 10/10/2010 12:40:46 p.m. - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Mistaria\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    1,014.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 38.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1600 1600 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 12.80 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HISSYFIT
    Current User Name: Mistaria
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = UltraEdit.html] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found
    .ini [@ = UltraEdit.ini] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found
    .js [@ = UltraEdit.js] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found
    .txt [@ = UltraEdit.txt] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Directory [UnzipThemAll] -- "C:\Program Files\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Premium
    "{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
    "{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8D793292-FC22-43BA-8D85-7FDC25D963C9}_is1" = Next DVD Ripper 3.3
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
    "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
    "{ca0f61a9-eba0-4c63-a1a5-29be24986d72}.sdb" = Vuse_Safe1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{e50ed635-3d0c-4a75-90ed-56d36c85d796}.sdb" = Vuse Information
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{f0903d7f-c738-4da7-bc71-fd36b3e24ffd}" = Nero 9 Trial
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.0
    "8461-7759-5462-8226" = Vuze
    "A4 DVD Shrinker_is1" = A4 DVD Shrinker
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agent Ransack_is1" = Agent Ransack Version 1.7.3
    "All File Renamer" = All File Renamer
    "avast5" = avast! Free Antivirus
    "Azureus Ultra Accelerator" = Azureus Ultra Accelerator
    "Bandwidth Monitor_is1" = Bandwidth Monitor
    "Bass Audio Decoder" = Bass Audio Decoder (remove only)
    "CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
    "Comical_is1" = Comical 0.8
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
    "Declan's Chinese FlashCards_is1" = Declan's Chinese FlashCards v1.6
    "DirectVobSub" = DirectVobSub (remove only)
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.8.0
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "FFMPEG Core Files" = FFMPEG Core Files (remove only)
    "FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
    "Free Download Manager_is1" = Free Download Manager 3.0
    "FreeStar Free DVD Ripper" = FreeStar Free DVD Ripper 3.0.1
    "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
    "HaaliMkx" = Haali Media Splitter
    "JIT Scheduler" = JIT Scheduler
    "LG PC Suite IV" = LG PC Suite IV
    "LimeWire" = LimeWire 4.18.8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
    "Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
    "Novell iPrint Client" = Novell iPrint Client v05.32.00
    "OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
    "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
    "PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
    "PDF Reader 2" = PDF Reader 2
    "Pixillion" = Pixillion Image Converter
    "Prism" = Prism Video Converter
    "RealMedia" = RealMedia (remove only)
    "RealPlayer 12.0" = RealPlayer
    "ShaPlus Bandwidth Meter" = ShaPlus Bandwidth Meter 1.3.1
    "Shareaza_is1" = Shareaza 2.5.2.0
    "SHOUTcast Source" = SHOUTcast Source (remove only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TautologyBandwidthMeter" = Tautology Bandwidth Meter 1.7 (remove only)
    "The KMPlayer" = The KMPlayer (remove only)
    "Uninstall_is1" = Uninstall 1.0.0.1
    "UnzipThemAll_is1" = UnzipThemAll 1.3
    "uTorrent" = µTorrent
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VideoLAN VLC media player 0.8.6c
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "Windows Scheduler_is1" = System Scheduler 4.15
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 15/10/2009 10:18:47 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
    Description =

    Error - 24/10/2009 5:08:00 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
    Description =

    Error - 24/10/2009 5:08:01 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
    Description =

    Error - 18/11/2009 2:07:03 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
    Description =

    Error - 18/11/2009 2:07:04 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
    Description =

    Error - 14/06/2010 5:32:22 p.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
    Description =


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >


    And now everyone knows what I'm studying :) .... Also the proxy server, is that causing problems? Because I can't connect via Safari to the internet at uni without it (though Firefox automatically connects).

    Thanks.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I'm not planning any trip to New Zealand in a near future....LOL

    =========================================================================

    Your Windows 7 would greatly benefit from adding another 1GB of RAM:
    You're running low on C drive free space:
    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultenginename: "Ask"
      FF - prefs.js..browser.search.order.1: "Ask"
      FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="
      [2009/09/04 02:13:24 | 000,000,687 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default \searchplugins\ask.xml
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52B72A7C
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AFFC859A
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. Murmur

    Murmur TS Rookie Topic Starter

    OTL:

    All processes killed
    ========== OTL ==========
    Prefs.js: "Ask" removed from browser.search.defaultenginename
    Prefs.js: "Ask" removed from browser.search.order.1
    Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=" removed from keyword.URL
    File C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default \searchplugins\ask.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShaPlus Bandwidth Meter deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\ProgramData\TEMP:52B72A7C deleted successfully.
    ADS C:\ProgramData\TEMP:AFFC859A deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mistaria
    ->Temp folder emptied: 6738061 bytes
    ->Temporary Internet Files folder emptied: 14701296 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 104250688 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 19402 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1452 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 120.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mistaria
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 10112010_092938

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    Secuity Check:


    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.82.76
    Adobe Reader 9.3.1
    Mozilla Firefox (3.5.13) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````


    ESET:

    C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.EC trojan
    C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir Win32/Bamital.EC trojan
    C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan

    Bamital-eb --- where did this one come from, and not be noticed, *sigh.*
     
  17. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    That's not a problem. It's just a data file Bamital leftover. That type of file is harmless, but we'll remove it in a moment.

    Update Firefox.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Users\Public\Documents\Server\hlp.dat
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  18. Murmur

    Murmur TS Rookie Topic Starter

    Hello again :)

    OTL1:


    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Users\Public\Documents\Server\hlp.dat not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mistaria
    ->Temp folder emptied: 355425 bytes
    ->Temporary Internet Files folder emptied: 184978 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 525740 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mistaria
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Error: Unable to interpret <[Reboot> in the current context!

    OTL by OldTimer - Version 3.2.14.1 log created on 10112010_160610

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    _______________________________________________________________

    OTL2:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mistaria
    ->Temp folder emptied: 355056 bytes
    ->Temporary Internet Files folder emptied: 206701 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mistaria
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.14.1 log created on 10112010_161145

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    Do I dare give a sigh of relief??

    Oh yeah, how do I edit my thread's title? I've realised I've written winlogin.exe, instead of wininit.exe.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    The main question....is your computer doing fine?

    I'll edit topic title for you.
     
  20. Murmur

    Murmur TS Rookie Topic Starter

    Laptop hasn't been redirecting.
    All reboots and logins have been fine.
    Avast reports no new threats.
    Everything seems back to normal again :) (and if something stops being normal, you'll know because I'll be back here :p)
    Thanks so much!
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...