Solved Bamital-ac infected explorer.exe and wininit.exe

Status
Not open for further replies.

Murmur

Posts: 15   +0
Hey all.

Avast says Win32:bamital.ac has infected explorer.exe and wininit.exe (which explains that I'm now opening programs from my task manager as my desktop has died). I used to get redirected but that seems to have stopped (or maybe it's because I switched to Safari). Also CPU usage keeps hitting 100% and all processes freeze, so I keep having to reboot. At the moment for now, I'm in safe mode.

Seems quite a few people are having the same problem as me (at least with the bamital-ac virus), so fingers crossed my laptop doesn't take exception.

Thanks for any help that you will be able to give.

Logs:

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4735

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/10/2010 2:10:25 p.m.
mbam-log-2010-10-09 (14-10-25).txt

Scan type: Quick scan
Objects scanned: 134358
Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-09 16:14:31
Windows 6.1.7600
Running: 4hk4fzdv.exe; Driver: C:\Users\Mistaria\AppData\Local\Temp\fxloipoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830302D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830481A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C6B1BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8C6B19D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8C6B1B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C60579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82DBE279 7 Bytes JMP 8C6B1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E25F59 5 Bytes JMP 8C6AD5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E3FC5F 5 Bytes JMP 8C6AF012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E4DCE3 7 Bytes JMP 8C6B19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EF7E52 7 Bytes JMP 8C6B1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text peauth.sys A976AC9D 28 Bytes [1E, ED, 3B, 68, DB, A3, E3, ...]
.text peauth.sys A976ACC1 28 Bytes [1E, ED, 3B, 68, DB, A3, E3, ...]
PAGE peauth.sys A9770B9B 1 Byte [67]
PAGE peauth.sys A9770B9B 72 Bytes [67, E4, B3, CB, 63, F2, 15, ...]
PAGE peauth.sys A9770BEC 111 Bytes JMP AF66CA22
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 764F3142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[1600] kernel32.dll!CreateProcessInternalW 764F42AE 5 Bytes JMP 00288328

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
DDS:

DDS (Ver_10-10-05.01) - NTFSx86
Run by Mistaria at 16:16:34.75 on Sat 09/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.1014.193 [GMT 13:00]

AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! antivirus 4.8.1351 [VPS 091026-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SystemScheduler\WScheduler.exe
C:\Windows\System32\iprntctl.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BandwidthMeter\BandwidthMeter.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mistaria\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = proxy.student.otago.ac.nz:3128
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [bandmon] c:\program files\rokario\bandwidth monitor\bandmon.exe
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [JITScheduler] "c:\program files\gipo@utilities\jit scheduler\sched.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WScheduler] c:\progra~1\system~1\WScheduler.exe /LOGON
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ShaPlus Bandwidth Meter] "c:\program files\shaplus bandwidth meter\ShaPlus Bandwidth Meter" /s
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\mistaria\appdata\roaming\micros~1\windows\startm~1\programs\startup\bandwi~1.lnk - c:\program files\bandwidthmeter\BandwidthMeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\mistaria\appdata\roaming\mozilla\firefox\profiles\5dx28bou.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - plugin: c:\windows\system32\npnisp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-4 165584]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2010-6-10 34592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-4 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-4 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-16 20968]
R2 JIT Scheduler;JIT Scheduler;c:\program files\gipo@utilities\jit scheduler\schednt.exe [2010-5-18 176128]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-14 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-10-04 07:44:22 1267259 ---ha-w- c:\users\mistaria\appdata\local\IconCache.db
2010-10-03 05:57:45 -------- d-----w- c:\users\mistaria\appdata\roaming\SUPERAntiSpyware.com
2010-10-03 05:57:45 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-03 05:57:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-03 05:07:48 -------- d-----w- c:\users\mistaria\appdata\roaming\Malwarebytes
2010-10-03 05:07:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 05:07:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 05:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 05:07:40 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-03 01:10:46 -------- d-----w- c:\progra~2\MFAData
2010-09-27 22:20:13 -------- d-----w- c:\program files\PDF Password Remover v3.1
2010-09-27 22:17:18 -------- d-----w- c:\program files\uTorrent
2010-09-26 00:00:46 -------- d-----w- c:\program files\ShaPlus Bandwidth Meter
2010-09-24 06:37:55 38848 ----a-w- c:\windows\avastSS.scr
2010-09-24 06:36:34 -------- d-----w- c:\progra~2\Alwil Software
2010-09-16 15:48:33 -------- d-----w- c:\program files\WinDirStat

==================== Find3M ====================

2010-09-24 06:49:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-07 14:47:30 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-09 17:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-09 17:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 16:17:05.85 ===============
 
DDS: Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22/04/2010 7:01:46 p.m.
System Uptime: 10/09/2010 3:26:51 p.m. (697 hours ago)

Motherboard: Dell Inc. | | 0MD666
Processor: Intel(R) Core(TM) Duo CPU T2250 @ 1.73GHz | Microprocessor | 1733/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 13.469 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

==== System Restore Points ===================

RP102: 9/10/2010 1:36:24 a.m. - Scheduled Checkpoint

==== Installed Programs ======================

123 Free Solitaire 2009 v7.0
32 Bit HP CIO Components Installer
A4 DVD Shrinker
AAC Decoder
AC3Filter 1.63b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Agent Ransack Version 1.7.3
All File Renamer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AutoUpdate
avast! Free Antivirus
Azureus Ultra Accelerator
Bandwidth Monitor
Bass Audio Decoder (remove only)
Bonjour
CD Audio Reader Filter (remove only)
Comical 0.8
Convert VOB to AVI 1.7
CPUID CPU-Z 1.54
Declan's Chinese FlashCards v1.6
Dell Driver Download Manager
Dell Resource CD
DirectVobSub (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DScaler 5 Mpeg Decoders
DVD Shrink 3.2
DVDFab HD Decrypter 3.1.8.0
ffdshow [rev 2527] [2008-12-19]
FFMPEG Core Files (remove only)
FILE RECOVERY for Windows
Free Audio CD Burner version 1.3
Free Download Manager 3.0
FreeStar Free DVD Ripper 3.0.1
Gabest MPEG Splitter (remove only)
H.264 Decoder
Haali Media Splitter
ImagXpress
Intkey
iTunes
Java Auto Updater
Java(TM) 6 Update 21
JIT Scheduler
LG PC Suite IV
LG USB Modem Driver
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft Application Compatibility Toolkit 5.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
MKV Splitter
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox (3.5.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Premium
Nero 9 Trial
Nero Installer
neroxml
Next DVD Ripper 3.3
Novell iPrint Client v05.32.00
OpenOffice.org 3.1
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint Shop Pro 7 Anniversary Edition
Paint.NET v3.5.5
PC Inspector File Recovery
PDF Password Remover v3.1
PDF Reader 2
Pixillion Image Converter
Prism Video Converter
QuickTime
RealMedia (remove only)
RealPlayer
RealUpgrade 1.0
Safari
ShaPlus Bandwidth Meter 1.3.1
Shareaza 2.5.2.0
SHOUTcast Source (remove only)
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Scheduler 4.15
Tautology Bandwidth Meter 1.7 (remove only)
The KMPlayer (remove only)
Uninstall 1.0.0.1
UnzipThemAll 1.3
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
VideoPad Video Editor
Vuse Information
Vuse_Safe1
Vuze
Vuze_Remote Toolbar
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

9/10/2010 3:27:55 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
9/10/2010 3:26:55 p.m., Error: sptd [4] - Driver detected an internal error in its data structures for .
9/10/2010 11:14:16 a.m., Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2010 11:14:07 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
9/10/2010 11:14:07 a.m., Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2010 1:17:04 p.m., Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/10/2010 12:39:20 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/10/2010 12:39:20 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
7/10/2010 11:06:21 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
6/10/2010 7:35:58 p.m., Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer ipp://iprint.otago.ac.nz using any of the configured protocols.
6/10/2010 5:08:57 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/10/2010 1:13:46 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/10/2010 3:03:43 a.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2010 1:38:42 a.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 9:08:22 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/10/2010 9:08:22 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/10/2010 9:08:18 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/10/2010 9:08:12 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/10/2010 9:07:53 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache nipplpt2 SASDIFSV SASKUTIL spldr sptd Wanarpv6
3/10/2010 6:31:26 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/10/2010 5:54:17 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache nipplpt2 spldr sptd Wanarpv6
3/10/2010 11:00:29 a.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 10:47:48 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/10/2010 10:47:48 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/10/2010 10:47:15 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi CSC DfsC discache NetBIOS NetBT nipplpt2 nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2010 10:47:14 a.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2010 1:54:08 p.m., Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {682159D9-C321-47CA-B3F1-30E36B2EC8B9} as /. The error: "225" Happened while starting this command: C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

==== End Of File ===========================


Thanks.
 
Welcome aboard
yahooo.gif


Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Okay, next lot of logs you ordered :)
Kinda worried about combofix, as it said that Avast, and superantispyware were still running, even though I'd disabled Avast, and SAS I can't even enable its protection..
But I still ran it anyway, so I hope I didn't screw anything up? And explorer opened, but it's done that before, with the virus.. so who knows?

MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: MM061
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 164):
0x8201C000 \SystemRoot\system32\ntkrnlpa.exe
0x8242C000 \SystemRoot\system32\halmacpi.dll
0x80BBB000 \SystemRoot\system32\kdcom.dll
0x82612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8268A000 \SystemRoot\system32\PSHED.dll
0x8269B000 \SystemRoot\system32\BOOTVID.dll
0x826A3000 \SystemRoot\system32\CLFS.SYS
0x826E5000 \SystemRoot\system32\CI.dll
0x8640C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8647D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8648B000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x864D3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x864DC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x864E4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x864EF000 \SystemRoot\system32\DRIVERS\pci.sys
0x86519000 \SystemRoot\System32\drivers\partmgr.sys
0x8673C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x86762000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8676A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x86775000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x86785000 \SystemRoot\System32\drivers\volmgrx.sys
0x867D0000 \SystemRoot\system32\DRIVERS\intelide.sys
0x867D7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x867E5000 \SystemRoot\System32\drivers\mountmgr.sys
0x86600000 \SystemRoot\system32\DRIVERS\atapi.sys
0x86609000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8662C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8652A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8655E000 \SystemRoot\system32\drivers\fileinfo.sys
0x86805000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86934000 \SystemRoot\System32\Drivers\msrpc.sys
0x8695F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86972000 \SystemRoot\System32\Drivers\cng.sys
0x869CF000 \SystemRoot\System32\drivers\pcw.sys
0x869DD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x86A05000 \SystemRoot\system32\drivers\ndis.sys
0x86ABC000 \SystemRoot\system32\drivers\NETIO.SYS
0x86AFA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86C25000 \SystemRoot\System32\drivers\tcpip.sys
0x86D6E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86D9F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x86DA8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x86B1F000 \SystemRoot\System32\drivers\rdyboost.sys
0x86DEF000 \SystemRoot\System32\Drivers\mup.sys
0x86C00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x86B4C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x86C08000 \SystemRoot\system32\DRIVERS\disk.sys
0x86B7E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x86DE7000 \SystemRoot\System32\Drivers\Null.SYS
0x86BCA000 \SystemRoot\System32\Drivers\Beep.SYS
0x86BD1000 \SystemRoot\System32\drivers\vga.sys
0x86BDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x869E6000 \SystemRoot\System32\drivers\watchdog.sys
0x869F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x86635000 \SystemRoot\System32\Drivers\Msfs.SYS
0x86640000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8664E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x86665000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8667A000 \SystemRoot\system32\drivers\afd.sys
0x86A00000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x866D4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x86706000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8670D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8672C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8656F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x86670000 \SystemRoot\system32\drivers\nsiproxy.sys
0x82790000 \SystemRoot\system32\drivers\csc.sys
0x865B0000 \SystemRoot\System32\Drivers\dfsc.sys
0x865C8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x865E9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A409000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A608000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x8AA1B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AA26000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AA71000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AA80000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8AA91000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8AABD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8AAC5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8AAD2000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8AB23000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB3B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8AB66000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB68000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB75000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB82000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8ABA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8ABB5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8ABC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ABCC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8ABDE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A428000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A433000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A455000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A46D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A484000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ABF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8A49B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A600000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A4AB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A4DF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A4ED000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A531000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C380000 \SystemRoot\System32\win32k.sys
0x8A542000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C5D0000 \SystemRoot\System32\drivers\dxg.sys
0x8C200000 \SystemRoot\System32\TSDDD.dll
0x8C280000 \SystemRoot\System32\framebuf.dll
0x8A54C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A559000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8A564000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8A56D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8A57E000 \SystemRoot\system32\drivers\WudfPf.sys
0x8A598000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8A5DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x86BA3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8A5EE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9123C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9125F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9129A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x912B5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x912C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x912D3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x912DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77870000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0x77AB0000 \Windows\System32\apisetschema.dll
0x00330000 \Windows\System32\autochk.exe
0x77770000 \Windows\System32\wininet.dll
0x77A10000 \Windows\System32\clbcatq.dll
0x776C0000 \Windows\System32\msvcrt.dll
0x77A00000 \Windows\System32\lpk.dll
0x779F0000 \Windows\System32\psapi.dll
0x77520000 \Windows\System32\setupapi.dll
0x768D0000 \Windows\System32\shell32.dll
0x76790000 \Windows\System32\urlmon.dll
0x779D0000 \Windows\System32\sechost.dll
0x766E0000 \Windows\System32\rpcrt4.dll
0x766A0000 \Windows\System32\ws2_32.dll
0x76540000 \Windows\System32\ole32.dll
0x779C0000 \Windows\System32\nsi.dll
0x76520000 \Windows\System32\imm32.dll
0x76490000 \Windows\System32\oleaut32.dll
0x76290000 \Windows\System32\iertutil.dll
0x76240000 \Windows\System32\Wldap32.dll
0x761A0000 \Windows\System32\advapi32.dll
0x760C0000 \Windows\System32\kernel32.dll
0x76070000 \Windows\System32\gdi32.dll
0x75FA0000 \Windows\System32\user32.dll
0x75F40000 \Windows\System32\difxapi.dll
0x75E70000 \Windows\System32\msctf.dll
0x75DF0000 \Windows\System32\comdlg32.dll
0x75DC0000 \Windows\System32\imagehlp.dll
0x779B0000 \Windows\System32\normaliz.dll
0x75D60000 \Windows\System32\shlwapi.dll
0x75CC0000 \Windows\System32\usp10.dll
0x75C30000 \Windows\System32\comctl32.dll
0x75BE0000 \Windows\System32\KernelBase.dll
0x75BB0000 \Windows\System32\cfgmgr32.dll
0x75B90000 \Windows\System32\devobj.dll
0x75A70000 \Windows\System32\crypt32.dll
0x75A40000 \Windows\System32\wintrust.dll
0x75A30000 \Windows\System32\msasn1.dll

Processes (total 25):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
360 csrss.exe
400 C:\Windows\System32\wininit.exe
412 csrss.exe
440 C:\Windows\System32\winlogon.exe
504 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1364 C:\Windows\explorer.exe
1420 C:\Windows\System32\ctfmon.exe
1752 C:\Program Files\Safari\Safari.exe
356 C:\Windows\System32\svchost.exe
2036 C:\Users\Mistaria\Desktop\MBRCheck.exe
2040 C:\Windows\System32\conhost.exe
1212 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC74P

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Combofix


ComboFix 10-10-08.01 - Mistaria 09/10/2010 23:39:03.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.1014.505 [GMT 13:00]
Running from: c:\users\Mistaria\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1351 [VPS 091026-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 10:44 . 2010-10-09 10:47 -------- d-----w- c:\users\Mistaria\AppData\Local\temp
2010-10-09 10:44 . 2010-10-09 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 06:03 . 2010-10-03 06:03 63488 ----a-w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-03 06:03 . 2010-10-03 06:03 52224 ----a-w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-03 06:03 . 2010-10-03 06:03 117760 ----a-w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-03 05:57 . 2010-10-03 05:57 -------- d-----w- c:\users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com
2010-10-03 05:57 . 2010-10-03 05:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-03 05:57 . 2010-10-09 10:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-03 05:22 . 2010-10-03 05:22 117140 ---ha-w- c:\windows\system32\mlfcache.dat
2010-10-03 05:07 . 2010-10-03 05:07 -------- d-----w- c:\users\Mistaria\AppData\Roaming\Malwarebytes
2010-10-03 05:07 . 2010-04-29 02:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 05:07 . 2010-10-03 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 05:07 . 2010-10-03 05:07 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 05:07 . 2010-04-29 02:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 01:10 . 2010-10-03 01:10 -------- d-----w- c:\programdata\MFAData
2010-09-27 22:20 . 2010-09-27 22:20 -------- d-----w- c:\program files\PDF Password Remover v3.1
2010-09-27 22:17 . 2010-09-27 22:17 -------- d-----w- c:\program files\uTorrent
2010-09-26 00:00 . 2010-09-26 00:00 -------- d-----w- c:\program files\ShaPlus Bandwidth Meter
2010-09-24 06:50 . 2010-09-24 06:50 -------- d-----w- c:\program files\Common Files\Java
2010-09-24 06:49 . 2010-09-24 06:49 -------- d-----w- c:\program files\Java
2010-09-24 06:37 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-24 06:36 . 2010-09-24 06:36 -------- d-----w- c:\programdata\Alwil Software
2010-09-23 23:53 . 2010-08-19 10:03 52224 ----a-w- c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-23 23:53 . 2010-08-19 10:03 101376 ----a-w- c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-09-16 15:48 . 2010-09-16 15:48 -------- d-----w- c:\program files\WinDirStat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 03:28 . 2009-09-03 15:24 -------- d-----w- c:\users\Mistaria\AppData\Roaming\Free Download Manager
2010-10-09 02:41 . 2010-09-02 23:16 -------- d-----w- c:\program files\FlashGet
2010-10-08 22:17 . 2010-06-10 04:27 -------- d-----w- c:\program files\DVDVideoSoft
2010-10-08 22:17 . 2010-06-10 04:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-08 14:38 . 2009-09-03 13:13 -------- d-----w- c:\users\Mistaria\AppData\Roaming\Azureus
2010-10-04 09:14 . 2009-09-04 06:18 1 ----a-w- c:\users\Mistaria\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-29 02:26 . 2009-09-03 12:44 -------- d-----w- c:\users\Mistaria\AppData\Roaming\uTorrent
2010-09-24 06:49 . 2010-05-01 05:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-24 06:45 . 2009-09-04 09:55 -------- d-----w- c:\program files\Alwil Software
2010-09-07 15:11 . 2009-09-04 09:55 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-09-04 09:56 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-09-04 09:56 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-09-04 09:56 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-09-04 09:55 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-09-04 09:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-05 10:47 . 2009-09-22 13:38 178 ----a-w- c:\users\Mistaria\AppData\Roaming\Azureus\restart.bat
2010-09-05 10:42 . 2010-09-05 10:42 310208 ----a-w- c:\users\Mistaria\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-05 10:41 . 2009-09-03 13:12 -------- d-----w- c:\program files\Vuze
2010-09-03 00:01 . 2010-03-29 11:30 -------- d-----w- c:\users\Mistaria\AppData\Roaming\BitComet
2010-09-02 23:16 . 2010-09-02 23:16 -------- d-----w- c:\users\Mistaria\AppData\Roaming\FlashGet
2010-08-29 13:51 . 2010-06-16 00:14 -------- d-----w- c:\program files\Opera
2010-08-29 13:50 . 2010-04-08 01:44 -------- d-----w- c:\program files\GameTop.com
2010-08-29 13:30 . 2010-04-16 03:14 -------- d-----w- c:\programdata\Norton
2010-08-29 13:30 . 2010-04-16 03:14 -------- d-----w- c:\programdata\Symantec
2010-08-29 01:44 . 2010-08-29 01:44 -------- d-----w- c:\program files\Xvid
2010-08-25 03:04 . 2009-11-18 01:27 -------- d-----w- c:\program files\Paint.NET
2010-08-21 05:39 . 2010-05-08 04:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-19 07:50 . 2010-08-19 07:49 -------- d-----w- c:\program files\QuickTime
2010-08-19 07:42 . 2010-06-21 02:50 -------- d-----w- c:\program files\Safari
2010-08-19 07:39 . 2010-08-19 07:39 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-11 07:59 . 2010-08-11 07:59 -------- d-----w- c:\program files\DiskInternals
2010-07-22 08:08 . 2010-07-22 08:08 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-17 23:57 . 2010-07-17 23:57 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-17 23:57 . 2010-07-17 23:57 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-17 23:57 . 2010-07-17 23:57 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-17 23:57 . 2010-07-17 23:57 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-17 23:57 . 2010-07-17 23:57 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-17 23:57 . 2010-07-17 23:57 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-12 03:25 . 2010-07-12 03:25 452104 ----a-w- c:\users\Mistaria\AppData\Roaming\Real\Update\setup3.12\setup.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 03:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bandmon"="c:\program files\Rokario\Bandwidth Monitor\bandmon.exe" [2008-06-01 1529856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
"JITScheduler"="c:\program files\GiPo@Utilities\JIT Scheduler\sched.exe" [2008-03-23 188416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"WScheduler"="c:\progra~1\SYSTEM~1\WScheduler.exe" [2010-04-23 272896]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-19 317368]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2009-12-03 68120]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2009-12-03 72216]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-15 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Mistaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2009-10-13 285184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 02:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 12:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 06:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-15 19:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 02:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 17:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-02 717296]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
S1 aswSP;aswSP; [x]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-12-04 34592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
S2 JIT Scheduler;JIT Scheduler;c:\program files\GiPo@Utilities\JIT Scheduler\schednt.exe [2008-03-23 176128]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = proxy.student.otago.ac.nz:3128
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
FF - ProfilePath - c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - plugin: c:\windows\system32\npnisp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Intkey - c:\delta\Uninst.isu


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\SystemScheduler\WScheduler.exe
c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-10-09 23:52:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-09 10:52

Pre-Run: 14,356,238,336 bytes free
Post-Run: 14,204,010,496 bytes free

- - End Of File - - D6EEFD0EB80A9924D03275407DE6F6B3
 
Avast has detected threats:

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir (same for explorer.exe)

Does this mean that they're quarantined? Or still active? I haven't touched them in case..

Thanks.
 
it said that Avast, and superantispyware were still running, even though I'd disabled Avast, and SAS
As long as you did, what you could to disable them, you're fine.

Avast has detected threats:

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir (same for explorer.exe)

Does this mean that they're quarantined?
Yes. It looks like Combofix was able to replace infected files with good copies.
You can allow Avast to get rid of those files, if you wish. Those files in quarantine folder are safe and inactive and we'll remove that folder at the end of our cleaning process anyway.

Combofix log looks good now :)

I assume, you're familiar with this proxy?
proxy.student.otago.ac.nz:3128


Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni; said:
I assume, you're familiar with this proxy?
proxy.student.otago.ac.nz:3128

O.o ... You now know the general area where I live?

LOGS:

OTL:

OTL logfile created on: 10/10/2010 12:40:46 p.m. - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Mistaria\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 38.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): c:\pagefile.sys 1600 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 12.80 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HISSYFIT
Current User Name: Mistaria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
PRC - [2010/09/29 03:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/18 12:53:56 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/23 15:27:06 | 000,272,896 | ---- | M] (Splinterware Software Solutions) -- C:\Program Files\SystemScheduler\WScheduler.exe
PRC - [2010/01/05 04:08:46 | 000,151,552 | ---- | M] (ShaPlus Software) -- C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
PRC - [2009/12/04 04:13:22 | 000,072,216 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntlgn.exe
PRC - [2009/12/04 04:13:20 | 000,068,120 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
PRC - [2009/10/13 20:27:06 | 000,285,184 | ---- | M] (Senh Liu) -- C:\Program Files\BandwidthMeter\BandwidthMeter.exe
PRC - [2009/07/14 14:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 14:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 04:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/06/01 17:05:02 | 001,529,856 | ---- | M] (Rokario Software) -- C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
PRC - [2008/03/24 01:00:00 | 000,188,416 | ---- | M] (Gibin Software House
http://www.gibinsoft.com) -- C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
PRC - [2008/03/24 01:00:00 | 000,176,128 | ---- | M] (Gibin Software House
http://www.gibinsoft.com) -- C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe


========== Modules (SafeList) ==========

MOD - [2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
MOD - [2009/07/14 14:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 14:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 14:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 14:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 14:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 14:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 14:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 14:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 14:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 14:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 14:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 14:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 04:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/14 14:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 14:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 14:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 14:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 14:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 14:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 14:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 14:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 14:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 14:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 14:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 14:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 14:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 14:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 14:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 14:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 14:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 14:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 14:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 14:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 14:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/14 14:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 14:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/03/24 01:00:00 | 000,176,128 | ---- | M] (Gibin Software House
http://www.gibinsoft.com) [Auto | Running] -- C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe -- (JIT Scheduler)
 
========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mistaria\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/08 03:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 03:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 03:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 03:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/08 03:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/11 07:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/31 00:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/18 07:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/21 02:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 02:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 02:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/04 16:17:48 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2009/09/03 09:40:51 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/14 14:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 14:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 14:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 14:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 14:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 14:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 14:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 14:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 14:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 14:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 14:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 14:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 14:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 14:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 14:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 14:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 14:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 14:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 14:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 14:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 14:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 14:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 14:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 14:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 14:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 14:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 14:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 14:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 14:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 14:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 14:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 14:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 14:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 14:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 14:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 14:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 14:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 14:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 14:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 14:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 14:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 14:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 13:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 13:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 13:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 12:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 12:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 12:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 12:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 12:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 12:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 12:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 12:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 12:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 12:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 12:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 12:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 12:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 12:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 12:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 12:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 12:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 11:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 11:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 11:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 11:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 11:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 11:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 11:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/14 11:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/14 11:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/14 11:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/14 11:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 11:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/14 11:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 11:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/11 10:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/15 20:06:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.student.otago.ac.nz:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{88c0442b-6405-4382-b747-2af3030015d8}: C:\Program Files\gamesfree\firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/18 12:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 00:09:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 00:09:20 | 000,000,000 | ---D | M]
 
[2010/04/22 19:30:49 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Extensions
[2010/10/09 13:25:27 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions
[2010/09/03 12:11:23 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/05/09 17:35:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/24 12:53:11 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/06/10 17:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/22 19:30:51 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/08/17 16:00:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/22 19:30:53 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/09/03 12:11:23 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/07/18 19:24:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/18 19:24:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/01 12:08:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/03 11:51:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/09 23:52:15 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\extensions\chineseperakun@gmail.com
[2009/09/04 02:13:24 | 000,000,687 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\searchplugins\ask.xml
[2009/04/21 02:09:14 | 000,000,880 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\searchplugins\conduit.xml
[2010/04/22 02:20:30 | 000,002,203 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default\searchplugins\googlecom-in-english.xml
[2010/09/24 19:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 18:29:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/24 19:49:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/02/21 23:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/24 19:49:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 10:41:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 10:41:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 10:41:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 10:41:31 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/09 23:46:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WScheduler] C:\Program Files\SystemScheduler\WScheduler.exe (Splinterware Software Solutions)
O4 - HKCU..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe (Rokario Software)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [JITScheduler] C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe (Gibin Software House
http://www.gibinsoft.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Mistaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe (Senh Liu)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Mistaria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mistaria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/10 12:36:09 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
[2010/10/09 23:46:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/09 23:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Local\temp
[2010/10/09 23:35:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/09 23:35:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/09 23:35:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/09 23:35:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/09 23:27:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/09 23:27:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/09 23:27:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/09 12:36:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\TFC.exe
[2010/10/03 23:51:36 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\BackUp
[2010/10/03 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/03 18:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/03 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/03 18:07:48 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\Malwarebytes
[2010/10/03 18:07:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/03 18:07:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/03 18:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/03 18:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/03 14:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/09/28 11:23:27 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/28 11:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover v3.1
[2010/09/28 11:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/09/26 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\ShaPlus Bandwidth Meter
[2010/09/24 19:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/24 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/24 19:37:55 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/24 19:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/18 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\~Anime
[2010/09/18 01:53:46 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\~Manga
[2010/09/17 04:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/09/17 04:48:02 | 000,645,729 | ---- | C] (WDS Team) -- C:\Users\Mistaria\Documents\windirstat1_1_2_setup.exe
[2010/09/03 12:16:28 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\FlashGet
[2010/09/03 12:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet
[2010/08/31 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\LING314
[2010/08/31 13:19:01 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\LING316
[2010/08/30 04:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\The KMPlayer
[2010/08/30 02:51:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/08/30 02:22:51 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\Declan Software
[2010/08/30 02:17:37 | 000,000,000 | R--D | C] -- C:\Users\Mistaria\Documents\To Sort
[2010/08/29 14:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/08/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010/08/05 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Roaming\IDMComp
[2010/07/29 01:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\Documents\Visual Boy Advance
[2010/07/22 21:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/22 21:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/18 12:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mistaria\AppData\Local\Real
[2010/07/18 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/18 12:54:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

========== Files - Modified Within 90 Days ==========

[2010/10/10 12:44:40 | 004,980,736 | -HS- | M] () -- C:\Users\Mistaria\NTUSER.DAT
[2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
[2010/10/10 03:39:18 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 03:39:18 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 03:28:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 03:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 03:28:22 | 797,786,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 03:25:58 | 001,288,153 | -H-- | M] () -- C:\Users\Mistaria\AppData\Local\IconCache.db
[2010/10/09 23:46:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/09 23:46:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/09 23:18:09 | 003,876,009 | R--- | M] () -- C:\Users\Mistaria\Desktop\ComboFix.exe
[2010/10/09 23:16:10 | 000,080,384 | ---- | M] () -- C:\Users\Mistaria\Desktop\MBRCheck.exe
[2010/10/09 13:06:28 | 000,007,623 | ---- | M] () -- C:\Users\Mistaria\AppData\Local\Resmon.ResmonCfg
[2010/10/09 12:39:00 | 000,293,376 | ---- | M] () -- C:\Users\Mistaria\Documents\4hk4fzdv.exe
[2010/10/09 12:36:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\TFC.exe
[2010/10/08 19:43:11 | 000,504,462 | ---- | M] () -- C:\Users\Mistaria\Documents\98-0000-COLE-0-0.pdf
[2010/10/08 19:42:48 | 000,283,098 | ---- | M] () -- C:\Users\Mistaria\Documents\LING215 HELP.pdf
[2010/10/08 19:40:44 | 000,433,705 | ---- | M] () -- C:\Users\Mistaria\Documents\ArabicGrammarBookPDF.pdf
[2010/10/08 19:36:50 | 000,060,542 | ---- | M] () -- C:\Users\Mistaria\Documents\10.1.1.44.8704.pdf
[2010/10/08 19:35:21 | 000,543,023 | ---- | M] () -- C:\Users\Mistaria\Documents\10.1.1.122.3377.pdf
[2010/10/08 16:08:19 | 000,794,990 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/08 16:08:19 | 000,678,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/08 16:08:19 | 000,127,492 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/08 13:13:45 | 000,036,881 | ---- | M] () -- C:\Users\Mistaria\Documents\LING314 Assignment Attempt 2.odt
[2010/10/08 03:02:36 | 000,020,978 | ---- | M] () -- C:\Users\Mistaria\Documents\Greenberg orincipples.odt
[2010/10/08 02:16:03 | 000,021,197 | ---- | M] () -- C:\Users\Mistaria\Documents\Greenberg's Universals.odt
[2010/10/07 17:56:47 | 000,027,333 | ---- | M] () -- C:\Users\Mistaria\Documents\theseses.odt
[2010/10/07 17:29:32 | 000,041,587 | ---- | M] () -- C:\Users\Mistaria\Documents\how do you write a comparison.odt
[2010/10/07 01:57:55 | 001,066,100 | ---- | M] () -- C:\Users\Mistaria\Documents\10.1.1.161.596.pdf
[2010/10/07 01:56:51 | 000,852,979 | ---- | M] () -- C:\Users\Mistaria\Documents\chinese examples useful maybe.pdf
[2010/10/07 01:29:42 | 000,068,586 | ---- | M] () -- C:\Users\Mistaria\Documents\Bisang8.pdf
[2010/10/07 01:29:00 | 000,009,878 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling215 Assignmeent2.odt
[2010/10/07 01:28:37 | 000,025,685 | ---- | M] () -- C:\Users\Mistaria\Documents\DM.odt
[2010/10/07 01:28:21 | 000,011,245 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling215 Assignment 2.odt
[2010/10/07 01:27:56 | 000,033,686 | ---- | M] () -- C:\Users\Mistaria\Documents\Discourse Markers INFO.odt
 
[2010/10/07 01:27:28 | 000,031,939 | ---- | M] () -- C:\Users\Mistaria\Documents\Hawkins.odt
[2010/10/06 14:34:58 | 000,028,350 | ---- | M] () -- C:\Users\Mistaria\Documents\Speecj for ling316.odt
[2010/10/04 16:26:58 | 000,008,418 | ---- | M] () -- C:\Users\Mistaria\Documents\Hello. LING SPEECH..odt
[2010/10/04 16:01:56 | 000,283,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/03 19:57:30 | 001,230,934 | ---- | M] () -- C:\Users\Mistaria\Documents\4.pdf
[2010/10/03 19:56:37 | 000,162,219 | ---- | M] () -- C:\Users\Mistaria\Documents\3.odt
[2010/10/03 19:56:17 | 000,043,367 | ---- | M] () -- C:\Users\Mistaria\Documents\2.odt
[2010/10/03 19:56:05 | 000,008,326 | ---- | M] () -- C:\Users\Mistaria\Documents\1.odt
[2010/10/03 18:57:38 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/03 18:22:31 | 000,117,140 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/10/03 18:07:44 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 17:03:48 | 000,018,831 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling Assignment.odt
[2010/09/30 10:44:20 | 000,014,392 | ---- | M] () -- C:\Users\Mistaria\Documents\Ling SLip.odt
[2010/09/28 11:22:24 | 000,000,040 | ---- | M] () -- C:\Windows\winDecrypt.INI
[2010/09/28 11:20:14 | 000,001,010 | ---- | M] () -- C:\Users\Mistaria\Documents\PDF Password Remover v3.1.lnk
[2010/09/28 11:18:21 | 000,001,038 | ---- | M] () -- C:\Users\Mistaria\Documents\Easy Pdf Password Recovery Free.lnk
[2010/09/28 11:17:19 | 000,000,937 | ---- | M] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/09/28 11:17:19 | 000,000,913 | ---- | M] () -- C:\Users\Mistaria\Documents\µTorrent.lnk
[2010/09/28 10:51:12 | 001,717,097 | ---- | M] () -- C:\Users\Mistaria\Documents\1CoverPolicy.pdf
[2010/09/27 02:04:34 | 000,018,225 | ---- | M] () -- C:\Users\Mistaria\Documents\COMP.odt
[2010/09/24 22:55:28 | 000,421,042 | ---- | M] () -- C:\Users\Mistaria\Documents\BandwidthLog.csv
[2010/09/24 19:39:32 | 000,002,005 | ---- | M] () -- C:\Users\Mistaria\Documents\avast! Free Antivirus.lnk
[2010/09/24 19:39:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/22 01:41:32 | 001,003,989 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Law.pdf
[2010/09/22 01:00:05 | 002,001,625 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Curse.pdf
[2010/09/21 17:25:50 | 002,178,579 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Highland_Wolves.pdf
[2010/09/17 21:00:00 | 000,165,463 | ---- | M] () -- C:\Users\Mistaria\Documents\fish-bikini-mascot-sekiu-olympic-peninsula-strait-of-juan-de-fuca.jpg
[2010/09/17 04:48:34 | 000,000,989 | ---- | M] () -- C:\Users\Mistaria\Documents\WinDirStat.lnk
[2010/09/16 15:26:03 | 000,016,415 | ---- | M] () -- C:\Users\Mistaria\Documents\ling badly written 215 tut slip.odt
[2010/09/12 06:56:38 | 003,010,534 | ---- | M] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Bound.pdf
[2010/09/09 00:50:01 | 003,260,616 | ---- | M] () -- C:\Users\Mistaria\Documents\overall_2007_aguaruna.pdf
[2010/09/09 00:19:49 | 000,019,992 | ---- | M] () -- C:\Users\Mistaria\Documents\LING215 assignment.odt
[2010/09/08 04:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/08 04:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/08 03:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/08 03:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/08 03:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/08 03:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/08 03:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/05 23:41:44 | 000,001,794 | ---- | M] () -- C:\Users\Mistaria\Documents\Vuze.lnk
[2010/09/05 23:41:44 | 000,001,794 | ---- | M] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/09/04 15:43:04 | 032,782,310 | ---- | M] () -- C:\Users\Mistaria\Documents\Taize.rar
[2010/09/04 08:20:35 | 366,755,680 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E20.HDTV.XviD-LOL.[VTV].avi
[2010/09/04 04:15:26 | 366,789,158 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E21.HDTV.XviD-LOL.[VTV].avi
[2010/09/03 12:16:20 | 000,000,965 | ---- | M] () -- C:\Users\Mistaria\Documents\FlashGet.lnk
[2010/09/02 18:00:50 | 001,322,129 | ---- | M] () -- C:\Users\Mistaria\Documents\OToole_Zachary_-_Busted.pdf
[2010/09/02 03:30:44 | 366,770,028 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E19.HDTV.XviD-LOL.[VTV].avi
[2010/09/02 00:08:55 | 130,680,362 | ---- | M] () -- C:\Users\Mistaria\Documents\Ice Age Surviving Sid 2009 720p nHD x264 NhaNc3.mkv
[2010/09/01 22:09:45 | 000,004,608 | ---- | M] () -- C:\Users\Mistaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 10:32:25 | 000,008,884 | ---- | M] () -- C:\Users\Mistaria\Documents\Group Room bookings.odt
[2010/08/31 09:39:14 | 366,812,740 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E11.HDTV.XviD-LOL.[VTV].avi
[2010/08/31 03:43:37 | 366,792,308 | ---- | M] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E12.HDTV.XviD-LOL.[VTV].avi
[2010/08/25 16:05:03 | 000,001,176 | ---- | M] () -- C:\Users\Mistaria\Documents\Paint.NET.lnk
[2010/08/19 20:49:59 | 000,001,815 | ---- | M] () -- C:\Users\Mistaria\Documents\QuickTime Player.lnk
[2010/08/19 20:42:42 | 000,002,503 | ---- | M] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/19 20:42:41 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/08/01 04:19:46 | 014,398,451 | ---- | M] () -- C:\Users\Mistaria\Documents\UltraEdit 16.00.0.1036 Portable.exe
[2010/07/22 21:17:54 | 000,002,429 | ---- | M] () -- C:\Users\Mistaria\Documents\iTunes.lnk
[2010/07/21 20:01:26 | 004,279,932 | ---- | M] () -- C:\Users\Mistaria\Documents\Epic Win FTW -Awesome Photos and Videos.flv
[2010/07/18 12:54:04 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2010/10/09 23:35:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/09 23:35:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/09 23:35:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/09 23:35:46 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/09 23:35:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/09 23:16:29 | 003,876,009 | R--- | C] () -- C:\Users\Mistaria\Desktop\ComboFix.exe
[2010/10/09 23:16:07 | 000,080,384 | ---- | C] () -- C:\Users\Mistaria\Desktop\MBRCheck.exe
[2010/10/09 12:38:56 | 000,293,376 | ---- | C] () -- C:\Users\Mistaria\Documents\4hk4fzdv.exe
[2010/10/08 19:43:11 | 000,504,462 | ---- | C] () -- C:\Users\Mistaria\Documents\98-0000-COLE-0-0.pdf
[2010/10/08 19:42:47 | 000,283,098 | ---- | C] () -- C:\Users\Mistaria\Documents\LING215 HELP.pdf
[2010/10/08 19:40:44 | 000,433,705 | ---- | C] () -- C:\Users\Mistaria\Documents\ArabicGrammarBookPDF.pdf
[2010/10/08 19:36:49 | 000,060,542 | ---- | C] () -- C:\Users\Mistaria\Documents\10.1.1.44.8704.pdf
[2010/10/08 19:35:20 | 000,543,023 | ---- | C] () -- C:\Users\Mistaria\Documents\10.1.1.122.3377.pdf
[2010/10/08 03:02:34 | 000,020,978 | ---- | C] () -- C:\Users\Mistaria\Documents\Greenberg orincipples.odt
[2010/10/07 17:56:46 | 000,027,333 | ---- | C] () -- C:\Users\Mistaria\Documents\theseses.odt
[2010/10/07 17:40:51 | 000,036,881 | ---- | C] () -- C:\Users\Mistaria\Documents\LING314 Assignment Attempt 2.odt
[2010/10/07 17:29:31 | 000,041,587 | ---- | C] () -- C:\Users\Mistaria\Documents\how do you write a comparison.odt
[2010/10/07 02:44:03 | 000,021,197 | ---- | C] () -- C:\Users\Mistaria\Documents\Greenberg's Universals.odt
[2010/10/07 01:57:55 | 001,066,100 | ---- | C] () -- C:\Users\Mistaria\Documents\10.1.1.161.596.pdf
[2010/10/07 01:56:48 | 000,852,979 | ---- | C] () -- C:\Users\Mistaria\Documents\chinese examples useful maybe.pdf
[2010/10/07 01:29:42 | 000,068,586 | ---- | C] () -- C:\Users\Mistaria\Documents\Bisang8.pdf
[2010/10/07 01:28:59 | 000,009,878 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling215 Assignmeent2.odt
[2010/10/07 01:28:36 | 000,025,685 | ---- | C] () -- C:\Users\Mistaria\Documents\DM.odt
[2010/10/07 01:28:16 | 000,011,245 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling215 Assignment 2.odt
[2010/10/07 01:27:20 | 000,031,939 | ---- | C] () -- C:\Users\Mistaria\Documents\Hawkins.odt
[2010/10/04 22:20:43 | 000,033,686 | ---- | C] () -- C:\Users\Mistaria\Documents\Discourse Markers INFO.odt
[2010/10/04 16:26:51 | 000,008,418 | ---- | C] () -- C:\Users\Mistaria\Documents\Hello. LING SPEECH..odt
[2010/10/03 19:57:30 | 001,230,934 | ---- | C] () -- C:\Users\Mistaria\Documents\4.pdf
[2010/10/03 19:56:29 | 000,162,219 | ---- | C] () -- C:\Users\Mistaria\Documents\3.odt
[2010/10/03 19:56:16 | 000,043,367 | ---- | C] () -- C:\Users\Mistaria\Documents\2.odt
[2010/10/03 19:56:02 | 000,008,326 | ---- | C] () -- C:\Users\Mistaria\Documents\1.odt
[2010/10/03 18:57:38 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/03 18:22:31 | 000,117,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/03 18:07:44 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 11:02:29 | 000,018,831 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling Assignment.odt
[2010/10/01 16:10:40 | 000,028,350 | ---- | C] () -- C:\Users\Mistaria\Documents\Speecj for ling316.odt
[2010/09/30 10:44:19 | 000,014,392 | ---- | C] () -- C:\Users\Mistaria\Documents\Ling SLip.odt
[2010/09/28 11:22:24 | 000,000,040 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2010/09/28 11:20:14 | 000,001,010 | ---- | C] () -- C:\Users\Mistaria\Documents\PDF Password Remover v3.1.lnk
[2010/09/28 11:18:21 | 000,001,038 | ---- | C] () -- C:\Users\Mistaria\Documents\Easy Pdf Password Recovery Free.lnk
[2010/09/28 11:17:19 | 000,000,937 | ---- | C] () -- C:\Users\Mistaria\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/09/28 11:17:19 | 000,000,913 | ---- | C] () -- C:\Users\Mistaria\Documents\µTorrent.lnk
[2010/09/28 10:51:12 | 001,717,097 | ---- | C] () -- C:\Users\Mistaria\Documents\1CoverPolicy.pdf
[2010/09/27 20:15:59 | 031,110,664 | ---- | C] () -- C:\Users\Mistaria\Documents\Trinty Blood AMV.wmv
[2010/09/27 02:04:33 | 000,018,225 | ---- | C] () -- C:\Users\Mistaria\Documents\COMP.odt
[2010/09/24 22:55:28 | 000,421,042 | ---- | C] () -- C:\Users\Mistaria\Documents\BandwidthLog.csv
[2010/09/24 19:39:32 | 000,002,005 | ---- | C] () -- C:\Users\Mistaria\Documents\avast! Free Antivirus.lnk
[2010/09/22 01:41:32 | 001,003,989 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Law.pdf
[2010/09/22 01:00:04 | 002,001,625 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Midsummer_Curse.pdf
[2010/09/21 17:25:49 | 002,178,579 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Highland_Wolves.pdf
[2010/09/17 20:59:30 | 000,165,463 | ---- | C] () -- C:\Users\Mistaria\Documents\fish-bikini-mascot-sekiu-olympic-peninsula-strait-of-juan-de-fuca.jpg
[2010/09/17 04:48:34 | 000,000,989 | ---- | C] () -- C:\Users\Mistaria\Documents\WinDirStat.lnk
[2010/09/16 15:26:02 | 000,016,415 | ---- | C] () -- C:\Users\Mistaria\Documents\ling badly written 215 tut slip.odt
[2010/09/12 06:56:38 | 003,010,534 | ---- | C] () -- C:\Users\Mistaria\Documents\Derr_Megan_-_Bound.pdf
[2010/09/09 00:50:00 | 003,260,616 | ---- | C] () -- C:\Users\Mistaria\Documents\overall_2007_aguaruna.pdf
[2010/09/05 23:41:44 | 000,001,794 | ---- | C] () -- C:\Users\Mistaria\Documents\Vuze.lnk
[2010/09/04 15:34:44 | 032,782,310 | ---- | C] () -- C:\Users\Mistaria\Documents\Taize.rar
[2010/09/03 12:16:19 | 000,000,965 | ---- | C] () -- C:\Users\Mistaria\Documents\FlashGet.lnk
[2010/09/02 18:00:50 | 001,322,129 | ---- | C] () -- C:\Users\Mistaria\Documents\OToole_Zachary_-_Busted.pdf
[2010/09/02 02:37:30 | 366,770,028 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E19.HDTV.XviD-LOL.[VTV].avi
[2010/09/02 02:35:34 | 366,755,680 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E20.HDTV.XviD-LOL.[VTV].avi
[2010/09/02 02:35:25 | 366,789,158 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E21.HDTV.XviD-LOL.[VTV].avi
[2010/08/31 10:32:21 | 000,008,884 | ---- | C] () -- C:\Users\Mistaria\Documents\Group Room bookings.odt
[2010/08/31 01:21:44 | 366,792,308 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E12.HDTV.XviD-LOL.[VTV].avi
[2010/08/31 01:21:38 | 366,812,740 | ---- | C] () -- C:\Users\Mistaria\Documents\Lie.to.Me.S02E11.HDTV.XviD-LOL.[VTV].avi
[2010/08/31 01:10:56 | 130,680,362 | ---- | C] () -- C:\Users\Mistaria\Documents\Ice Age Surviving Sid 2009 720p nHD x264 NhaNc3.mkv
[2010/08/30 15:44:50 | 000,019,992 | ---- | C] () -- C:\Users\Mistaria\Documents\LING215 assignment.odt
[2010/08/25 16:05:03 | 000,001,176 | ---- | C] () -- C:\Users\Mistaria\Documents\Paint.NET.lnk
[2010/08/19 20:49:59 | 000,001,815 | ---- | C] () -- C:\Users\Mistaria\Documents\QuickTime Player.lnk
[2010/08/01 02:08:12 | 014,398,451 | ---- | C] () -- C:\Users\Mistaria\Documents\UltraEdit 16.00.0.1036 Portable.exe
[2010/07/22 21:17:54 | 000,002,429 | ---- | C] () -- C:\Users\Mistaria\Documents\iTunes.lnk
[2010/07/21 20:01:07 | 004,279,932 | ---- | C] () -- C:\Users\Mistaria\Documents\Epic Win FTW -Awesome Photos and Videos.flv
[2010/07/04 02:54:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010/06/10 15:58:21 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/06/10 14:59:38 | 000,254,280 | ---- | C] () -- C:\Windows\System32\npnipp.dll
[2010/06/10 14:59:38 | 000,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2010/06/04 16:02:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/06/04 16:02:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/05/17 23:53:25 | 000,004,608 | ---- | C] () -- C:\Users\Mistaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 22:44:39 | 000,007,623 | ---- | C] () -- C:\Users\Mistaria\AppData\Local\Resmon.ResmonCfg
[2010/02/14 00:29:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/23 23:15:07 | 000,000,029 | ---- | C] () -- C:\Users\Mistaria\AppData\Roaming\default.rss
[2009/10/23 23:15:04 | 000,000,000 | ---- | C] () -- C:\Users\Mistaria\AppData\Roaming\downloads.m3u
[2009/09/04 13:22:59 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/04 13:22:59 | 000,077,312 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2009/09/04 01:51:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/01 21:34:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/08/19 20:26:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== LOP Check ==========

[2010/10/10 12:33:51 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Azureus
[2010/09/03 13:01:58 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\BitComet
[2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\BSplayer
[2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\BSplayer Pro
[2009/09/03 09:45:57 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DAEMON Tools
[2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DAEMON Tools Lite
[2010/04/22 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DAEMON Tools Pro
[2010/06/10 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/04/22 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\EleFun Games
[2010/09/03 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\FlashGet
[2010/10/10 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Free Download Manager
[2010/04/22 19:30:16 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\LimeWire
[2010/04/22 19:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\md studio
[2010/07/04 02:54:42 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\NotMyIp
[2010/04/22 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\OpenOffice.org
[2010/06/16 13:15:31 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Opera
[2010/04/22 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Playrix Entertainment
[2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Rokario
[2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\Shareaza
[2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\SpinTop
[2010/04/22 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\TreeCardGames
[2010/09/29 15:26:05 | 000,000,000 | ---D | M] -- C:\Users\Mistaria\AppData\Roaming\uTorrent
[2009/07/14 17:53:46 | 000,030,050 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 10:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/09/01 20:14:05 | 000,000,355 | -HS- | M] () -- C:\Boot.BAK
[2009/09/02 16:32:43 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/14 14:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/04/23 15:06:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/04/22 20:08:37 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2010/10/09 23:52:59 | 000,019,352 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 10:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/22 20:08:35 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010/10/10 03:28:22 | 797,786,112 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/04 10:49:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/04 10:49:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/15 00:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/10 03:28:25 | 1677,721,600 | -HS- | M] () -- C:\pagefile.sys
[2010/10/03 18:01:14 | 000,000,405 | ---- | M] () -- C:\rkill.log
[2010/04/22 20:08:35 | 000,171,136 | RHS- | M] () -- C:\xeldr

< %systemroot%\Fonts\*.com >
[2009/07/14 17:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 17:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 17:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 17:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 10:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/12/03 22:53:54 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp094.dll
[2009/07/14 14:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 14:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/08 04:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\Windows\Jasc Media Center Plus.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 17:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/06 20:35:18 | 000,000,286 | -HS- | M] () -- C:\Users\Mistaria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/04/22 20:02:54 | 000,000,221 | -HS- | M] () -- C:\Users\Mistaria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/09 23:18:09 | 003,876,009 | R--- | M] () -- C:\Users\Mistaria\Desktop\ComboFix.exe
[2010/10/09 23:16:10 | 000,080,384 | ---- | M] () -- C:\Users\Mistaria\Desktop\MBRCheck.exe
[2010/10/10 12:36:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\OTL.exe
[2010/10/09 12:36:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mistaria\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/05/21 03:34:03 | 000,000,706 | ---- | M] () -- C:\Windows\AppPatch\Custom\{ca0f61a9-eba0-4c63-a1a5-29be24986d72}.sdb
[2010/05/20 02:41:34 | 000,000,662 | ---- | M] () -- C:\Windows\AppPatch\Custom\{e50ed635-3d0c-4a75-90ed-56d36c85d796}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 10:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/04/22 19:18:49 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/04/22 19:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/04/22 19:12:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/04/22 19:12:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/22 20:02:46 | 000,000,402 | -HS- | M] () -- C:\Users\Mistaria\Favorites\desktop.ini
[2010/05/03 15:45:39 | 000,000,256 | ---- | M] () -- C:\Users\Mistaria\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AFFC859A

< End of report >

(Hopefully this will be in the correct order, as I went by quick reply as it was easier, but I didn't realise it had to be checked by a moderator) Will repost normally if necessary.

Kinda creepy how you can tell so much about a girl by the files she keeps on her computer (or what she names her computer) :)
 
Next Logs!

Extra:


OTL Extras logfile created on: 10/10/2010 12:40:46 p.m. - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Mistaria\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 38.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): c:\pagefile.sys 1600 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 12.80 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HISSYFIT
Current User Name: Mistaria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found
.ini [@ = UltraEdit.ini] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found
.js [@ = UltraEdit.js] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found
.txt [@ = UltraEdit.txt] -- C:\Users\Mistaria\AppData\Local\Temp\RarSFX0\Uedit32.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [UnzipThemAll] -- "C:\Program Files\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Premium
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D793292-FC22-43BA-8D85-7FDC25D963C9}_is1" = Next DVD Ripper 3.3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{ca0f61a9-eba0-4c63-a1a5-29be24986d72}.sdb" = Vuse_Safe1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e50ed635-3d0c-4a75-90ed-56d36c85d796}.sdb" = Vuse Information
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{f0903d7f-c738-4da7-bc71-fd36b3e24ffd}" = Nero 9 Trial
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.0
"8461-7759-5462-8226" = Vuze
"A4 DVD Shrinker_is1" = A4 DVD Shrinker
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"All File Renamer" = All File Renamer
"avast5" = avast! Free Antivirus
"Azureus Ultra Accelerator" = Azureus Ultra Accelerator
"Bandwidth Monitor_is1" = Bandwidth Monitor
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Comical_is1" = Comical 0.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Declan's Chinese FlashCards_is1" = Declan's Chinese FlashCards v1.6
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.8.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Download Manager_is1" = Free Download Manager 3.0
"FreeStar Free DVD Ripper" = FreeStar Free DVD Ripper 3.0.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"JIT Scheduler" = JIT Scheduler
"LG PC Suite IV" = LG PC Suite IV
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"Novell iPrint Client" = Novell iPrint Client v05.32.00
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"PDF Reader 2" = PDF Reader 2
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video Converter
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"ShaPlus Bandwidth Meter" = ShaPlus Bandwidth Meter 1.3.1
"Shareaza_is1" = Shareaza 2.5.2.0
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TautologyBandwidthMeter" = Tautology Bandwidth Meter 1.7 (remove only)
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"UnzipThemAll_is1" = UnzipThemAll 1.3
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows Scheduler_is1" = System Scheduler 4.15
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 15/10/2009 10:18:47 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
Description =

Error - 24/10/2009 5:08:00 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
Description =

Error - 24/10/2009 5:08:01 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
Description =

Error - 18/11/2009 2:07:03 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
Description =

Error - 18/11/2009 2:07:04 a.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
Description =

Error - 14/06/2010 5:32:22 p.m. | Computer Name = HissyFit | Source = avast! | ID = 33554522
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


And now everyone knows what I'm studying :) .... Also the proxy server, is that causing problems? Because I can't connect via Safari to the internet at uni without it (though Firefox automatically connects).

Thanks.
 
You now know the general area where I live?
I'm not planning any trip to New Zealand in a near future....LOL

=========================================================================

Your Windows 7 would greatly benefit from adding another 1GB of RAM:
1,014.00 Mb Total Physical Memory

You're running low on C drive free space:
Drive C: | 111.78 Gb Total Space | 12.80 Gb Free Space | 11.45% Space Free

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Ask"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="
    [2009/09/04 02:13:24 | 000,000,687 | ---- | M] () -- C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default \searchplugins\ask.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52B72A7C
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AFFC859A
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL:

All processes killed
========== OTL ==========
Prefs.js: "Ask" removed from browser.search.defaultenginename
Prefs.js: "Ask" removed from browser.search.order.1
Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=" removed from keyword.URL
File C:\Users\Mistaria\AppData\Roaming\Mozilla\Firefox\Profiles\5dx28bou.default \searchplugins\ask.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShaPlus Bandwidth Meter deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:52B72A7C deleted successfully.
ADS C:\ProgramData\TEMP:AFFC859A deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mistaria
->Temp folder emptied: 6738061 bytes
->Temporary Internet Files folder emptied: 14701296 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104250688 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 19402 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1452 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 120.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mistaria
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10112010_092938

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Secuity Check:


Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.1
Mozilla Firefox (3.5.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


ESET:

C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.EC trojan
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir Win32/Bamital.EC trojan
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan

Bamital-eb --- where did this one come from, and not be noticed, *sigh.*
 
Bamital-eb --- where did this one come from, and not be noticed, *sigh.*
That's not a problem. It's just a data file Bamital leftover. That type of file is harmless, but we'll remove it in a moment.

Update Firefox.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\Users\Public\Documents\Server\hlp.dat
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Hello again :)

OTL1:


All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Users\Public\Documents\Server\hlp.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mistaria
->Temp folder emptied: 355425 bytes
->Temporary Internet Files folder emptied: 184978 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525740 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mistaria
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.14.1 log created on 10112010_160610

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

_______________________________________________________________

OTL2:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mistaria
->Temp folder emptied: 355056 bytes
->Temporary Internet Files folder emptied: 206701 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mistaria
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.14.1 log created on 10112010_161145

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Do I dare give a sigh of relief??

Oh yeah, how do I edit my thread's title? I've realised I've written winlogin.exe, instead of wininit.exe.
 
The main question....is your computer doing fine?

I'll edit topic title for you.
 
Laptop hasn't been redirecting.
All reboots and logins have been fine.
Avast reports no new threats.
Everything seems back to normal again :) (and if something stops being normal, you'll know because I'll be back here :p)
Thanks so much!
 
Status
Not open for further replies.
Back