WiredWX Hobby Weather ToolsLog in

 


Ramnit.H

2 posters

descriptionRamnit.H EmptyRamnit.H17th November 2011, 11:23 am

more_horiz
I hope someone can help me avoid a complete re-install! Both my PC and laptop are riddled with this virus - I am going to post the OTL and aswMBR log files for the PC - I could cope with wiping the laptop if I need to!

OTL log:
OTL logfile created on: 16/11/2011 18:36:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Fiona Murdoch\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 69.46% Memory free
5.09 Gb Paging File | 4.16 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 27.65 Gb Free Space | 5.94% Space Free | Partition Type: NTFS

Computer Name: YOUR-9CEC27D1F6 | User Name: Fiona Murdoch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fiona Murdoch\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe (Belkin International, Inc.)
PRC - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Mozilla Firefox2\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
PRC - C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
MOD - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV - (KMWDSERVICE) -- C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe (UASSOFT.COM)


========== Driver Services (SafeList) ==========

DRV - (KProcessHacker2) -- C:\Program Files\Process Hacker 2\kprocesshacker.sys (wj32)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sxuptp) -- C:\WINDOWS\system32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (KMWDFILTERx86) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (rt2500usb) DWL-G122(rev.B) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 74 A4 F4 21 9B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60970


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Fiona Murdoch\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/28 13:38:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/28 13:38:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B2D719ED-77E8-4531-957F-33720BFEDAF2}: C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\{B2D719ED-77E8-4531-957F-33720BFEDAF2} [2011/04/04 11:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/10/26 07:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona Murdoch\Application Data\Mozilla\Extensions
[2010/10/26 07:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona Murdoch\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/16 17:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona Murdoch\Application Data\Mozilla\Firefox\Profiles\7qlgntqp.default\extensions
[2010/06/17 12:04:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fiona Murdoch\Application Data\Mozilla\Firefox\Profiles\7qlgntqp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/10 08:22:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Fiona Murdoch\Application Data\Mozilla\Firefox\Profiles\7qlgntqp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/11/08 09:02:03 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Fiona Murdoch\Application Data\Mozilla\Firefox\Profiles\7qlgntqp.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/11/14 16:35:52 | 000,000,031 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [KfuLejqr] C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\cydyqgke\kfulejqr.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [winWIRpl] C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\DesktopMain32\winWIRpl.dll ()
O4 - Startup: C:\Documents and Settings\Fiona Murdoch\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272390567437 (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03222C04-D64F-4F29-A257-142590E3281F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\cydyqgke\kfulejqr.exe) -C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\cydyqgke\kfulejqr.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 00:41:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 18:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Process Hacker 2
[2011/11/16 18:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Process Hacker 2
[2011/11/16 18:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011/11/16 18:09:22 | 001,710,779 | ---- | C] (wj32 ) -- C:\Documents and Settings\Fiona Murdoch\Desktop\processhacker-2.23-setup.exe
[2011/11/16 18:03:31 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\regxxxedit.exe
[2011/11/16 16:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\ApplicationHistory
[2011/11/16 16:03:48 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/11/14 16:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Application Data\SUPERAntiSpyware.com
[2011/11/14 16:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/14 16:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/14 16:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/14 11:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\DesktopMain32
[2011/11/12 13:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\Skyrim
[2011/11/12 13:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Razor 1911
[2011/11/12 13:05:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/11/11 22:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\cydyqgke
[2011/11/04 13:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/11/04 13:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2011/11/03 21:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\Oblivion
[2011/11/03 19:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/03 15:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona Murdoch\Application Data\LucasArts
[2011/11/03 15:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Secret Of Monkey Island SE
[2011/10/25 19:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2011/10/23 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Thief2
[2011/10/22 10:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LucasArts
[2011/10/22 10:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2011/10/22 10:28:11 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/04/02 11:17:50 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HousecallLauncher.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 18:10:22 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2011/11/16 18:09:37 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Process Hacker 2.lnk
[2011/11/16 18:09:22 | 001,710,779 | ---- | M] (wj32 ) -- C:\Documents and Settings\Fiona Murdoch\Desktop\processhacker-2.23-setup.exe
[2011/11/16 18:06:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/16 16:05:24 | 000,223,233 | ---- | M] () -- C:\MGlogs.zip
[2011/11/16 16:05:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/16 14:59:14 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Microsoft Outlook 2010.lnk
[2011/11/16 14:06:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/16 06:55:06 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Microsoft Word 2010.lnk
[2011/11/16 06:49:37 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1682526488-839522115-1003.job
[2011/11/16 06:49:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 16:53:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/14 16:51:07 | 002,425,656 | ---- | M] () -- C:\MGtools.exe
[2011/11/14 16:20:56 | 000,000,361 | RHS- | M] () -- C:\boot.ini
[2011/11/14 11:16:27 | 001,083,193 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\flower brooches.pdf
[2011/11/14 11:14:59 | 000,466,135 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\Fused plastic and fabric brooch.pdf
[2011/11/14 11:12:03 | 000,513,996 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\Feather earrings.pdf
[2011/11/13 20:30:07 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Shortcut to TESV.exe.lnk
[2011/11/13 19:34:45 | 000,056,401 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\Floating-rubbish-dump-AAP-5872839.jpg
[2011/11/13 19:32:25 | 000,023,484 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\car-exhaust.jpg
[2011/11/13 19:31:32 | 000,110,440 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\BEN1615.jpg
[2011/11/13 09:18:30 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/12 20:51:01 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1682526488-839522115-1003.job
[2011/11/12 19:37:54 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 17:56:41 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/11/11 11:07:42 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Planning Day.indd
[2011/11/11 10:55:49 | 001,059,690 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Planning Day.jpg
[2011/11/11 10:30:53 | 000,195,026 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Planning Day.pdf
[2011/11/11 10:03:41 | 000,008,114 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\heart.jpg
[2011/11/10 09:38:55 | 000,008,769 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\gold star.jpg
[2011/11/05 07:25:14 | 000,510,218 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/05 07:25:14 | 000,096,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 13:02:23 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BBC iPlayer Desktop.lnk
[2011/10/25 06:56:35 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Fiona Murdoch\Application Data\Final Draft Tagger Preferences
[2011/10/23 17:54:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2011/10/22 20:18:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/16 18:09:37 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Process Hacker 2.lnk
[2011/11/16 16:03:50 | 000,223,233 | ---- | C] () -- C:\MGlogs.zip
[2011/11/14 16:53:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/14 16:50:52 | 002,425,656 | ---- | C] () -- C:\MGtools.exe
[2011/11/14 11:16:23 | 001,083,193 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\flower brooches.pdf
[2011/11/14 11:14:58 | 000,466,135 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\Fused plastic and fabric brooch.pdf
[2011/11/14 11:12:02 | 000,513,996 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\Feather earrings.pdf
[2011/11/13 20:30:07 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Shortcut to TESV.exe.lnk
[2011/11/13 19:34:45 | 000,056,401 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\Floating-rubbish-dump-AAP-5872839.jpg
[2011/11/13 19:32:25 | 000,023,484 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\car-exhaust.jpg
[2011/11/13 19:29:41 | 000,110,440 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\My Documents\BEN1615.jpg
[2011/11/13 09:18:30 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/11 10:31:12 | 001,059,690 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Planning Day.jpg
[2011/11/11 10:29:20 | 000,195,026 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Planning Day.pdf
[2011/11/11 10:03:40 | 000,008,114 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\heart.jpg
[2011/11/10 09:38:01 | 000,008,769 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\gold star.jpg
[2011/11/07 08:09:35 | 003,702,784 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Desktop\Planning Day.indd
[2011/11/04 13:02:24 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2011/11/04 13:02:23 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2011/11/04 13:02:23 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BBC iPlayer Desktop.lnk
[2011/11/03 21:53:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/10/25 06:56:35 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Application Data\Final Draft Tagger Preferences
[2011/10/23 17:54:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/10/06 21:35:10 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2011/08/30 20:16:24 | 000,059,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/21 15:02:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/04/12 12:10:21 | 001,909,104 | ---- | C] () -- C:\Program Files\LOTROEU_Enedwaith_EN_GB_Downloader.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/04 08:18:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/04 08:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/04 08:18:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/04 08:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/04 08:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 08:07:24 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\housecall.guid.cache
[2011/04/02 07:46:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Usiduzozecahexof.dat
[2011/04/02 07:46:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wzaseyomebufebos.bin
[2011/04/02 07:44:17 | 000,004,313 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Application Data\14DA.5EF
[2011/03/27 13:12:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Ppviewer.INI
[2011/02/28 12:41:25 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Application Data\Adobe PNG Format CS5 Prefs
[2011/02/14 21:20:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/08 12:31:22 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Application Data\Adobe GIF Format CS5 Prefs
[2010/10/24 15:33:20 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/10/24 15:30:16 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/24 15:30:13 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/24 15:30:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/08 14:43:55 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/10/07 11:04:15 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/09/30 17:22:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/09/20 10:37:12 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/09/20 10:20:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2010/08/29 22:12:16 | 000,004,952 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/14 17:26:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/07 13:05:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/06/02 14:56:39 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2010/06/02 14:56:39 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2010/05/04 04:58:13 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/05/03 20:13:38 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Fiona Murdoch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 03:51:54 | 000,032,550 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2010/04/28 01:28:16 | 000,030,502 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/04/28 00:59:12 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/04/28 00:59:12 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/04/28 00:59:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/04/28 00:59:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/04/28 00:55:51 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/28 00:55:45 | 000,030,137 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/28 00:55:45 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/04/28 00:42:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 00:39:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/27 18:06:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/04/27 18:02:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/27 17:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/27 17:29:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/27 17:26:55 | 003,775,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,510,218 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,096,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe

========== LOP Check ==========

[2011/10/08 10:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/10/08 10:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2010/06/14 17:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/05/20 13:01:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/05 10:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/10/06 21:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/04/14 12:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/08/08 14:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 10:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/30 09:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/01 18:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/01 10:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/11 18:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/10/18 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/25 19:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2011/07/10 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/03/25 09:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\ArcVP
[2011/11/04 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/06/14 17:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Canneverbe Limited
[2011/04/11 09:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/14 12:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Downloaded Installations
[2011/04/02 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\DriverCure
[2011/04/05 10:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\f-secure
[2011/03/25 09:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Facebook
[2011/10/06 21:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Final Draft
[2011/05/20 12:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Lionhead Studios
[2011/11/03 15:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\LucasArts
[2011/04/14 12:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Nitro PDF
[2011/04/02 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\ParetoLogic
[2011/11/16 18:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Process Hacker 2
[2011/06/02 20:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\SharePod
[2011/07/11 08:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Skinux
[2011/11/15 19:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Spotify
[2011/02/28 12:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/16 15:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\uTorrent
[2011/07/13 09:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Windows Search
[2011/02/11 18:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\Worldwinner
[2010/08/28 17:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fiona Murdoch\Application Data\XRay Engine

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E3B9B6
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >

And the other one:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-17 11:12:39
-----------------------------
11:12:39.984 OS Version: Windows 5.1.2600 Service Pack 3
11:12:39.984 Number of processors: 2 586 0x170A
11:12:39.984 ComputerName: YOUR-9CEC27D1F6 UserName: Fiona Murdoch
11:12:41.734 Initialize success
11:12:53.234 AVAST engine download error: 0
11:12:57.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
11:12:57.828 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
11:12:59.906 Disk 0 MBR read successfully
11:12:59.906 Disk 0 MBR scan
11:12:59.906 Disk 0 Windows XP default MBR code
11:12:59.906 Disk 0 scanning sectors +976752000
11:12:59.984 Disk 0 scanning C:\WINDOWS\system32\drivers
11:13:12.671 Service scanning
11:13:13.484 Modules scanning
11:13:19.375 Disk 0 trace - called modules:
11:13:19.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:13:19.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ade2ab8]
11:13:19.390 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8ae019e8]
11:13:19.390 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-12[0x8ae00d98]
11:13:19.390 Scan finished successfully
11:13:27.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Fiona Murdoch\Desktop\MBR.dat"
11:13:27.968 The log file has been saved successfully to "C:\Documents and Settings\Fiona Murdoch\Desktop\aswMBR.txt"

Thank you
Fiona

descriptionRamnit.H EmptyRe: Ramnit.H17th November 2011, 11:26 am

more_horiz
Also, PC won't boot into Safe Mode.......

descriptionRamnit.H EmptyRe: Ramnit.H17th November 2011, 6:35 pm

more_horiz
Sorry, but there is no way of fixing this. Rammnit is a file infecter and can't be removed.

Attention: Your computer is severely infected with Win32\Rammnit what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:


  • How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  • What Should I Do If I've Become A Victim Of Identity Theft?
  • Identity Theft Victims Guide - What to do



Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:


  • When should I re-format? How should I reinstall?
  • Help: I Got Hacked. Now What Do I Do?
  • Help: I Got Hacked. Now What Do I Do? Part II
  • Where to draw the line? When to recommend a format and reinstall?

Guides for format and reinstall:

How to reformat and reinstall your Operating System

How to reformat and reinstall your Operating System - the easy way

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

descriptionRamnit.H EmptyRe: Ramnit.H

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum