also @ TechSpot: Microsoft backtracks: Drops daily check-ins, used games restrictions on Xbox One

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Partially removed System Check Virus Win 7, no Internet or safe mode

Discussion in 'Virus and Malware Removal' started by Joyfulldreams, Jan 5, 2012.

Post New Reply

Page 2 of 4

Joyfulldreams Newcomer, in training Posts: 44

When I first double-click on the .exe, I get this error:

16 bit MS-DOS Subsystem
---
C:\Users\Rebecca\Desktop\_OTL~1.EXE
The NTVDM CPU has encountered an illegal instruction.
CS:058a IP:010a OP:63 20 4f 53 20 Choose 'Close' to terminate the application.

Choose Close or Ignore?

Joyfulldreams, Jan 6, 2012

#21
Broni Malware Annihilator Posts: 40,071 +187

Delete your OTL file, download fresh one and try again.

Broni, Jan 6, 2012

#22
Joyfulldreams Newcomer, in training Posts: 44

Same thing happens...

Joyfulldreams, Jan 6, 2012

#23
Broni Malware Annihilator Posts: 40,071 +187
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Jan 6, 2012

#24
Joyfulldreams Newcomer, in training Posts: 44

I'm trying to boot via the CD, but when I enter the boot setup and look at the Boot priority order it doesn't say anything about a CD-ROM

Order says:
1: HDD : WDC WD2500BEVT-22ZCT0 - (PM)
2: ODD : HL-DT-ST DVDRAM GSA-T50N- (PS)
3: PCI LAN : MBA v11.0.11 Slot 0700
4: USB FDD :
5: USB KEY :
6: USB HDD : -(USB 2.0)
7: USB ODD :
8:

What do I do? ^_^;

Or, wait...is it the DVDRAM thing? Am I just being stupid?

Also, when I restarted the computer I got some warning about 'this window is set to be open at all times, if you close it you'll miss important warnings, are you sure you want to be like an ostrich and stick your head in the sand' or something like that, but I restarted anyway.

Joyfulldreams, Jan 6, 2012

#25

Broni Malware Annihilator Posts: 40,071 +187

Move this:
2: ODD : HL-DT-ST DVDRAM GSA-T50N- (PS)
to the first position.

Broni, Jan 6, 2012

#26

Joyfulldreams Newcomer, in training Posts: 44

Alright, booted up, and I'm still foggy on the whole internet thing, my house has Wi-Fi on a DSL that we call 'NETGEAR' and I honestly have no clue how to connect to it with the wi-fi settings on here...

When I click on the OTPLE icon the first thing it does is tell me to Browse for Folder, and gives me my computer with RAMDisk (B: ), Local Disk (C: ), Lenovo (D: ) (that's my laptop's manufacturer, I believe), Removable Disk (E: ) (my flash drive, I suppose?), Local Disk (F: ), ReatogoPE (X: ) and Shared Documents.

Uuuuh, I have no clue what to do.

I feel really dumb, but I don't want to do anything wrong.

Joyfulldreams, Jan 6, 2012

#27
Broni Malware Annihilator Posts: 40,071 +187

it does is tell me to Browse for Folder

That's not a good sign as it may mean Windows installation being corrupted.

Try to navigate to where Windows is actually installed.
Normally it'd be C:\Windows

Broni, Jan 6, 2012

#28
Joyfulldreams Newcomer, in training Posts: 44

I'll try and reproduce the layout for selecting the folders, because I can't make sense of it.

My Computer

RAMDisk (B: )
---- bin
---- Documents and Settings
-------- All Users
------------ More stuff
-------- Default User
------------ More Stuff
---- Logs
---- Programs
-------- Firefox Portable

Local Disk (C: )
---- Boot
-------- A whole bunch of folders with names like 'cs-CZ' or 'fi-FI' or 'el-GR', and one 'Fonts' folder
---- System Volume Information

Lenovo (D: )
---- $RECYCLE.BIN
---- drivers
---- System Volume Information
------- More Stuff

Removable Disk (E: )
---- A bunch of folders on my flash drive, including the folder I've been using to transport files and logs between my MacBook and my Laptop.

Local Disk (F: )
---- $Recycle.Bin
---- ArcSoft
------- Global Deploy
---- ComboFix
------- A configuration of folders and drop-downs that looks a lot like the main configuration but with more stuff
---- Conexant
------- SmartAudio
---- Config.Msi
---- Documents and Settings
---- MSOCache
------- All Users
----------- A lot of folders with names that are a long stream of numbers with 0's and dashes in between
---- PerfLogs
------- Admin
---- Program Files
------- Pretty much all my installed programs for my computer
---- ProgramData
------- More stuff involving my programs
---- Python27
------- DLLs
------- Doc
------- include
------- Lib
----------- more stuff
---- Qoobox
------- more stuff
---- Recovery
---- System Volume Information
------- Chkdsk
------- SPP
------- Windows Backup
----------- Catalogs
---- Users
------- More stuff (my users, I suppose)
---- videooutput
---- VirtualEditCapture
---- VirtualEditProjects
------- Stuff
---- Windows ( <-- DO I CLICK ON THIS?)
---- WTablet

ReatogoPE (X: )
---- I386
------- Stuff
---- PROGRAMS
------- Stuff
---- SFX
Shared Documents
---- Stuff

Joyfulldreams, Jan 6, 2012

#29
Broni Malware Annihilator Posts: 40,071 +187

( <-- DO I CLICK ON THIS?)

Yes.

Broni, Jan 6, 2012

#30
Joyfulldreams Newcomer, in training Posts: 44

Alright, now it tells me to Select User Profile instead of just 'would you like to load...'

There's LocalService, NetworkService, Rebecca (thats me), and systemprofile.

??

Joyfulldreams, Jan 6, 2012

#31
Broni Malware Annihilator Posts: 40,071 +187

Try your profile.

Broni, Jan 6, 2012

#32
Joyfulldreams Newcomer, in training Posts: 44

OTL logfile created on: 1/6/2012 3:33:15 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\windows | %ProgramFiles% = F:\Program Files
Drive C: | 200.00 Mb Total Space | 171.86 Mb Free Space | 85.93% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Drive E: | 3.61 Gb Total Space | 3.21 Gb Free Space | 89.06% Space Free | Partition Type: FAT32
Drive F: | 187.67 Gb Total Space | 18.63 Gb Free Space | 9.93% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2011/09/19 05:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto] -- F:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/10 13:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/23 11:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- F:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 13:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- F:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2010/05/20 17:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/09 20:57:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/14 11:01:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 19:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 18:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 09:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 14:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/22 13:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 09:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto] -- F:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto] -- F:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/18 14:59:48 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto] -- F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/06/04 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/08/15 08:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/11 12:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/07 13:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto] -- F:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- -- (yduowol)
DRV - File not found [Kernel | On_Demand] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] -- -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/01/05 04:03:45 | 000,044,928 | ---- | M] () [Kernel | Boot] -- F:\windows\System32\Drivers\f1fd89874c5dc9ed.sys -- (f1fd89874c5dc9ed)
DRV - [2010/05/20 17:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/12/09 20:44:31 | 000,054,800 | ---- | M] () [Kernel | System] -- F:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/11/04 19:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 19:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 19:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 19:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/14 13:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/28 16:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 16:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 07:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/19 11:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/06/14 21:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 08:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/09 09:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- F:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/06 07:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 13:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 19:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/10 17:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_F\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]

IE - HKU\NetworkService_ON_F\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]

IE - HKU\Rebecca_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startp...b63d&browser=IE&os=win&os_version=6.1-x86-SP0
IE - HKU\Rebecca_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Rebecca_ON_F\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\Rebecca_ON_F\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Rebecca_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rebecca_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: F:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: F:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 19:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 19:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/19 16:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 18:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 18:19:23 | 000,000,000 | ---D | M]

[2011/09/01 19:22:38 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/01/13 10:30:23 | 000,000,000 | ---D | M] (Skype extension) -- F:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 15:37:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/27 23:13:58 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 06:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/04 09:51:36 | 000,000,884 | RH-- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - F:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Rebecca_ON_F\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\Rebecca_ON_F\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] F:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] F:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] F:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Energy Management] F:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] F:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [FtJthnNSvuydIr.exe] File not found
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] F:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LifeCam] F:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SmartAudio] F:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GShortCut] F:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBToolTip] F:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VeriFaceManager] File not found
O4 - HKLM..\Run: [VX3000] F:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [7968a239e6bfab4.exe] File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] File not found
O4 - HKU\.DEFAULT..\Run: [winupd] F:\windows\TEMP:winupd.exe File not found
O4 - HKU\Rebecca_ON_F..\Run: [AdobeBridge] File not found
O4 - HKU\Rebecca_ON_F..\Run: [Pando Media Booster] F:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Rebecca_ON_F..\Run: [VeohPlugin] F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] F:\windows\System32\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klartew: DllName - C:\windows\system32\config\systemprofile\AppData\Local\klartew.dll - F:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 13:48:38 | 127,231,689 | ---- | C] (Igor Pavlov) -- F:\Users\Rebecca\Desktop\OTLPENet.exe
[2012/01/06 12:52:58 | 000,000,000 | --SD | C] -- F:\ComboFix
[2012/01/06 00:18:57 | 000,518,144 | ---- | C] (SteelWerX) -- F:\windows\SWREG.exe
[2012/01/06 00:18:57 | 000,406,528 | ---- | C] (SteelWerX) -- F:\windows\SWSC.exe
[2012/01/06 00:18:57 | 000,060,416 | ---- | C] (NirSoft) -- F:\windows\NIRCMD.exe
[2012/01/06 00:18:53 | 000,000,000 | ---D | C] -- F:\windows\ERDNT
[2012/01/06 00:17:08 | 000,000,000 | ---D | C] -- F:\Qoobox
[2012/01/06 00:08:43 | 004,372,321 | R--- | C] (Swearware) -- F:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/05 23:52:46 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\Desktop\bootkit_remover
[2012/01/05 22:38:00 | 004,704,768 | ---- | C] (AVAST Software) -- F:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/05 17:40:30 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- F:\Users\Rebecca\Desktop\iexplorer.exe
[2012/01/05 15:01:48 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\This thing rocks
[2012/01/05 13:56:13 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/30 10:25:59 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\AppData\Local\HP
[2011/12/25 12:49:26 | 000,000,000 | ---D | C] -- F:\windows\Sun
[2011/12/17 18:11:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/12/17 18:11:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/12/17 18:07:48 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\AppData\Local\WMTools Downloaded Files
[2011/12/17 17:36:15 | 000,000,000 | ---D | C] -- F:\Program Files\Movie Maker 2.6
[2011/12/14 00:56:56 | 000,606,208 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\mstime.dll
[2011/12/14 00:56:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\msfeeds.dll
[2011/12/14 00:56:56 | 000,381,440 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\iedkcs32.dll
[2011/12/14 00:56:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\ieui.dll
[2011/12/14 00:56:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\mshtml.tlb
[2011/12/14 00:56:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\html.iec
[2011/12/14 00:56:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\iepeers.dll
[2011/12/14 00:56:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\url.dll
[2011/12/14 00:56:55 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\msfeedsbs.dll
[2011/12/14 00:56:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\jsproxy.dll
[2011/12/14 00:56:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\licmgr10.dll
[2011/12/14 00:56:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\msfeedssync.exe
[2011/12/14 00:56:45 | 002,340,352 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\win32k.sys
[2011/12/14 00:56:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\tzres.dll
[2011/12/14 00:56:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\EncDec.dll
[2011/12/14 00:56:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\csrsrv.dll
[2011/12/14 00:56:36 | 003,901,808 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\ntoskrnl.exe
[2011/12/14 00:56:35 | 003,957,104 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\ntkrnlpa.exe
[2010/12/17 23:25:15 | 001,719,336 | ---- | C] (Yugma,Inc. ) -- F:\ProgramData\YugmaSE-Uninstaller.exe
[2 F:\windows\System32\*.tmp files -> F:\windows\System32\*.tmp -> ]
[1 F:\windows\*.tmp files -> F:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 13:58:37 | 000,067,584 | --S- | M] () -- F:\windows\bootstat.dat
[2012/01/06 13:43:58 | 127,231,689 | ---- | M] (Igor Pavlov) -- F:\Users\Rebecca\Desktop\OTLPENet.exe
[2012/01/06 13:26:22 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At21.job
[2012/01/06 13:26:21 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At22.job
[2012/01/06 13:24:48 | 000,004,096 | -H-- | M] () -- F:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/06 13:02:23 | 000,000,916 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313591606-2777530284-2021149797-1004UA.job
[2012/01/06 12:40:35 | 000,009,920 | -H-- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 12:40:35 | 000,009,920 | -H-- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At8.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At6.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At10.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At9.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At7.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At5.job
[2012/01/06 12:33:15 | 2362,912,768 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/06 12:30:31 | 000,011,608 | -HS- | M] () -- F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y
[2012/01/06 04:49:55 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At2.job
[2012/01/06 04:49:48 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At1.job
[2012/01/06 04:49:23 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At4.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At47.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At3.job
[2012/01/06 04:49:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At48.job
[2012/01/06 02:02:04 | 000,000,864 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313591606-2777530284-2021149797-1004Core.job
[2012/01/06 01:27:10 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At46.job
[2012/01/06 01:26:33 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At45.job
[2012/01/06 00:26:52 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At43.job
[2012/01/06 00:26:38 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At44.job
[2012/01/06 00:07:34 | 004,372,321 | R--- | M] (Swearware) -- F:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/05 23:50:54 | 000,044,607 | ---- | M] () -- F:\Users\Rebecca\Desktop\bootkit_remover.zip
[2012/01/05 23:26:35 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At42.job
[2012/01/05 23:26:21 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At41.job
[2012/01/05 22:28:06 | 004,704,768 | ---- | M] (AVAST Software) -- F:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/05 22:26:22 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At39.job
[2012/01/05 22:26:21 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At40.job
[2012/01/05 21:26:28 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At37.job
[2012/01/05 21:26:24 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At38.job
[2012/01/05 21:19:39 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At36.job
[2012/01/05 21:19:36 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At35.job
[2012/01/05 19:26:34 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At34.job
[2012/01/05 19:26:22 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At33.job
[2012/01/05 18:26:30 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At31.job
[2012/01/05 18:26:23 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At32.job
[2012/01/05 17:37:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- F:\Users\Rebecca\Desktop\iexplorer.exe

Joyfulldreams, Jan 6, 2012

#33
Joyfulldreams Newcomer, in training Posts: 44

(CONT...)

[2012/01/05 17:26:26 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At30.job
[2012/01/05 17:26:24 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At29.job
[2012/01/05 16:26:00 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At28.job
[2012/01/05 16:26:00 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At27.job
[2012/01/05 16:25:16 | 000,702,830 | ---- | M] () -- F:\windows\System32\perfh009.dat
[2012/01/05 16:25:16 | 000,136,738 | ---- | M] () -- F:\windows\System32\perfc009.dat
[2012/01/05 15:26:32 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At25.job
[2012/01/05 15:26:31 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At26.job
[2012/01/05 15:26:29 | 000,001,095 | ---- | M] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/05 15:26:29 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\This thing rocks
[2012/01/05 14:52:02 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/05 14:30:14 | 000,000,464 | ---- | M] () -- F:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 13:56:13 | 000,000,677 | ---- | M] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 12:58:48 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2012/01/05 12:58:48 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/05 12:58:48 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Doctor for Windows
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nancy Drew
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/01/05 12:58:47 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/05 12:58:47 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Notes
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Central
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diskeeper Corporation
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS4
[2012/01/05 12:58:46 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/05 12:58:46 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/05 12:58:46 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/01/05 12:58:46 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2012/01/05 12:52:51 | 108,634,424 | ---- | M] () -- F:\windows\MEMORY.DMP
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At16.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At14.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At12.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At15.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At13.job
[2012/01/05 10:36:17 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At11.job
[2012/01/05 04:03:45 | 000,044,928 | ---- | M] () -- F:\windows\System32\drivers\f1fd89874c5dc9ed.sys
[2012/01/04 14:26:31 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At23.job
[2012/01/04 14:26:22 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At24.job
[2012/01/04 12:26:23 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At20.job
[2012/01/04 12:26:00 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At19.job
[2012/01/04 12:12:10 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At18.job
[2012/01/04 12:11:31 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At17.job
[2012/01/04 09:51:36 | 000,000,884 | RH-- | M] () -- F:\windows\System32\drivers\etc\hosts
[2012/01/01 04:01:03 | 000,000,320 | ---- | M] () -- F:\windows\tasks\McQcTask.job
[2011/12/27 03:21:16 | 000,009,556 | -HS- | M] () -- F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/12/18 20:04:28 | 000,002,413 | ---- | M] () -- F:\Users\Rebecca\Desktop\Google Chrome.lnk
[2011/12/17 18:08:03 | 000,006,656 | ---- | M] () -- F:\Users\Rebecca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 09:39:14 | 000,000,342 | ---- | M] () -- F:\windows\tasks\McDefragTask.job
[2011/12/14 06:21:00 | 002,435,064 | ---- | M] () -- F:\windows\System32\FNTCACHE.DAT
[2011/12/10 18:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- F:\windows\System32\drivers\mbam.sys
[2 F:\windows\System32\*.tmp files -> F:\windows\System32\*.tmp -> ]
[1 F:\windows\*.tmp files -> F:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 13:25:20 | 000,004,096 | -H-- | C] () -- F:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/06 00:18:57 | 000,256,000 | ---- | C] () -- F:\windows\PEV.exe
[2012/01/06 00:18:57 | 000,208,896 | ---- | C] () -- F:\windows\MBR.exe
[2012/01/06 00:18:57 | 000,098,816 | ---- | C] () -- F:\windows\sed.exe
[2012/01/06 00:18:57 | 000,080,412 | ---- | C] () -- F:\windows\grep.exe
[2012/01/06 00:18:57 | 000,068,096 | ---- | C] () -- F:\windows\zip.exe
[2012/01/05 23:52:39 | 000,044,607 | ---- | C] () -- F:\Users\Rebecca\Desktop\bootkit_remover.zip
[2012/01/05 15:26:29 | 000,001,095 | ---- | C] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/05 13:56:13 | 000,000,677 | ---- | C] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 13:56:12 | 000,000,464 | ---- | C] () -- F:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 12:52:51 | 108,634,424 | ---- | C] () -- F:\windows\MEMORY.DMP
[2012/01/05 04:26:23 | 000,111,616 | ---- | C] () -- F:\windows\System32\h6v76t3.com
[2012/01/05 04:03:45 | 000,044,928 | ---- | C] () -- F:\windows\System32\drivers\f1fd89874c5dc9ed.sys
[2012/01/05 04:02:26 | 000,011,608 | -HS- | C] () -- F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y
[2011/12/25 14:00:37 | 000,009,556 | -HS- | C] () -- F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/11/25 20:27:04 | 000,000,000 | ---- | C] () -- F:\windows\System32\h6v76t3.com.b
[2011/11/25 20:24:13 | 000,000,112 | ---- | C] () -- F:\ProgramData\YSoO7f1pp.dat
[2011/11/25 20:24:07 | 000,111,616 | ---- | C] () -- F:\windows\System32\h6v76t3.com_
[2011/09/11 23:15:23 | 000,000,000 | ---- | C] () -- F:\windows\Shadow.INI
[2011/08/27 03:47:10 | 000,153,600 | ---- | C] () -- F:\windows\System32\IS_ContextMenu.dll
[2011/08/16 03:01:07 | 000,758,018 | ---- | C] () -- F:\windows\System32\xvidcore.dll
[2011/08/16 03:01:07 | 000,180,224 | ---- | C] () -- F:\windows\System32\xvidvfw.dll
[2011/08/16 02:45:12 | 000,006,656 | ---- | C] () -- F:\Users\Rebecca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\1c20t7270a6n4k50rdqh04
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\ProgramData\1c20t7270a6n4k50rdqh04
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2010/11/17 18:13:22 | 000,470,160 | ---- | C] () -- F:\windows\hphins26.dat.temp
[2010/11/17 18:13:22 | 000,000,349 | ---- | C] () -- F:\windows\hphmdl26.dat.temp
[2010/04/20 20:11:09 | 000,073,220 | ---- | C] () -- F:\windows\System32\EPPICPrinterDB.dat
[2010/04/20 20:11:09 | 000,031,053 | ---- | C] () -- F:\windows\System32\EPPICPattern131.dat
[2010/04/20 20:11:09 | 000,029,114 | ---- | C] () -- F:\windows\System32\EPPICPattern1.dat
[2010/04/20 20:11:09 | 000,027,417 | ---- | C] () -- F:\windows\System32\EPPICPattern121.dat
[2010/04/20 20:11:09 | 000,021,021 | ---- | C] () -- F:\windows\System32\EPPICPattern3.dat
[2010/04/20 20:11:09 | 000,015,670 | ---- | C] () -- F:\windows\System32\EPPICPattern5.dat
[2010/04/20 20:11:09 | 000,013,280 | ---- | C] () -- F:\windows\System32\EPPICPattern2.dat
[2010/04/20 20:11:09 | 000,010,673 | ---- | C] () -- F:\windows\System32\EPPICPattern4.dat
[2010/04/20 20:11:09 | 000,004,943 | ---- | C] () -- F:\windows\System32\EPPICPattern6.dat
[2010/04/20 20:11:09 | 000,001,140 | ---- | C] () -- F:\windows\System32\EPPICPresetData_PT.dat
[2010/04/20 20:11:09 | 000,001,140 | ---- | C] () -- F:\windows\System32\EPPICPresetData_BP.dat
[2010/04/20 20:11:09 | 000,001,137 | ---- | C] () -- F:\windows\System32\EPPICPresetData_ES.dat
[2010/04/20 20:11:09 | 000,001,130 | ---- | C] () -- F:\windows\System32\EPPICPresetData_FR.dat
[2010/04/20 20:11:09 | 000,001,130 | ---- | C] () -- F:\windows\System32\EPPICPresetData_CF.dat
[2010/04/20 20:11:09 | 000,001,104 | ---- | C] () -- F:\windows\System32\EPPICPresetData_EN.dat
[2010/04/20 20:11:09 | 000,000,097 | ---- | C] () -- F:\windows\System32\PICSDK.ini
[2010/04/20 20:07:44 | 000,065,793 | ---- | C] () -- F:\windows\System32\esfw8b.bin
[2010/04/20 20:06:55 | 000,000,044 | ---- | C] () -- F:\windows\PERFV30V300.ini
[2010/03/02 18:37:37 | 000,159,608 | ---- | C] () -- F:\windows\hphins26.dat
[2010/03/02 18:37:37 | 000,000,349 | ---- | C] () -- F:\windows\hphmdl26.dat
[2010/02/09 08:29:26 | 000,000,056 | ---- | C] () -- F:\ProgramData\ezsidmv.dat
[2009/12/09 20:45:13 | 002,110,728 | ---- | C] () -- F:\windows\System32\Apblend.dll
[2009/12/09 20:45:13 | 001,410,312 | ---- | C] () -- F:\windows\System32\IcnOvrly.dll
[2009/12/09 20:45:13 | 001,171,456 | ---- | C] () -- F:\windows\System32\PicNotify.dll
[2009/12/09 20:45:13 | 000,660,744 | ---- | C] () -- F:\windows\System32\EncIcons.dll
[2009/12/09 20:45:13 | 000,513,288 | ---- | C] () -- F:\windows\System32\SimpleExt.dll
[2009/12/09 20:45:03 | 001,044,480 | ---- | C] () -- F:\windows\System32\3DImageRenderer.dll
[2009/12/09 20:44:31 | 000,057,344 | ---- | C] () -- F:\windows\AsfHelper.dll
[2009/12/09 20:44:31 | 000,054,800 | ---- | C] () -- F:\windows\System32\drivers\funfrm.sys
[2009/12/09 20:44:19 | 000,163,840 | ---- | C] () -- F:\windows\System32\SM37XCoInst.dll
[2009/12/09 20:43:01 | 000,140,288 | ---- | C] () -- F:\windows\System32\igfxtvcx.dll
[2009/12/09 20:38:57 | 000,016,648 | R--- | C] () -- F:\windows\System32\LogAPI.dll
[2009/12/09 20:37:06 | 000,982,220 | ---- | C] () -- F:\windows\System32\igkrng500.bin
[2009/12/09 20:37:06 | 000,134,592 | ---- | C] () -- F:\windows\System32\igfcg500.bin
[2009/12/09 20:37:06 | 000,092,216 | ---- | C] () -- F:\windows\System32\igfcg500m.bin
[2009/12/09 20:37:05 | 000,439,300 | ---- | C] () -- F:\windows\System32\igcompkrng500.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- F:\windows\bootstat.dat
[2009/07/13 23:33:53 | 002,435,064 | ---- | C] () -- F:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,702,830 | ---- | C] () -- F:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- F:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,136,738 | ---- | C] () -- F:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- F:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- F:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- F:\windows\System32\dssec.dat
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- F:\windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- F:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- F:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\windows\System32\BWContextHandler.dll
[2009/07/13 18:24:44 | 002,614,784 | ---- | C] () -- F:\windows\expl.dat
[2009/07/13 18:24:44 | 000,285,696 | ---- | C] () -- F:\windows\System32\winl.dat
[2009/07/13 18:24:44 | 000,020,992 | ---- | C] () -- F:\windows\System32\svch.dat
[2009/06/26 19:21:02 | 000,015,498 | ---- | C] () -- F:\windows\VX3000.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\windows\System32\mlang.dat
[2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- F:\windows\System32\mase32.dll
[2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- F:\windows\System32\ma32.dll

========== LOP Check ==========

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2009/11/17 06:06:13 | 000,000,000 | -H-D | M] -- F:\ProgramData\DDNI
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2010/02/09 07:30:00 | 000,000,000 | ---D | M] -- F:\ProgramData\Diskeeper Corporation
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/12/09 20:44:31 | 000,000,000 | ---D | M] -- F:\ProgramData\EasyCapture
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/05/21 10:26:35 | 000,000,000 | ---D | M] -- F:\ProgramData\Giraffic
[2009/12/09 20:52:15 | 000,000,000 | ---D | M] -- F:\ProgramData\GuardID Systems
[2009/12/09 20:52:34 | 000,000,000 | ---D | M] -- F:\ProgramData\IsolatedStorage
[2010/11/28 23:15:27 | 000,000,000 | ---D | M] -- F:\ProgramData\NCH Swift Sound
[2009/12/09 20:36:40 | 000,000,000 | ---D | M] -- F:\ProgramData\PC-Doctor for Windows
[2009/12/09 20:36:40 | 000,000,000 | ---D | M] -- F:\ProgramData\PCDr
[2011/08/16 02:35:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle
[2011/08/16 02:31:37 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle Studio Plus
[2011/08/16 02:35:57 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle Studio Ultimate
[2011/08/26 16:55:50 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle VideoSpin
[2011/08/26 16:22:41 | 000,000,000 | ---D | M] -- F:\ProgramData\PMB Files
[2011/02/12 13:35:15 | 000,000,000 | ---D | M] -- F:\ProgramData\regid.1986-12.com.adobe
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2011/08/16 02:31:37 | 000,000,000 | ---D | M] -- F:\ProgramData\Studio 14
[2011/08/16 02:24:57 | 000,000,000 | ---D | M] -- F:\ProgramData\Studio14Trial
[2010/02/14 11:46:13 | 000,000,000 | ---D | M] -- F:\ProgramData\SYSTEMAX Software Development
[2011/08/16 00:30:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Tarma Installer
[2009/11/17 05:51:08 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2009/11/17 05:50:03 | 000,000,000 | ---D | M] -- F:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/10/11 19:19:51 | 000,000,000 | ---D | M] -- F:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/06 04:49:48 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At1.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At10.job
[2012/01/05 10:36:17 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At11.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At12.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At13.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At14.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At15.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At16.job
[2012/01/04 12:11:31 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At17.job
[2012/01/04 12:12:10 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At18.job
[2012/01/04 12:26:00 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At19.job
[2012/01/06 04:49:55 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At2.job
[2012/01/04 12:26:23 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At20.job
[2012/01/06 13:26:22 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At21.job
[2012/01/06 13:26:21 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At22.job
[2012/01/04 14:26:31 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At23.job
[2012/01/04 14:26:22 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At24.job
[2012/01/05 15:26:32 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At25.job
[2012/01/05 15:26:31 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At26.job
[2012/01/05 16:26:00 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At27.job
[2012/01/05 16:26:00 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At28.job
[2012/01/05 17:26:24 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At29.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At3.job
[2012/01/05 17:26:26 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At30.job
[2012/01/05 18:26:30 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At31.job
[2012/01/05 18:26:23 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At32.job
[2012/01/05 19:26:22 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At33.job
[2012/01/05 19:26:34 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At34.job
[2012/01/05 21:19:36 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At35.job
[2012/01/05 21:19:39 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At36.job
[2012/01/05 21:26:28 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At37.job
[2012/01/05 21:26:24 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At38.job
[2012/01/05 22:26:22 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At39.job
[2012/01/06 04:49:23 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At4.job
[2012/01/05 22:26:21 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At40.job
[2012/01/05 23:26:21 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At41.job
[2012/01/05 23:26:35 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At42.job
[2012/01/06 00:26:52 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At43.job
[2012/01/06 00:26:38 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At44.job
[2012/01/06 01:26:33 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At45.job
[2012/01/06 01:27:10 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At46.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At47.job
[2012/01/06 04:49:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At48.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At5.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At6.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At7.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At8.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At9.job
[2011/12/15 09:39:14 | 000,000,342 | ---- | M] () -- F:\windows\Tasks\McDefragTask.job
[2012/01/01 04:01:03 | 000,000,320 | ---- | M] () -- F:\windows\Tasks\McQcTask.job
[2011/05/12 17:34:54 | 000,032,624 | ---- | M] () -- F:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 244736 bytes -> F:\windows\Temp:winupd.exe
< End of report >

Joyfulldreams, Jan 6, 2012

#34

Broni Malware Annihilator Posts: 40,071 +187

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
DRV - [2012/01/05 04:03:45 | 000,044,928 | ---- | M] () [Kernel | Boot] -- F:\windows\System32\Drivers\f1fd89874c5dc9ed.sys -- (f1fd89874c5dc9ed)
[2012/01/05 04:03:45 | 000,044,928 | ---- | M] () -- F:\windows\System32\drivers\f1fd89874c5dc9ed.sys
DRV - File not found [Kernel | Boot] -- -- (yduowol)
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FtJthnNSvuydIr.exe] File not found
O4 - HKU\.DEFAULT..\Run: [7968a239e6bfab4.exe] File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] File not found
O4 - HKU\.DEFAULT..\Run: [winupd] F:\windows\TEMP:winupd.exe File not found
O4 - HKU\Rebecca_ON_F..\Run: [AdobeBridge] File not found
O20 - Winlogon\Notify\klartew: DllName - C:\windows\system32\config\systemprofile\AppData\Local\klartew.dll - F:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll ()
O37 - HKLM\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
[2012/01/06 12:30:31 | 000,011,608 | -HS- | M] () -- F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y
[2011/12/27 03:21:16 | 000,009,556 | -HS- | M] () -- F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\1c20t7270a6n4k50rdqh04
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\ProgramData\1c20t7270a6n4k50rdqh04
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122
@Alternate Data Stream - 244736 bytes -> F:\windows\Temp:winupd.exe

:Services

:Reg

:Files
F:\windows\tasks\At*.job

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

See if you can run aswMBR and Combofix now.

Broni, Jan 6, 2012

#35

Joyfulldreams Newcomer, in training Posts: 44

Wait, do I reboot it via the hard drive or the CD-ROM?
Oh, wait, nevermind...don't answer that.

Here's the log:

��========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\f1fd89874c5dc9ed deleted successfully.

F:\Windows\System32\drivers\f1fd89874c5dc9ed.sys moved successfully.

File F:\windows\System32\drivers\f1fd89874c5dc9ed.sys not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yduowol deleted successfully.

94.63.240.131 www.google.com removed from HOSTS file successfully

94.63.240.132 www.bing.com removed from HOSTS file successfully

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FtJthnNSvuydIr.exe deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\7968a239e6bfab4.exe deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\winupd deleted successfully.

Registry value HKEY_USERS\Rebecca_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klartew\ deleted successfully.

F:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll moved successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Classes\E7\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y moved successfully.

F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7 moved successfully.

F:\Users\Rebecca\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006 moved successfully.

F:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006 moved successfully.

F:\Users\Rebecca\AppData\Local\1c20t7270a6n4k50rdqh04 moved successfully.

F:\ProgramData\1c20t7270a6n4k50rdqh04 moved successfully.

F:\Users\Rebecca\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.

F:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.

ADS F:\windows\Temp:winupd.exe deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

F:\windows\tasks\At1.job moved successfully.

F:\windows\tasks\At10.job moved successfully.

F:\windows\tasks\At11.job moved successfully.

F:\windows\tasks\At12.job moved successfully.

F:\windows\tasks\At13.job moved successfully.

F:\windows\tasks\At14.job moved successfully.

F:\windows\tasks\At15.job moved successfully.

F:\windows\tasks\At16.job moved successfully.

F:\windows\tasks\At17.job moved successfully.

F:\windows\tasks\At18.job moved successfully.

F:\windows\tasks\At19.job moved successfully.

F:\windows\tasks\At2.job moved successfully.

F:\windows\tasks\At20.job moved successfully.

F:\windows\tasks\At21.job moved successfully.

F:\windows\tasks\At22.job moved successfully.

F:\windows\tasks\At23.job moved successfully.

F:\windows\tasks\At24.job moved successfully.

F:\windows\tasks\At25.job moved successfully.

F:\windows\tasks\At26.job moved successfully.

F:\windows\tasks\At27.job moved successfully.

F:\windows\tasks\At28.job moved successfully.

F:\windows\tasks\At29.job moved successfully.

F:\windows\tasks\At3.job moved successfully.

F:\windows\tasks\At30.job moved successfully.

F:\windows\tasks\At31.job moved successfully.

F:\windows\tasks\At32.job moved successfully.

F:\windows\tasks\At33.job moved successfully.

F:\windows\tasks\At34.job moved successfully.

F:\windows\tasks\At35.job moved successfully.

F:\windows\tasks\At36.job moved successfully.

F:\windows\tasks\At37.job moved successfully.

F:\windows\tasks\At38.job moved successfully.

F:\windows\tasks\At39.job moved successfully.

F:\windows\tasks\At4.job moved successfully.

F:\windows\tasks\At40.job moved successfully.

F:\windows\tasks\At41.job moved successfully.

F:\windows\tasks\At42.job moved successfully.

F:\windows\tasks\At43.job moved successfully.

F:\windows\tasks\At44.job moved successfully.

F:\windows\tasks\At45.job moved successfully.

F:\windows\tasks\At46.job moved successfully.

F:\windows\tasks\At47.job moved successfully.

F:\windows\tasks\At48.job moved successfully.

F:\windows\tasks\At5.job moved successfully.

F:\windows\tasks\At6.job moved successfully.

F:\windows\tasks\At7.job moved successfully.

F:\windows\tasks\At8.job moved successfully.

F:\windows\tasks\At9.job moved successfully.

========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01062012_162558

Going to reboot normally and try to run those two things now.

Joyfulldreams, Jan 6, 2012

#36
Joyfulldreams Newcomer, in training Posts: 44

Booted up normally, and hey! My internet is back! Woohoo!

Joyfulldreams, Jan 6, 2012

#37
Joyfulldreams Newcomer, in training Posts: 44

Here's the aswMBR log, ran without a problem:

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 16:40:42
-----------------------------
16:40:42.824 OS Version: Windows 6.1.7600
16:40:42.824 Number of processors: 2 586 0x170A
16:40:42.827 ComputerName: REBECCA-PC UserName: Rebecca
16:41:10.385 Initialize success
16:42:58.625 AVAST engine defs: 12010601
16:43:50.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:43:50.320 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
16:43:50.365 Disk 0 MBR read successfully
16:43:50.370 Disk 0 MBR scan
16:43:50.384 Disk 0 Windows 7 default MBR code
16:43:50.402 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
16:43:50.416 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 192191 MB offset 411648
16:43:50.426 Disk 0 Partition - 00 0F Extended LBA 30973 MB offset 394021568
16:43:50.477 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 457454272
16:43:50.512 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30972 MB offset 394023616
16:43:50.525 Disk 0 scanning sectors +488397168
16:43:50.931 Disk 0 scanning C:\windows\system32\drivers
16:44:03.994 Service scanning
16:44:06.606 Modules scanning
16:44:12.250 Disk 0 trace - called modules:
16:44:12.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:44:12.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8721a030]
16:44:12.301 3 CLASSPNP.SYS[8b95b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8642e028]
16:44:14.184 AVAST engine scan C:\windows
16:44:18.740 AVAST engine scan C:\windows\system32
16:45:05.018 File: C:\windows\system32\h6v76t3.com **INFECTED** Win32:Malware-gen
16:45:05.094 File: C:\windows\system32\h6v76t3.com_ **INFECTED** Win32:Malware-gen
16:47:14.427 AVAST engine scan C:\windows\system32\drivers
16:47:34.481 AVAST engine scan C:\Users\Rebecca
16:47:46.931 File: C:\Users\Rebecca\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll **INFECTED** Win32:Malware-gen
16:47:47.395 File: C:\Users\Rebecca\AppData\Local\Conduit\ConduitUpdate\Conduitupdt32.dll **INFECTED** Win32:Malware-gen
16:50:04.627 File: C:\Users\Rebecca\AppData\Local\Temp\9704.tmp **INFECTED** Win32:Malware-gen
16:50:05.052 File: C:\Users\Rebecca\AppData\Local\Temp\A556.tmp **INFECTED** Win32:Malware-gen
16:50:07.240 File: C:\Users\Rebecca\AppData\Local\Temp\B583.tmp **INFECTED** Win32:Alureon-AEX [Trj]
16:50:07.438 File: C:\Users\Rebecca\AppData\Local\Temp\BD1F.tmp **INFECTED** Win32:Tracur-EU [Trj]
16:50:07.930 File: C:\Users\Rebecca\AppData\Local\Temp\CA87.tmp **INFECTED** Win32:Tracur-EU [Trj]
16:51:44.922 File: C:\Users\Rebecca\AppData\Local\Temp\setup2688442240.exe **INFECTED** Win32:Alureon-AEX [Trj]
16:51:45.148 File: C:\Users\Rebecca\AppData\Local\Temp\setup4002649120.exe **INFECTED** Win32:Alureon-AEX [Trj]
16:58:37.598 File: C:\Users\Rebecca\AppData\Local\Temp\w7e8EB6.tmp **INFECTED** Win32ownloader-KCV [Trj]
16:58:37.705 File: C:\Users\Rebecca\AppData\Local\Temp\w7e908B.tmp.exe **INFECTED** Win32:Malware-gen
16:58:58.405 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\54a13990-62b31dc8 **INFECTED** Win32:MalOb-GR [Cryp]
16:58:58.510 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7035a690-54a5bfb4 **INFECTED** Win32:FakeSysdef-EG [Trj]
16:58:58.623 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\40d8dd51-5b9a7729 **INFECTED** Win32:MalOb-FN [Cryp]
16:58:59.102 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\39e1d656-4bccfd5e **INFECTED** Win32:Renosa-I [Wrm]
16:58:59.575 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\682422df-128b7d1d **INFECTED** Win32:Renosa-D [Trj]
16:59:03.495 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\233085ba-2b8e9acf **INFECTED** Win32:MalOb-GR [Cryp]
16:59:03.921 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5b33fe3b-33eb9e5b **INFECTED** Win32:MalOb-FN [Cryp]
17:00:02.344 File: C:\Users\Rebecca\AppData\Roaming\Microsoft\DF52\B24D.tmp **INFECTED** Win32:Jorik-DL [Trj]
17:10:15.807 AVAST engine scan C:\ProgramData
17:17:45.246 Scan finished successfully
17:21:21.500 Disk 0 MBR has been saved successfully to "C:\Users\Rebecca\Desktop\MBR.dat"
17:21:21.523 The log file has been saved successfully to "C:\Users\Rebecca\Desktop\aswMBR.txt"

Joyfulldreams, Jan 6, 2012

#38
Joyfulldreams Newcomer, in training Posts: 44

Alright, I'm having trouble disabling McAfee Virus Scan on my computer.

When I look at Virus Scan in the Security Center, it says that 'McAfee VirusScan Plus can no longer scan your computer....because you havn't activated your subscription', as it should, because I didn't want it in the first place. Yet ComboFix says it's active, and I don't have any clue how to disable it, because I never activated it in the first place!

Joyfulldreams, Jan 6, 2012

#39
Broni Malware Annihilator Posts: 40,071 +187

Good news

Disregard Combofix warning and run it anyway.

Broni, Jan 6, 2012

#40

Page 2 of 4

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.