also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Virus/malware that keeps coming back despite being removed with Malwarebytes

Discussion in 'Virus and Malware Removal' started by lunsk, Feb 28, 2012.

Post New Reply

Page 3 of 6

lunsk Newcomer, in training Posts: 62

I got it to boot from cd, but when I open otle it asks me to select a folder saying "choose window directory" what should I do?

Whenever I select a folder. It says "target is not windows 2000 or later"

lunsk, Feb 29, 2012

#41
Broni Malware Annihilator Posts: 39,288 +175

Navigate to the folder where Windows is installed.
That would be C:\Windows.

Broni, Feb 29, 2012

#42
lunsk Newcomer, in training Posts: 62

Nevermind, it started up again

lunsk, Feb 29, 2012

#43
lunsk Newcomer, in training Posts: 62

I have the log here, split in 3:

OTL logfile created on: 2/29/2012 10:11:03 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 3.84 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.59 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (z800bus)
SRV - File not found [Auto] -- -- (slimsvc)
SRV - File not found [Auto] -- -- (se58mdfl)
SRV - File not found [Auto] -- -- (pnmsrv)
SRV - File not found [Auto] -- -- (p17)
SRV - File not found [Auto] -- -- (omniinet)
SRV - File not found [Auto] -- -- (iPassPeriodicUpdateApp)
SRV - File not found [Auto] -- -- (imonitor)
SRV - File not found [Auto] -- -- (downloadmanagerlite)
SRV - File not found [Auto] -- -- (DCamUSBGrandTek)
SRV - File not found [Auto] -- -- (aw_host)
SRV - File not found [Auto] -- -- (ARSVC)
SRV - [2011/12/18 12:48:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/23 10:54:18 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)
SRV - [2009/02/19 15:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 15:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/25 21:53:16 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/03/14 00:03:44 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe -- (STacSV)
SRV - [2008/03/14 00:03:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/02/29 04:37:16 | 001,053,944 | ---- | M] (AuthenTec, Inc.) [Auto] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\venturi2.dll -- (ZSMC303)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\w200obex.dll -- (U81xmgmt)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\xaudioservice.dll -- (SetupSys)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\mqdmmdfl.dll -- (elaunidr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva391)
DRV - File not found [Kernel | On_Demand] -- -- (XDva195)
DRV - File not found [Kernel | Boot] -- -- (xbdtm)
DRV - File not found [Kernel | System] -- -- (tdx)
DRV - File not found [Kernel | System] -- -- (rlzvlbkq)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (netbt)
DRV - File not found [Kernel | System] -- -- (kgvthoff)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | On_Demand] -- -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand] -- -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (cdrom)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (ASPI32)
DRV - File not found [File_System | Boot] -- -- (87439480)
DRV - File not found [File_System | Boot] -- -- (39788838)
DRV - File not found [Kernel | On_Demand] -- -- (.smb)
DRV - File not found [Kernel | On_Demand] -- -- (.afd)
DRV - [2011/07/21 15:35:19 | 000,500,704 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2011/06/27 18:41:51 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\Windows\System32\STEC3.sys -- (STEC3)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/11/17 06:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/07 14:57:05 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/04 13:17:40 | 000,046,464 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand] -- C:\Windows\System32\XDva189.sys -- (XDva189)
DRV - [2008/05/04 03:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/04 03:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/22 16:33:30 | 000,038,856 | ---- | M] (Teruten Co. LTD.) [Kernel | On_Demand] -- C:\Windows\System32\GDISpy.sys -- (GDISpyDevice)
DRV - [2008/04/18 21:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/14 08:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/03/14 00:03:48 | 000,374,784 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/03/13 06:45:50 | 000,548,352 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/03/11 01:53:02 | 000,149,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/03/11 01:53:00 | 000,277,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/03/11 01:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/11 01:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/11 01:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/11 01:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:24:55 | 000,075,264 | ---- | M] () [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/02 05:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916mdm.sys -- (s916mdm)
DRV - [2007/11/02 05:47:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916mgmt.sys -- (s916mgmt) Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM)
DRV - [2007/11/02 05:47:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916obex.sys -- (s916obex)
DRV - [2007/11/02 05:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2007/11/02 05:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916mdfl.sys -- (s916mdfl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
IE - HKU\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
IE - HKU\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Jonathan_ON_C\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKU\Jonathan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jonathan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://weblogin.utoronto.ca/|https://portal.utoronto.ca/webapps/portal/frameset.jsp|https://www.rosi.utoronto.ca/"
FF - prefs.js..extensions.enabledItems: ankpixiv@snca.net:1.14.4
FF - prefs.js..extensions.enabledItems: peraperakun-chinese@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.4b1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.4
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "69.120.137.143"
FF - prefs.js..network.proxy.ftp_port: 27977
FF - prefs.js..network.proxy.http: "69.120.137.143"
FF - prefs.js..network.proxy.http_port: 27977
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "69.120.137.143"
FF - prefs.js..network.proxy.socks_port: 27977
FF - prefs.js..network.proxy.ssl: "69.120.137.143"
FF - prefs.js..network.proxy.ssl_port: 27977

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\System32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Jonathan\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/28 18:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 09:31:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 08:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Jonathan\Program Files\DNA [2012/02/29 16:13:51 | 000,000,000 | ---D | M]

[2010/08/20 08:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions
[2010/08/20 08:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/25 09:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions
[2011/10/20 23:04:03 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/01/26 15:02:36 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2009/01/08 22:34:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(17)
[2012/01/09 15:31:46 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\chineseperakun@gmail.com
[2012/01/10 10:18:24 | 000,000,000 | ---D | M] (Perapera Japanese) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\peraperakun@gmail.com
[2011/05/28 19:17:18 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\rikaichan-jpen@polarcloud.com
[2008/07/28 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2C}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{F701C26A-479A-4724-B4F1-870DB12F063C}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\ANKPIXIV@SNCA.NET.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\NICOFOX@LITTLEBTC.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\PERAPERAKUN-CHINESE@GMAIL.COM.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\PERAPERAKUN-JPEN@GMAIL.COM.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\TABCOUNT@3GREENEGGS.COM.XPI
[2012/02/17 09:31:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/04 20:04:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:17:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

lunsk, Feb 29, 2012

#44
lunsk Newcomer, in training Posts: 62

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\Jonathan_ON_C\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Jonathan_ON_C..\Run: [BitTorrent DNA] C:\Users\Jonathan\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Jonathan_ON_C..\Run: [DellSupportCenter] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Shortcut.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 21:54:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/29 15:32:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/29 15:30:10 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonathan\Desktop\TDSSKiller.exe
[2012/02/29 13:14:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.svs
[2012/02/29 12:04:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/29 12:04:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/29 01:15:03 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.svs
[2012/02/28 23:43:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/28 23:43:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/28 23:43:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/28 23:36:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/28 23:34:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 23:26:34 | 004,422,703 | R--- | C] (Swearware) -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2012/02/28 22:32:20 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\RK_Quarantine
[2012/02/28 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\LA
[2012/02/28 02:02:10 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\DO THIS
[2012/02/28 00:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/28 00:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/27 23:56:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/27 23:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012/02/27 23:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012/02/26 15:43:14 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\Mobile Suit Gundam Novel
[2012/02/24 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/02/24 21:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2012/02/24 21:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2012/02/24 21:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2012/02/24 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\(C81) [ReDrop (Miyamoto Smoke, Otsumami)] Minna no Asuka Bon (Neon Genesis Evangelion) [English] =LWB=
[2012/02/18 04:23:06 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\Spice and Wolf Light Novel
[2012/02/16 17:32:40 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\Inkey
[2012/02/14 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\[DA HOOTCH (ShindoL)] Field Work Ch1-2
[2012/02/07 18:12:52 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\SRWZ
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 21:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 20:51:46 | 000,600,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/29 20:51:46 | 000,105,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/29 20:27:19 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/29 20:05:37 | 000,232,960 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 18:18:45 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 18:18:45 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 17:11:33 | 000,396,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/29 15:34:03 | 000,000,001 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe_.b
[2012/02/29 15:34:03 | 000,000,001 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe.b
[2012/02/29 15:20:31 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/29 15:18:22 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/29 14:32:02 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/29 14:21:35 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/29 14:20:34 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/29 14:06:36 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonathan\Desktop\TDSSKiller.exe
[2012/02/29 13:44:38 | 000,006,944 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2012/02/29 00:20:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/29 00:20:33 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/28 23:26:48 | 004,422,703 | R--- | M] (Swearware) -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2012/02/28 23:21:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/28 23:16:59 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/28 22:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/28 22:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/28 21:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/28 21:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/28 20:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/28 20:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/28 19:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/28 19:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/28 18:17:18 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/28 18:17:18 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/28 17:19:21 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/28 17:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/28 16:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/28 16:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/28 01:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/28 01:17:17 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/28 00:26:20 | 000,000,878 | ---- | M] () -- C:\Users\Jonathan\Desktop\SpywareBlaster.lnk
[2012/02/28 00:26:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/27 23:55:10 | 076,871,504 | ---- | M] () -- C:\Users\Jonathan\Documents\Firefox 10.0.2 (en-US) - 2012-02-27.pcv
[2012/02/27 23:52:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/02/27 23:52:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com
[2012/02/27 18:22:36 | 000,000,112 | ---- | M] () -- C:\ProgramData\fStYmXb30.dat
[2012/02/27 18:20:32 | 080,340,888 | ---- | M] () -- C:\Users\Jonathan\Desktop\Dr Web.exe
[2012/02/27 13:19:22 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/27 13:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/27 12:19:45 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/27 12:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/27 11:18:56 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/27 11:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/27 10:19:43 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/27 10:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/27 09:19:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/27 09:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/26 23:41:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASX to MP3 Converter
[2012/02/26 23:09:31 | 000,001,078 | ---- | M] () -- C:\Users\Jonathan\Desktop\ASX to MP3 Converter.lnk
[2012/02/26 23:06:13 | 000,114,688 | ---- | M] () -- C:\Windows\System32\msvos.dll
[2012/02/26 22:51:53 | 000,000,526 | ---- | M] () -- C:\Users\Jonathan\Desktop\xillia10.asx
[2012/02/26 22:51:36 | 000,000,526 | ---- | M] () -- C:\Users\Jonathan\Desktop\xillia11.asx
[2012/02/26 22:19:51 | 000,000,526 | ---- | M] () -- C:\Users\Jonathan\Desktop\xillia12.asx
[2012/02/26 17:05:34 | 000,362,348 | ---- | M] () -- C:\Users\Jonathan\Desktop\1330290697983.jpg
[2012/02/26 16:03:24 | 013,456,449 | ---- | M] () -- C:\Users\Jonathan\Desktop\Taketatsu Ayana and Hanazawa Kana Talk About Lolis.flv
[2012/02/24 21:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2012/02/24 21:17:45 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2012/02/23 12:50:23 | 000,262,938 | ---- | M] () -- C:\Users\Jonathan\Desktop\1330015465258.jpg
[2012/02/20 02:44:00 | 000,257,373 | ---- | M] () -- C:\Users\Jonathan\Desktop\rinne-07.jpg
[2012/02/18 20:38:46 | 039,022,043 | ---- | M] () -- C:\Users\Jonathan\Desktop\Phase Shift 1.zip
[2012/02/18 20:38:14 | 002,185,701 | ---- | M] () -- C:\Users\Jonathan\Desktop\blazblue_phase_shift_2.zip
[2012/02/15 10:34:02 | 149,144,660 | ---- | M] () -- C:\Users\Jonathan\Desktop\OP-Podcast-0506-MP3.mp3
[2012/02/12 22:14:20 | 000,397,103 | ---- | M] () -- C:\Users\Jonathan\Desktop\1329092028963.jpg
[2012/02/05 17:37:37 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2012/02/05 17:37:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[2012/02/01 12:11:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/29 15:34:03 | 000,083,136 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe_
[2012/02/29 15:34:03 | 000,083,136 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe_.b
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe.b
[2012/02/28 23:43:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/28 23:43:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/28 23:43:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/28 23:43:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/28 23:43:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/28 23:17:02 | 000,083,136 | ---- | C] () -- C:\Windows\System32\eE0cm.com
[2012/02/28 00:26:20 | 000,000,878 | ---- | C] () -- C:\Users\Jonathan\Desktop\SpywareBlaster.lnk
[2012/02/27 23:54:27 | 076,871,504 | ---- | C] () -- C:\Users\Jonathan\Documents\Firefox 10.0.2 (en-US) - 2012-02-27.pcv
[2012/02/27 23:52:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/02/27 18:16:47 | 080,340,888 | ---- | C] () -- C:\Users\Jonathan\Desktop\Dr Web.exe
[2012/02/26 23:06:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/02/26 23:06:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/02/26 23:06:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/02/26 23:06:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/02/26 23:06:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/02/26 23:06:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/02/26 23:06:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\fStYmXb30.dat
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/02/26 23:06:39 | 000,083,136 | ---- | C] () -- C:\Windows\System32\eE0cm.com_
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/02/26 22:56:37 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 22:51:48 | 000,000,526 | ---- | C] () -- C:\Users\Jonathan\Desktop\xillia10.asx
[2012/02/26 22:51:32 | 000,000,526 | ---- | C] () -- C:\Users\Jonathan\Desktop\xillia11.asx
[2012/02/26 17:05:32 | 000,362,348 | ---- | C] () -- C:\Users\Jonathan\Desktop\1330290697983.jpg
[2012/02/26 16:01:37 | 000,000,526 | ---- | C] () -- C:\Users\Jonathan\Desktop\xillia12.asx
[2012/02/26 15:59:07 | 013,456,449 | ---- | C] () -- C:\Users\Jonathan\Desktop\Taketatsu Ayana and Hanazawa Kana Talk About Lolis.flv
[2012/02/24 21:17:45 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2012/02/23 12:50:22 | 000,262,938 | ---- | C] () -- C:\Users\Jonathan\Desktop\1330015465258.jpg
[2012/02/20 02:43:52 | 000,257,373 | ---- | C] () -- C:\Users\Jonathan\Desktop\rinne-07.jpg
[2012/02/18 20:38:05 | 002,185,701 | ---- | C] () -- C:\Users\Jonathan\Desktop\blazblue_phase_shift_2.zip
[2012/02/18 20:38:00 | 039,022,043 | ---- | C] () -- C:\Users\Jonathan\Desktop\Phase Shift 1.zip
[2012/02/15 10:27:21 | 149,144,660 | ---- | C] () -- C:\Users\Jonathan\Desktop\OP-Podcast-0506-MP3.mp3
[2012/02/12 22:14:20 | 000,397,103 | ---- | C] () -- C:\Users\Jonathan\Desktop\1329092028963.jpg
[2012/01/19 22:07:25 | 000,051,186 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\room_v3.dat
[2011/08/25 20:49:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/08/25 20:49:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/25 20:49:51 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/25 20:49:51 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/25 20:49:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/21 00:56:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\imsfchk.dll
[2011/07/21 00:56:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\imslevel.dll
[2011/06/18 10:22:19 | 000,230,529 | ---- | C] () -- C:\Windows\System32\libpng14-14.dll
[2011/06/18 10:22:19 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011/06/18 10:22:19 | 000,098,590 | ---- | C] () -- C:\Windows\System32\libwimp.dll
[2011/06/18 10:22:19 | 000,062,130 | ---- | C] () -- C:\Windows\System32\libpixmap.dll
[2011/06/18 10:22:18 | 000,103,029 | ---- | C] () -- C:\Windows\System32\libpangocairo-1.0-0.dll
[2011/06/18 10:22:18 | 000,060,537 | ---- | C] () -- C:\Windows\System32\libgailutil-18.dll
[2011/06/18 10:22:17 | 001,136,422 | ---- | C] () -- C:\Windows\System32\libcairo-2.dll
[2011/06/18 10:22:17 | 000,551,096 | ---- | C] () -- C:\Windows\System32\freetype6.dll
[2011/06/18 10:22:17 | 000,466,257 | ---- | C] () -- C:\Windows\System32\libgail.dll
[2011/06/18 10:22:17 | 000,279,059 | ---- | C] () -- C:\Windows\System32\libfontconfig-1.dll
[2011/06/18 10:22:17 | 000,143,096 | ---- | C] () -- C:\Windows\System32\libexpat-1.dll
[2011/03/22 20:36:53 | 000,041,890 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\room.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/15 14:59:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\imsaiff.dll
[2010/06/15 14:59:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2010/05/08 21:26:27 | 000,165,425 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2009/11/03 09:38:35 | 000,388,112 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/10/27 23:01:35 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/03 17:47:10 | 000,006,328 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\PrimoPDFSet.xml
[2009/08/03 17:45:12 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/07/09 09:32:07 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/17 10:17:36 | 000,004,508 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/05/12 14:23:05 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2009/03/06 23:29:32 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009/03/06 22:45:47 | 000,165,697 | ---- | C] () -- C:\Windows\hpoins28.dat
[2008/10/26 19:01:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/08 09:07:37 | 000,008,248 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\en.ini
[2008/08/02 13:11:21 | 000,023,888 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\UserTile.png
[2008/08/01 23:07:07 | 000,077,940 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/07/29 23:15:09 | 000,006,944 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2008/07/28 21:58:01 | 000,232,960 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/28 13:50:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/07/28 13:50:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/16 23:55:43 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/07/16 23:55:43 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/07/16 23:55:43 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/07/16 23:55:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/07/16 21:22:33 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/07/16 21:16:21 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/07/16 21:16:20 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/07/16 16:00:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/05/11 22:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/04/29 13:42:24 | 000,503,808 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/01/20 21:24:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,396,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,600,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,658 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/30 11:29:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\msvos.dll

lunsk, Feb 29, 2012

#45

lunsk Newcomer, in training Posts: 62

========== LOP Check ==========

[2008/12/05 22:56:59 | 000,000,000 | -HSD | M] -- C:\Users\Jonathan\AppData\Roaming\.#
[2011/10/08 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Audacity
[2008/07/28 13:42:32 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DigitalPersona
[2012/02/29 15:55:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DNA
[2010/12/08 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Downloaded Installations
[2011/05/26 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Dropbox
[2011/07/22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GetRightToGo
[2010/06/26 10:18:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\IObit
[2010/08/25 14:51:51 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\JAM Software
[2011/07/22 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Music Recognition
[2010/04/07 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\NCH Swift Sound
[2009/10/13 13:33:22 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\NeopleLauncherDFO
[2011/12/08 12:17:02 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Nitro PDF
[2011/12/08 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\OpenCandy
[2010/12/09 23:12:02 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\PCDr
[2008/08/02 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\PeerNetworking
[2011/07/11 17:01:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Pokemon Lab
[2011/07/09 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Pokemon Online
[2011/12/08 12:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\PrimoPDF
[2009/10/16 18:34:06 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\RenPy
[2009/05/12 11:22:01 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\River Past G5
[2010/12/17 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Sony
[2008/09/07 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\SonyEricsson
[2010/10/04 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Synthesia
[2010/08/09 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\SYSTEMAX Software Development
[2010/08/20 08:11:08 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Thunderbird
[2010/05/04 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Uniblue
[2012/02/28 19:59:59 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\uTorrent
[2009/12/30 12:01:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\VBA-M
[2008/07/29 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Windows Live Writer
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/08/09 22:26:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2008/10/29 15:55:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/04/07 10:29:38 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2009/10/27 15:18:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/09/11 16:35:36 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2011/12/08 12:16:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2011/05/24 15:14:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2011/05/02 22:20:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2009/05/12 13:52:39 | 000,000,000 | ---D | M] -- C:\ProgramData\River Past G5
[2008/09/06 19:01:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/08/09 19:37:25 | 000,000,000 | ---D | M] -- C:\ProgramData\SYSTEMAX Software Development
[2008/10/09 11:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/16 21:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2008/09/23 13:41:44 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/01/30 18:58:57 | 000,000,000 | ---D | M] -- C:\ProgramData\youku
[2012/02/24 21:17:52 | 000,000,000 | ---D | M] -- C:\ProgramData\YouTube Downloader
[2011/01/30 23:23:07 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 16:59:18 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/02/29 00:20:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/02/27 09:19:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/02/29 00:20:33 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/02/27 09:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/02/27 10:19:43 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/02/27 10:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/02/27 11:18:56 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/02/27 11:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/02/27 12:19:45 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/02/27 12:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/02/27 13:19:22 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/02/27 13:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/02/29 14:20:34 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/02/28 01:17:17 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/02/29 14:21:35 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/02/29 15:20:31 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/02/29 15:18:22 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/02/28 16:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/02/28 16:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/02/28 17:19:21 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/02/28 17:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/02/28 18:17:18 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/02/28 18:17:18 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/02/28 19:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/02/28 01:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/02/28 19:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/02/28 20:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/02/28 20:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/02/28 21:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/02/28 21:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/02/28 22:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/02/28 22:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/02/28 23:16:59 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/02/28 23:21:29 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/02/29 16:57:54 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AFD.SYS >
[2008/01/20 21:24:17 | 000,273,920 | ---- | M] () MD5=B758C5505715AD33D6DFB4332C7F07D5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Files - Unicode (All) ==========
[2010/06/22 23:17:59 | 000,769,473 | ---- | C] ()(C:\Users\Jonathan\Desktop\11338478- SAE^2 - ??????????.png) -- C:\Users\Jonathan\Desktop\11338478- SAE^2 - はやぶさの名を冠する.png
[2010/06/21 10:39:53 | 000,769,473 | ---- | M] ()(C:\Users\Jonathan\Desktop\11338478- SAE^2 - ??????????.png) -- C:\Users\Jonathan\Desktop\11338478- SAE^2 - はやぶさの名を冠する.png
[2009/10/06 23:06:03 | 005,765,164 | ---- | M] ()(C:\Users\Jonathan\Desktop\Life Goes On - ???.mp3) -- C:\Users\Jonathan\Desktop\Life Goes On - 中文版.mp3
[2009/10/06 23:05:37 | 005,765,164 | ---- | C] ()(C:\Users\Jonathan\Desktop\Life Goes On - ???.mp3) -- C:\Users\Jonathan\Desktop\Life Goes On - 中文版.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731
< End of report >

lunsk, Feb 29, 2012

#46

Broni Malware Annihilator Posts: 39,288 +175

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
DRV - File not found [Kernel | Boot] -- -- (xbdtm)
DRV - File not found [Kernel | System] -- -- (rlzvlbkq)
DRV - File not found [Kernel | System] -- -- (kgvthoff)
DRV - File not found [File_System | Boot] -- -- (87439480)
DRV - File not found [File_System | Boot] -- -- (39788838)
DRV - File not found [Kernel | On_Demand] -- -- (.smb)
DRV - File not found [Kernel | On_Demand] -- -- (.afd)
IE - HKU\Jonathan_ON_C\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\Jonathan_ON_C\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
[2012/02/24 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/02/29 14:32:02 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com
[2012/02/27 18:22:36 | 000,000,112 | ---- | M] () -- C:\ProgramData\fStYmXb30.dat
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe_.b
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe.b
[2008/12/05 22:56:59 | 000,000,000 | -HSD | M] -- C:\Users\Jonathan\AppData\Roaming\.#
[2010/05/04 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Uniblue
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731

:Services

:Reg

:Files
C:\Windows\system32\drivers\afd.sys|C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys /replace
C:\Windows\Tasks\At*.job

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Remove the CD and shut down computer manually.
Attempt to reboot normally into Windows.

Broni, Mar 1, 2012

#47

lunsk Newcomer, in training Posts: 62

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xbdtm deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rlzvlbkq deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kgvthoff deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\87439480 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\39788838 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.afd deleted successfully.
Registry value HKEY_USERS\Jonathan_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_USERS\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\ProgramData\ojMY0N0T.exe_ moved successfully.
C:\ProgramData\ojMY0N0T.exe moved successfully.
C:\Windows\System32\eE0cm.com_ moved successfully.
C:\Windows\System32\eE0cm.com moved successfully.
C:\ProgramData\fStYmXb30.dat moved successfully.
C:\ProgramData\ojMY0N0T.exe_.b moved successfully.
C:\ProgramData\ojMY0N0T.exe.b moved successfully.
C:\Users\Jonathan\AppData\Roaming\.# folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\ProgramData\TEMP:88050731 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\system32\drivers\afd.sys successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 03012012_000625

lunsk, Mar 1, 2012

#48
lunsk Newcomer, in training Posts: 62

Trying to see if windows works normally now, had to post the log fast because someone was sleeping in that room

lunsk, Mar 1, 2012

#49
lunsk Newcomer, in training Posts: 62

Still getting a blue screen

lunsk, Mar 1, 2012

#50
Broni Malware Annihilator Posts: 39,288 +175

Same in safe mode?

What does BSOD say?

Broni, Mar 1, 2012

#51
lunsk Newcomer, in training Posts: 62

I can get into safe mode

BSOD says: a problems been detected...
IQRL_NOT_LESS_OR_EQUAL
.
.
Technical information:
***STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x8225A0EC)

lunsk, Mar 1, 2012

#52
Broni Malware Annihilator Posts: 39,288 +175

Does it mention any file?

See if you can run Combofix from safe mode now.

Broni, Mar 1, 2012

#53
lunsk Newcomer, in training Posts: 62

Doesn't mention any files, combofix still mentions security essentials and doesn't run

lunsk, Mar 1, 2012

#54
Broni Malware Annihilator Posts: 39,288 +175

I need more details.
Are you trying to run it from safe mode?
What exactly do you mean by "doesn't run"?
I assume you're getting some warning about MSE and then what?
What options does it give you?

Broni, Mar 1, 2012

#55
lunsk Newcomer, in training Posts: 62

Running from safe mode, asks me if I want to run despite essentials being on, I press OK and then nothing happens

lunsk, Mar 1, 2012

#56
lunsk Newcomer, in training Posts: 62

Doesn't really give an option just "do you want to run it despite the risks?" and ok

lunsk, Mar 1, 2012

#57
Broni Malware Annihilator Posts: 39,288 +175
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Under the Custom Scan box paste this in:

/md5start
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
afd.sys
/md5stop

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Mar 1, 2012

#58
lunsk Newcomer, in training Posts: 62

This is the same disc as yesterday correct?

lunsk, Mar 1, 2012

#59
Broni Malware Annihilator Posts: 39,288 +175

Yes.........

Broni, Mar 1, 2012

#60

Page 3 of 6

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.