Solved Partially removed System Check Virus Win 7, no Internet or safe mode

Alright, booted up, and I'm still foggy on the whole internet thing, my house has Wi-Fi on a DSL that we call 'NETGEAR' and I honestly have no clue how to connect to it with the wi-fi settings on here...

When I click on the OTPLE icon the first thing it does is tell me to Browse for Folder, and gives me my computer with RAMDisk (B: ), Local Disk (C: ), Lenovo (D: ) (that's my laptop's manufacturer, I believe), Removable Disk (E: ) (my flash drive, I suppose?), Local Disk (F: ), ReatogoPE (X: ) and Shared Documents.

Uuuuh, I have no clue what to do.

I feel really dumb, but I don't want to do anything wrong.
 
it does is tell me to Browse for Folder
That's not a good sign as it may mean Windows installation being corrupted.

Try to navigate to where Windows is actually installed.
Normally it'd be C:\Windows
 
I'll try and reproduce the layout for selecting the folders, because I can't make sense of it.

My Computer

RAMDisk (B: )
---- bin
---- Documents and Settings
-------- All Users
------------ More stuff
-------- Default User
------------ More Stuff
---- Logs
---- Programs
-------- Firefox Portable

Local Disk (C: )
---- Boot
-------- A whole bunch of folders with names like 'cs-CZ' or 'fi-FI' or 'el-GR', and one 'Fonts' folder
---- System Volume Information

Lenovo (D: )
---- $RECYCLE.BIN
---- drivers
---- System Volume Information
------- More Stuff

Removable Disk (E: )
---- A bunch of folders on my flash drive, including the folder I've been using to transport files and logs between my MacBook and my Laptop.

Local Disk (F: )
---- $Recycle.Bin
---- ArcSoft
------- Global Deploy
---- ComboFix
------- A configuration of folders and drop-downs that looks a lot like the main configuration but with more stuff
---- Conexant
------- SmartAudio
---- Config.Msi
---- Documents and Settings
---- MSOCache
------- All Users
----------- A lot of folders with names that are a long stream of numbers with 0's and dashes in between
---- PerfLogs
------- Admin
---- Program Files
------- Pretty much all my installed programs for my computer
---- ProgramData
------- More stuff involving my programs
---- Python27
------- DLLs
------- Doc
------- include
------- Lib
----------- more stuff
---- Qoobox
------- more stuff
---- Recovery
---- System Volume Information
------- Chkdsk
------- SPP
------- Windows Backup
----------- Catalogs
---- Users
------- More stuff (my users, I suppose)
---- videooutput
---- VirtualEditCapture
---- VirtualEditProjects
------- Stuff
---- Windows ( <-- DO I CLICK ON THIS?)
---- WTablet

ReatogoPE (X: )
---- I386
------- Stuff
---- PROGRAMS
------- Stuff
---- SFX
Shared Documents
---- Stuff
 
Alright, now it tells me to Select User Profile instead of just 'would you like to load...'

There's LocalService, NetworkService, Rebecca (thats me), and systemprofile.

??
 
OTL logfile created on: 1/6/2012 3:33:15 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\windows | %ProgramFiles% = F:\Program Files
Drive C: | 200.00 Mb Total Space | 171.86 Mb Free Space | 85.93% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Drive E: | 3.61 Gb Total Space | 3.21 Gb Free Space | 89.06% Space Free | Partition Type: FAT32
Drive F: | 187.67 Gb Total Space | 18.63 Gb Free Space | 9.93% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2011/09/19 05:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto] -- F:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/10 13:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/23 11:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- F:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 13:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- F:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2010/05/20 17:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/09 20:57:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/14 11:01:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 19:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 18:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 09:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 14:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/22 13:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 09:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto] -- F:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto] -- F:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/18 14:59:48 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto] -- F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/06/04 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/08/15 08:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/11 12:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/07 13:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto] -- F:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- -- (yduowol)
DRV - File not found [Kernel | On_Demand] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] -- -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/01/05 04:03:45 | 000,044,928 | ---- | M] () [Kernel | Boot] -- F:\windows\System32\Drivers\f1fd89874c5dc9ed.sys -- (f1fd89874c5dc9ed)
DRV - [2010/05/20 17:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/12/09 20:44:31 | 000,054,800 | ---- | M] () [Kernel | System] -- F:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/11/04 19:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 19:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 19:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 19:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/14 13:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/28 16:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 16:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 07:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/19 11:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/06/14 21:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 08:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/09 09:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- F:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/06 07:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 13:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 19:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/10 17:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_F\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]

IE - HKU\NetworkService_ON_F\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]

IE - HKU\Rebecca_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startp...b63d&browser=IE&os=win&os_version=6.1-x86-SP0
IE - HKU\Rebecca_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Rebecca_ON_F\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\Rebecca_ON_F\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Rebecca_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rebecca_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: F:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: F:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 19:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 19:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/19 16:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 18:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 18:19:23 | 000,000,000 | ---D | M]

[2011/09/01 19:22:38 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/01/13 10:30:23 | 000,000,000 | ---D | M] (Skype extension) -- F:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 15:37:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/27 23:13:58 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 06:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/04 09:51:36 | 000,000,884 | RH-- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - F:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Rebecca_ON_F\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\Rebecca_ON_F\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] F:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] F:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] F:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Energy Management] F:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] F:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [FtJthnNSvuydIr.exe] File not found
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] F:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LifeCam] F:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SmartAudio] F:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GShortCut] F:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBToolTip] F:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VeriFaceManager] File not found
O4 - HKLM..\Run: [VX3000] F:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [7968a239e6bfab4.exe] File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] File not found
O4 - HKU\.DEFAULT..\Run: [winupd] F:\windows\TEMP:winupd.exe File not found
O4 - HKU\Rebecca_ON_F..\Run: [AdobeBridge] File not found
O4 - HKU\Rebecca_ON_F..\Run: [Pando Media Booster] F:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Rebecca_ON_F..\Run: [VeohPlugin] F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] F:\windows\System32\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - F:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klartew: DllName - C:\windows\system32\config\systemprofile\AppData\Local\klartew.dll - F:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 13:48:38 | 127,231,689 | ---- | C] (Igor Pavlov) -- F:\Users\Rebecca\Desktop\OTLPENet.exe
[2012/01/06 12:52:58 | 000,000,000 | --SD | C] -- F:\ComboFix
[2012/01/06 00:18:57 | 000,518,144 | ---- | C] (SteelWerX) -- F:\windows\SWREG.exe
[2012/01/06 00:18:57 | 000,406,528 | ---- | C] (SteelWerX) -- F:\windows\SWSC.exe
[2012/01/06 00:18:57 | 000,060,416 | ---- | C] (NirSoft) -- F:\windows\NIRCMD.exe
[2012/01/06 00:18:53 | 000,000,000 | ---D | C] -- F:\windows\ERDNT
[2012/01/06 00:17:08 | 000,000,000 | ---D | C] -- F:\Qoobox
[2012/01/06 00:08:43 | 004,372,321 | R--- | C] (Swearware) -- F:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/05 23:52:46 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\Desktop\bootkit_remover
[2012/01/05 22:38:00 | 004,704,768 | ---- | C] (AVAST Software) -- F:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/05 17:40:30 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- F:\Users\Rebecca\Desktop\iexplorer.exe
[2012/01/05 15:01:48 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\This thing rocks
[2012/01/05 13:56:13 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/30 10:25:59 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\AppData\Local\HP
[2011/12/25 12:49:26 | 000,000,000 | ---D | C] -- F:\windows\Sun
[2011/12/17 18:11:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/12/17 18:11:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/12/17 18:07:48 | 000,000,000 | ---D | C] -- F:\Users\Rebecca\AppData\Local\WMTools Downloaded Files
[2011/12/17 17:36:15 | 000,000,000 | ---D | C] -- F:\Program Files\Movie Maker 2.6
[2011/12/14 00:56:56 | 000,606,208 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\mstime.dll
[2011/12/14 00:56:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\msfeeds.dll
[2011/12/14 00:56:56 | 000,381,440 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\iedkcs32.dll
[2011/12/14 00:56:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\ieui.dll
[2011/12/14 00:56:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\mshtml.tlb
[2011/12/14 00:56:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\html.iec
[2011/12/14 00:56:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\iepeers.dll
[2011/12/14 00:56:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\url.dll
[2011/12/14 00:56:55 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\msfeedsbs.dll
[2011/12/14 00:56:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\jsproxy.dll
[2011/12/14 00:56:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\licmgr10.dll
[2011/12/14 00:56:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\msfeedssync.exe
[2011/12/14 00:56:45 | 002,340,352 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\win32k.sys
[2011/12/14 00:56:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\tzres.dll
[2011/12/14 00:56:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\EncDec.dll
[2011/12/14 00:56:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\csrsrv.dll
[2011/12/14 00:56:36 | 003,901,808 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\ntoskrnl.exe
[2011/12/14 00:56:35 | 003,957,104 | ---- | C] (Microsoft Corporation) -- F:\windows\System32\ntkrnlpa.exe
[2010/12/17 23:25:15 | 001,719,336 | ---- | C] (Yugma,Inc. ) -- F:\ProgramData\YugmaSE-Uninstaller.exe
[2 F:\windows\System32\*.tmp files -> F:\windows\System32\*.tmp -> ]
[1 F:\windows\*.tmp files -> F:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 13:58:37 | 000,067,584 | --S- | M] () -- F:\windows\bootstat.dat
[2012/01/06 13:43:58 | 127,231,689 | ---- | M] (Igor Pavlov) -- F:\Users\Rebecca\Desktop\OTLPENet.exe
[2012/01/06 13:26:22 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At21.job
[2012/01/06 13:26:21 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At22.job
[2012/01/06 13:24:48 | 000,004,096 | -H-- | M] () -- F:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/06 13:02:23 | 000,000,916 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313591606-2777530284-2021149797-1004UA.job
[2012/01/06 12:40:35 | 000,009,920 | -H-- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 12:40:35 | 000,009,920 | -H-- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At8.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At6.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At10.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At9.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At7.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At5.job
[2012/01/06 12:33:15 | 2362,912,768 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/06 12:30:31 | 000,011,608 | -HS- | M] () -- F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y
[2012/01/06 04:49:55 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At2.job
[2012/01/06 04:49:48 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At1.job
[2012/01/06 04:49:23 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At4.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At47.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At3.job
[2012/01/06 04:49:20 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At48.job
[2012/01/06 02:02:04 | 000,000,864 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313591606-2777530284-2021149797-1004Core.job
[2012/01/06 01:27:10 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At46.job
[2012/01/06 01:26:33 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At45.job
[2012/01/06 00:26:52 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At43.job
[2012/01/06 00:26:38 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At44.job
[2012/01/06 00:07:34 | 004,372,321 | R--- | M] (Swearware) -- F:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/05 23:50:54 | 000,044,607 | ---- | M] () -- F:\Users\Rebecca\Desktop\bootkit_remover.zip
[2012/01/05 23:26:35 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At42.job
[2012/01/05 23:26:21 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At41.job
[2012/01/05 22:28:06 | 004,704,768 | ---- | M] (AVAST Software) -- F:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/05 22:26:22 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At39.job
[2012/01/05 22:26:21 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At40.job
[2012/01/05 21:26:28 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At37.job
[2012/01/05 21:26:24 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At38.job
[2012/01/05 21:19:39 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At36.job
[2012/01/05 21:19:36 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At35.job
[2012/01/05 19:26:34 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At34.job
[2012/01/05 19:26:22 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At33.job
[2012/01/05 18:26:30 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At31.job
[2012/01/05 18:26:23 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At32.job
[2012/01/05 17:37:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- F:\Users\Rebecca\Desktop\iexplorer.exe
 
(CONT...)

[2012/01/05 17:26:26 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At30.job
[2012/01/05 17:26:24 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At29.job
[2012/01/05 16:26:00 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At28.job
[2012/01/05 16:26:00 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At27.job
[2012/01/05 16:25:16 | 000,702,830 | ---- | M] () -- F:\windows\System32\perfh009.dat
[2012/01/05 16:25:16 | 000,136,738 | ---- | M] () -- F:\windows\System32\perfc009.dat
[2012/01/05 15:26:32 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At25.job
[2012/01/05 15:26:31 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At26.job
[2012/01/05 15:26:29 | 000,001,095 | ---- | M] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/05 15:26:29 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\This thing rocks
[2012/01/05 14:52:02 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/05 14:30:14 | 000,000,464 | ---- | M] () -- F:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 13:56:13 | 000,000,677 | ---- | M] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 12:58:48 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2012/01/05 12:58:48 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/05 12:58:48 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Doctor for Windows
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nancy Drew
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/05 12:58:48 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/01/05 12:58:47 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/05 12:58:47 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Notes
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Central
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diskeeper Corporation
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/01/05 12:58:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS4
[2012/01/05 12:58:46 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/05 12:58:46 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/05 12:58:46 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/01/05 12:58:46 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2012/01/05 12:52:51 | 108,634,424 | ---- | M] () -- F:\windows\MEMORY.DMP
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At16.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At14.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At12.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At15.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At13.job
[2012/01/05 10:36:17 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At11.job
[2012/01/05 04:03:45 | 000,044,928 | ---- | M] () -- F:\windows\System32\drivers\f1fd89874c5dc9ed.sys
[2012/01/04 14:26:31 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At23.job
[2012/01/04 14:26:22 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At24.job
[2012/01/04 12:26:23 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At20.job
[2012/01/04 12:26:00 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At19.job
[2012/01/04 12:12:10 | 000,000,350 | ---- | M] () -- F:\windows\tasks\At18.job
[2012/01/04 12:11:31 | 000,000,348 | ---- | M] () -- F:\windows\tasks\At17.job
[2012/01/04 09:51:36 | 000,000,884 | RH-- | M] () -- F:\windows\System32\drivers\etc\hosts
[2012/01/01 04:01:03 | 000,000,320 | ---- | M] () -- F:\windows\tasks\McQcTask.job
[2011/12/27 03:21:16 | 000,009,556 | -HS- | M] () -- F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/12/18 20:04:28 | 000,002,413 | ---- | M] () -- F:\Users\Rebecca\Desktop\Google Chrome.lnk
[2011/12/17 18:08:03 | 000,006,656 | ---- | M] () -- F:\Users\Rebecca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 09:39:14 | 000,000,342 | ---- | M] () -- F:\windows\tasks\McDefragTask.job
[2011/12/14 06:21:00 | 002,435,064 | ---- | M] () -- F:\windows\System32\FNTCACHE.DAT
[2011/12/10 18:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- F:\windows\System32\drivers\mbam.sys
[2 F:\windows\System32\*.tmp files -> F:\windows\System32\*.tmp -> ]
[1 F:\windows\*.tmp files -> F:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 13:25:20 | 000,004,096 | -H-- | C] () -- F:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/06 00:18:57 | 000,256,000 | ---- | C] () -- F:\windows\PEV.exe
[2012/01/06 00:18:57 | 000,208,896 | ---- | C] () -- F:\windows\MBR.exe
[2012/01/06 00:18:57 | 000,098,816 | ---- | C] () -- F:\windows\sed.exe
[2012/01/06 00:18:57 | 000,080,412 | ---- | C] () -- F:\windows\grep.exe
[2012/01/06 00:18:57 | 000,068,096 | ---- | C] () -- F:\windows\zip.exe
[2012/01/05 23:52:39 | 000,044,607 | ---- | C] () -- F:\Users\Rebecca\Desktop\bootkit_remover.zip
[2012/01/05 15:26:29 | 000,001,095 | ---- | C] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/05 13:56:13 | 000,000,677 | ---- | C] () -- F:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 13:56:12 | 000,000,464 | ---- | C] () -- F:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 12:52:51 | 108,634,424 | ---- | C] () -- F:\windows\MEMORY.DMP
[2012/01/05 04:26:23 | 000,111,616 | ---- | C] () -- F:\windows\System32\h6v76t3.com
[2012/01/05 04:03:45 | 000,044,928 | ---- | C] () -- F:\windows\System32\drivers\f1fd89874c5dc9ed.sys
[2012/01/05 04:02:26 | 000,011,608 | -HS- | C] () -- F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y
[2011/12/25 14:00:37 | 000,009,556 | -HS- | C] () -- F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/11/25 20:27:04 | 000,000,000 | ---- | C] () -- F:\windows\System32\h6v76t3.com.b
[2011/11/25 20:24:13 | 000,000,112 | ---- | C] () -- F:\ProgramData\YSoO7f1pp.dat
[2011/11/25 20:24:07 | 000,111,616 | ---- | C] () -- F:\windows\System32\h6v76t3.com_
[2011/09/11 23:15:23 | 000,000,000 | ---- | C] () -- F:\windows\Shadow.INI
[2011/08/27 03:47:10 | 000,153,600 | ---- | C] () -- F:\windows\System32\IS_ContextMenu.dll
[2011/08/16 03:01:07 | 000,758,018 | ---- | C] () -- F:\windows\System32\xvidcore.dll
[2011/08/16 03:01:07 | 000,180,224 | ---- | C] () -- F:\windows\System32\xvidvfw.dll
[2011/08/16 02:45:12 | 000,006,656 | ---- | C] () -- F:\Users\Rebecca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\1c20t7270a6n4k50rdqh04
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\ProgramData\1c20t7270a6n4k50rdqh04
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2010/11/17 18:13:22 | 000,470,160 | ---- | C] () -- F:\windows\hphins26.dat.temp
[2010/11/17 18:13:22 | 000,000,349 | ---- | C] () -- F:\windows\hphmdl26.dat.temp
[2010/04/20 20:11:09 | 000,073,220 | ---- | C] () -- F:\windows\System32\EPPICPrinterDB.dat
[2010/04/20 20:11:09 | 000,031,053 | ---- | C] () -- F:\windows\System32\EPPICPattern131.dat
[2010/04/20 20:11:09 | 000,029,114 | ---- | C] () -- F:\windows\System32\EPPICPattern1.dat
[2010/04/20 20:11:09 | 000,027,417 | ---- | C] () -- F:\windows\System32\EPPICPattern121.dat
[2010/04/20 20:11:09 | 000,021,021 | ---- | C] () -- F:\windows\System32\EPPICPattern3.dat
[2010/04/20 20:11:09 | 000,015,670 | ---- | C] () -- F:\windows\System32\EPPICPattern5.dat
[2010/04/20 20:11:09 | 000,013,280 | ---- | C] () -- F:\windows\System32\EPPICPattern2.dat
[2010/04/20 20:11:09 | 000,010,673 | ---- | C] () -- F:\windows\System32\EPPICPattern4.dat
[2010/04/20 20:11:09 | 000,004,943 | ---- | C] () -- F:\windows\System32\EPPICPattern6.dat
[2010/04/20 20:11:09 | 000,001,140 | ---- | C] () -- F:\windows\System32\EPPICPresetData_PT.dat
[2010/04/20 20:11:09 | 000,001,140 | ---- | C] () -- F:\windows\System32\EPPICPresetData_BP.dat
[2010/04/20 20:11:09 | 000,001,137 | ---- | C] () -- F:\windows\System32\EPPICPresetData_ES.dat
[2010/04/20 20:11:09 | 000,001,130 | ---- | C] () -- F:\windows\System32\EPPICPresetData_FR.dat
[2010/04/20 20:11:09 | 000,001,130 | ---- | C] () -- F:\windows\System32\EPPICPresetData_CF.dat
[2010/04/20 20:11:09 | 000,001,104 | ---- | C] () -- F:\windows\System32\EPPICPresetData_EN.dat
[2010/04/20 20:11:09 | 000,000,097 | ---- | C] () -- F:\windows\System32\PICSDK.ini
[2010/04/20 20:07:44 | 000,065,793 | ---- | C] () -- F:\windows\System32\esfw8b.bin
[2010/04/20 20:06:55 | 000,000,044 | ---- | C] () -- F:\windows\PERFV30V300.ini
[2010/03/02 18:37:37 | 000,159,608 | ---- | C] () -- F:\windows\hphins26.dat
[2010/03/02 18:37:37 | 000,000,349 | ---- | C] () -- F:\windows\hphmdl26.dat
[2010/02/09 08:29:26 | 000,000,056 | ---- | C] () -- F:\ProgramData\ezsidmv.dat
[2009/12/09 20:45:13 | 002,110,728 | ---- | C] () -- F:\windows\System32\Apblend.dll
[2009/12/09 20:45:13 | 001,410,312 | ---- | C] () -- F:\windows\System32\IcnOvrly.dll
[2009/12/09 20:45:13 | 001,171,456 | ---- | C] () -- F:\windows\System32\PicNotify.dll
[2009/12/09 20:45:13 | 000,660,744 | ---- | C] () -- F:\windows\System32\EncIcons.dll
[2009/12/09 20:45:13 | 000,513,288 | ---- | C] () -- F:\windows\System32\SimpleExt.dll
[2009/12/09 20:45:03 | 001,044,480 | ---- | C] () -- F:\windows\System32\3DImageRenderer.dll
[2009/12/09 20:44:31 | 000,057,344 | ---- | C] () -- F:\windows\AsfHelper.dll
[2009/12/09 20:44:31 | 000,054,800 | ---- | C] () -- F:\windows\System32\drivers\funfrm.sys
[2009/12/09 20:44:19 | 000,163,840 | ---- | C] () -- F:\windows\System32\SM37XCoInst.dll
[2009/12/09 20:43:01 | 000,140,288 | ---- | C] () -- F:\windows\System32\igfxtvcx.dll
[2009/12/09 20:38:57 | 000,016,648 | R--- | C] () -- F:\windows\System32\LogAPI.dll
[2009/12/09 20:37:06 | 000,982,220 | ---- | C] () -- F:\windows\System32\igkrng500.bin
[2009/12/09 20:37:06 | 000,134,592 | ---- | C] () -- F:\windows\System32\igfcg500.bin
[2009/12/09 20:37:06 | 000,092,216 | ---- | C] () -- F:\windows\System32\igfcg500m.bin
[2009/12/09 20:37:05 | 000,439,300 | ---- | C] () -- F:\windows\System32\igcompkrng500.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- F:\windows\bootstat.dat
[2009/07/13 23:33:53 | 002,435,064 | ---- | C] () -- F:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,702,830 | ---- | C] () -- F:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- F:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,136,738 | ---- | C] () -- F:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- F:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- F:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- F:\windows\System32\dssec.dat
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- F:\windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- F:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- F:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\windows\System32\BWContextHandler.dll
[2009/07/13 18:24:44 | 002,614,784 | ---- | C] () -- F:\windows\expl.dat
[2009/07/13 18:24:44 | 000,285,696 | ---- | C] () -- F:\windows\System32\winl.dat
[2009/07/13 18:24:44 | 000,020,992 | ---- | C] () -- F:\windows\System32\svch.dat
[2009/06/26 19:21:02 | 000,015,498 | ---- | C] () -- F:\windows\VX3000.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\windows\System32\mlang.dat
[2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- F:\windows\System32\mase32.dll
[2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- F:\windows\System32\ma32.dll

========== LOP Check ==========

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2009/11/17 06:06:13 | 000,000,000 | -H-D | M] -- F:\ProgramData\DDNI
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2010/02/09 07:30:00 | 000,000,000 | ---D | M] -- F:\ProgramData\Diskeeper Corporation
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/12/09 20:44:31 | 000,000,000 | ---D | M] -- F:\ProgramData\EasyCapture
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/05/21 10:26:35 | 000,000,000 | ---D | M] -- F:\ProgramData\Giraffic
[2009/12/09 20:52:15 | 000,000,000 | ---D | M] -- F:\ProgramData\GuardID Systems
[2009/12/09 20:52:34 | 000,000,000 | ---D | M] -- F:\ProgramData\IsolatedStorage
[2010/11/28 23:15:27 | 000,000,000 | ---D | M] -- F:\ProgramData\NCH Swift Sound
[2009/12/09 20:36:40 | 000,000,000 | ---D | M] -- F:\ProgramData\PC-Doctor for Windows
[2009/12/09 20:36:40 | 000,000,000 | ---D | M] -- F:\ProgramData\PCDr
[2011/08/16 02:35:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle
[2011/08/16 02:31:37 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle Studio Plus
[2011/08/16 02:35:57 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle Studio Ultimate
[2011/08/26 16:55:50 | 000,000,000 | ---D | M] -- F:\ProgramData\Pinnacle VideoSpin
[2011/08/26 16:22:41 | 000,000,000 | ---D | M] -- F:\ProgramData\PMB Files
[2011/02/12 13:35:15 | 000,000,000 | ---D | M] -- F:\ProgramData\regid.1986-12.com.adobe
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2011/08/16 02:31:37 | 000,000,000 | ---D | M] -- F:\ProgramData\Studio 14
[2011/08/16 02:24:57 | 000,000,000 | ---D | M] -- F:\ProgramData\Studio14Trial
[2010/02/14 11:46:13 | 000,000,000 | ---D | M] -- F:\ProgramData\SYSTEMAX Software Development
[2011/08/16 00:30:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Tarma Installer
[2009/11/17 05:51:08 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2009/11/17 05:50:03 | 000,000,000 | ---D | M] -- F:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/10/11 19:19:51 | 000,000,000 | ---D | M] -- F:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/06 04:49:48 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At1.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At10.job
[2012/01/05 10:36:17 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At11.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At12.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At13.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At14.job
[2012/01/05 10:36:18 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At15.job
[2012/01/05 10:36:18 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At16.job
[2012/01/04 12:11:31 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At17.job
[2012/01/04 12:12:10 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At18.job
[2012/01/04 12:26:00 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At19.job
[2012/01/06 04:49:55 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At2.job
[2012/01/04 12:26:23 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At20.job
[2012/01/06 13:26:22 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At21.job
[2012/01/06 13:26:21 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At22.job
[2012/01/04 14:26:31 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At23.job
[2012/01/04 14:26:22 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At24.job
[2012/01/05 15:26:32 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At25.job
[2012/01/05 15:26:31 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At26.job
[2012/01/05 16:26:00 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At27.job
[2012/01/05 16:26:00 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At28.job
[2012/01/05 17:26:24 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At29.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At3.job
[2012/01/05 17:26:26 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At30.job
[2012/01/05 18:26:30 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At31.job
[2012/01/05 18:26:23 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At32.job
[2012/01/05 19:26:22 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At33.job
[2012/01/05 19:26:34 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At34.job
[2012/01/05 21:19:36 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At35.job
[2012/01/05 21:19:39 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At36.job
[2012/01/05 21:26:28 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At37.job
[2012/01/05 21:26:24 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At38.job
[2012/01/05 22:26:22 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At39.job
[2012/01/06 04:49:23 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At4.job
[2012/01/05 22:26:21 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At40.job
[2012/01/05 23:26:21 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At41.job
[2012/01/05 23:26:35 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At42.job
[2012/01/06 00:26:52 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At43.job
[2012/01/06 00:26:38 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At44.job
[2012/01/06 01:26:33 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At45.job
[2012/01/06 01:27:10 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At46.job
[2012/01/06 04:49:23 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At47.job
[2012/01/06 04:49:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At48.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At5.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At6.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At7.job
[2012/01/06 12:33:20 | 000,000,350 | ---- | M] () -- F:\windows\Tasks\At8.job
[2012/01/06 12:33:20 | 000,000,348 | ---- | M] () -- F:\windows\Tasks\At9.job
[2011/12/15 09:39:14 | 000,000,342 | ---- | M] () -- F:\windows\Tasks\McDefragTask.job
[2012/01/01 04:01:03 | 000,000,320 | ---- | M] () -- F:\windows\Tasks\McQcTask.job
[2011/05/12 17:34:54 | 000,032,624 | ---- | M] () -- F:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 244736 bytes -> F:\windows\Temp:winupd.exe
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
DRV - [2012/01/05 04:03:45 | 000,044,928 | ---- | M] () [Kernel | Boot] -- F:\windows\System32\Drivers\f1fd89874c5dc9ed.sys -- (f1fd89874c5dc9ed)
[2012/01/05 04:03:45 | 000,044,928 | ---- | M] () -- F:\windows\System32\drivers\f1fd89874c5dc9ed.sys
DRV - File not found [Kernel | Boot] -- -- (yduowol)
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FtJthnNSvuydIr.exe] File not found
O4 - HKU\.DEFAULT..\Run: [7968a239e6bfab4.exe] File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] File not found
O4 - HKU\.DEFAULT..\Run: [winupd] F:\windows\TEMP:winupd.exe File not found
O4 - HKU\Rebecca_ON_F..\Run: [AdobeBridge] File not found
O20 - Winlogon\Notify\klartew: DllName - C:\windows\system32\config\systemprofile\AppData\Local\klartew.dll - F:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll ()
O37 - HKLM\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
[2012/01/06 12:30:31 | 000,011,608 | -HS- | M] () -- F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y
[2011/12/27 03:21:16 | 000,009,556 | -HS- | M] () -- F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/24 02:13:58 | 000,009,130 | -HS- | C] () -- F:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\1c20t7270a6n4k50rdqh04
[2011/05/13 22:52:53 | 000,002,224 | -HS- | C] () -- F:\ProgramData\1c20t7270a6n4k50rdqh04
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\Users\Rebecca\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 18:24:15 | 000,012,234 | -HS- | C] () -- F:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122
@Alternate Data Stream - 244736 bytes -> F:\windows\Temp:winupd.exe

:Services

:Reg

:Files
F:\windows\tasks\At*.job

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Attempt to reboot normally into Windows.

See if you can run aswMBR and Combofix now.
 
Wait, do I reboot it via the hard drive or the CD-ROM?
Oh, wait, nevermind...don't answer that.

Here's the log:

��========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\f1fd89874c5dc9ed deleted successfully.

F:\Windows\System32\drivers\f1fd89874c5dc9ed.sys moved successfully.

File F:\windows\System32\drivers\f1fd89874c5dc9ed.sys not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yduowol deleted successfully.

94.63.240.131 www.google.com removed from HOSTS file successfully

94.63.240.132 www.bing.com removed from HOSTS file successfully

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FtJthnNSvuydIr.exe deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\7968a239e6bfab4.exe deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\winupd deleted successfully.

Registry value HKEY_USERS\Rebecca_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klartew\ deleted successfully.

F:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll moved successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Classes\E7\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

F:\ProgramData\5cy6y87mwm3h12vmoqo7786hy170odc37b4y moved successfully.

F:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7 moved successfully.

F:\Users\Rebecca\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006 moved successfully.

F:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006 moved successfully.

F:\Users\Rebecca\AppData\Local\1c20t7270a6n4k50rdqh04 moved successfully.

F:\ProgramData\1c20t7270a6n4k50rdqh04 moved successfully.

F:\Users\Rebecca\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.

F:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.

ADS F:\windows\Temp:winupd.exe deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

F:\windows\tasks\At1.job moved successfully.

F:\windows\tasks\At10.job moved successfully.

F:\windows\tasks\At11.job moved successfully.

F:\windows\tasks\At12.job moved successfully.

F:\windows\tasks\At13.job moved successfully.

F:\windows\tasks\At14.job moved successfully.

F:\windows\tasks\At15.job moved successfully.

F:\windows\tasks\At16.job moved successfully.

F:\windows\tasks\At17.job moved successfully.

F:\windows\tasks\At18.job moved successfully.

F:\windows\tasks\At19.job moved successfully.

F:\windows\tasks\At2.job moved successfully.

F:\windows\tasks\At20.job moved successfully.

F:\windows\tasks\At21.job moved successfully.

F:\windows\tasks\At22.job moved successfully.

F:\windows\tasks\At23.job moved successfully.

F:\windows\tasks\At24.job moved successfully.

F:\windows\tasks\At25.job moved successfully.

F:\windows\tasks\At26.job moved successfully.

F:\windows\tasks\At27.job moved successfully.

F:\windows\tasks\At28.job moved successfully.

F:\windows\tasks\At29.job moved successfully.

F:\windows\tasks\At3.job moved successfully.

F:\windows\tasks\At30.job moved successfully.

F:\windows\tasks\At31.job moved successfully.

F:\windows\tasks\At32.job moved successfully.

F:\windows\tasks\At33.job moved successfully.

F:\windows\tasks\At34.job moved successfully.

F:\windows\tasks\At35.job moved successfully.

F:\windows\tasks\At36.job moved successfully.

F:\windows\tasks\At37.job moved successfully.

F:\windows\tasks\At38.job moved successfully.

F:\windows\tasks\At39.job moved successfully.

F:\windows\tasks\At4.job moved successfully.

F:\windows\tasks\At40.job moved successfully.

F:\windows\tasks\At41.job moved successfully.

F:\windows\tasks\At42.job moved successfully.

F:\windows\tasks\At43.job moved successfully.

F:\windows\tasks\At44.job moved successfully.

F:\windows\tasks\At45.job moved successfully.

F:\windows\tasks\At46.job moved successfully.

F:\windows\tasks\At47.job moved successfully.

F:\windows\tasks\At48.job moved successfully.

F:\windows\tasks\At5.job moved successfully.

F:\windows\tasks\At6.job moved successfully.

F:\windows\tasks\At7.job moved successfully.

F:\windows\tasks\At8.job moved successfully.

F:\windows\tasks\At9.job moved successfully.

========== COMMANDS ==========



OTLPE by OldTimer - Version 3.1.48.0 log created on 01062012_162558

Going to reboot normally and try to run those two things now.
 
Here's the aswMBR log, ran without a problem:

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 16:40:42
-----------------------------
16:40:42.824 OS Version: Windows 6.1.7600
16:40:42.824 Number of processors: 2 586 0x170A
16:40:42.827 ComputerName: REBECCA-PC UserName: Rebecca
16:41:10.385 Initialize success
16:42:58.625 AVAST engine defs: 12010601
16:43:50.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:43:50.320 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
16:43:50.365 Disk 0 MBR read successfully
16:43:50.370 Disk 0 MBR scan
16:43:50.384 Disk 0 Windows 7 default MBR code
16:43:50.402 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
16:43:50.416 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 192191 MB offset 411648
16:43:50.426 Disk 0 Partition - 00 0F Extended LBA 30973 MB offset 394021568
16:43:50.477 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 457454272
16:43:50.512 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30972 MB offset 394023616
16:43:50.525 Disk 0 scanning sectors +488397168
16:43:50.931 Disk 0 scanning C:\windows\system32\drivers
16:44:03.994 Service scanning
16:44:06.606 Modules scanning
16:44:12.250 Disk 0 trace - called modules:
16:44:12.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:44:12.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8721a030]
16:44:12.301 3 CLASSPNP.SYS[8b95b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8642e028]
16:44:14.184 AVAST engine scan C:\windows
16:44:18.740 AVAST engine scan C:\windows\system32
16:45:05.018 File: C:\windows\system32\h6v76t3.com **INFECTED** Win32:Malware-gen
16:45:05.094 File: C:\windows\system32\h6v76t3.com_ **INFECTED** Win32:Malware-gen
16:47:14.427 AVAST engine scan C:\windows\system32\drivers
16:47:34.481 AVAST engine scan C:\Users\Rebecca
16:47:46.931 File: C:\Users\Rebecca\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll **INFECTED** Win32:Malware-gen
16:47:47.395 File: C:\Users\Rebecca\AppData\Local\Conduit\ConduitUpdate\Conduitupdt32.dll **INFECTED** Win32:Malware-gen
16:50:04.627 File: C:\Users\Rebecca\AppData\Local\Temp\9704.tmp **INFECTED** Win32:Malware-gen
16:50:05.052 File: C:\Users\Rebecca\AppData\Local\Temp\A556.tmp **INFECTED** Win32:Malware-gen
16:50:07.240 File: C:\Users\Rebecca\AppData\Local\Temp\B583.tmp **INFECTED** Win32:Alureon-AEX [Trj]
16:50:07.438 File: C:\Users\Rebecca\AppData\Local\Temp\BD1F.tmp **INFECTED** Win32:Tracur-EU [Trj]
16:50:07.930 File: C:\Users\Rebecca\AppData\Local\Temp\CA87.tmp **INFECTED** Win32:Tracur-EU [Trj]
16:51:44.922 File: C:\Users\Rebecca\AppData\Local\Temp\setup2688442240.exe **INFECTED** Win32:Alureon-AEX [Trj]
16:51:45.148 File: C:\Users\Rebecca\AppData\Local\Temp\setup4002649120.exe **INFECTED** Win32:Alureon-AEX [Trj]
16:58:37.598 File: C:\Users\Rebecca\AppData\Local\Temp\w7e8EB6.tmp **INFECTED** Win32:Downloader-KCV [Trj]
16:58:37.705 File: C:\Users\Rebecca\AppData\Local\Temp\w7e908B.tmp.exe **INFECTED** Win32:Malware-gen
16:58:58.405 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\54a13990-62b31dc8 **INFECTED** Win32:MalOb-GR [Cryp]
16:58:58.510 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7035a690-54a5bfb4 **INFECTED** Win32:FakeSysdef-EG [Trj]
16:58:58.623 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\40d8dd51-5b9a7729 **INFECTED** Win32:MalOb-FN [Cryp]
16:58:59.102 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\39e1d656-4bccfd5e **INFECTED** Win32:Renosa-I [Wrm]
16:58:59.575 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\682422df-128b7d1d **INFECTED** Win32:Renosa-D [Trj]
16:59:03.495 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\233085ba-2b8e9acf **INFECTED** Win32:MalOb-GR [Cryp]
16:59:03.921 File: C:\Users\Rebecca\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5b33fe3b-33eb9e5b **INFECTED** Win32:MalOb-FN [Cryp]
17:00:02.344 File: C:\Users\Rebecca\AppData\Roaming\Microsoft\DF52\B24D.tmp **INFECTED** Win32:Jorik-DL [Trj]
17:10:15.807 AVAST engine scan C:\ProgramData
17:17:45.246 Scan finished successfully
17:21:21.500 Disk 0 MBR has been saved successfully to "C:\Users\Rebecca\Desktop\MBR.dat"
17:21:21.523 The log file has been saved successfully to "C:\Users\Rebecca\Desktop\aswMBR.txt"
 
Alright, I'm having trouble disabling McAfee Virus Scan on my computer.

When I look at Virus Scan in the Security Center, it says that 'McAfee VirusScan Plus can no longer scan your computer....because you havn't activated your subscription', as it should, because I didn't want it in the first place. Yet ComboFix says it's active, and I don't have any clue how to disable it, because I never activated it in the first place!
 
Alright, ComboFix is taking too long again. It's been over an hour now and no change.

Do you think I should try it one more time? I may have accidentally clicked it or done something to stall it.
 
Still can't boot into safe mode. The Win32 files scroll down the screen, computer freezes for about 2 minutes, then reboots by itself.
 
Download SafeBootKeyRepair by sUBs and save it to your desktop.
Double-click SafeBootKeyRepair.exe to run it.
Follow any prompts that may appear then post the log it produces.
 
It shouldn't matter.

Try to run new Combofix from normal mode.
If nothing happens or it's stuck after 30 minutes...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
About the safeboot key thing, it tells me to press any key to continue, and I do, but then the prompt just disappears and nothing happens.

Ignore it and try Combofix again?
 
Back