Inactive Virus/malware that keeps coming back despite being removed with Malwarebytes

I ran it in safe mode, but now my desktop is missing and it says "failed to connect to windows service" and "c:/windows/system32/config/systemprofile/desktop is not accessible. Access is denied." What should I do?
 
Turn the computer off.
Wait 1 minute.
Restart.
If normal mode won't work try safe mode.
 
Normal mode doesn't work still, safe mode says "failed to connect to windows service" and is missing some icons.
 
Rerunning tdsskiller doesn't ask me to reboot when I cure it. When I manually restart I still get blue screen from entering normally
 
I'm trying to runit in safe mode now, but it keeps saying security essentials is on even though I turned it off. Should I just run it?
 
I tried turning on security essentials, to see if I could turn it off so that I could run combofix, but I'm having problems turning it on. Still getting a blue screen on normal startup.

Error code is 0x800705b4
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    afd.sys
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
I got it to boot from cd, but when I open otle it asks me to select a folder saying "choose window directory" what should I do?

Whenever I select a folder. It says "target is not windows 2000 or later"
 
I have the log here, split in 3:

OTL logfile created on: 2/29/2012 10:11:03 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 3.84 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.59 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (z800bus)
SRV - File not found [Auto] -- -- (slimsvc)
SRV - File not found [Auto] -- -- (se58mdfl)
SRV - File not found [Auto] -- -- (pnmsrv)
SRV - File not found [Auto] -- -- (p17)
SRV - File not found [Auto] -- -- (omniinet)
SRV - File not found [Auto] -- -- (iPassPeriodicUpdateApp)
SRV - File not found [Auto] -- -- (imonitor)
SRV - File not found [Auto] -- -- (downloadmanagerlite)
SRV - File not found [Auto] -- -- (DCamUSBGrandTek)
SRV - File not found [Auto] -- -- (aw_host)
SRV - File not found [Auto] -- -- (ARSVC)
SRV - [2011/12/18 12:48:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/23 10:54:18 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)
SRV - [2009/02/19 15:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 15:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/25 21:53:16 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/03/14 00:03:44 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe -- (STacSV)
SRV - [2008/03/14 00:03:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/02/29 04:37:16 | 001,053,944 | ---- | M] (AuthenTec, Inc.) [Auto] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\venturi2.dll -- (ZSMC303)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\w200obex.dll -- (U81xmgmt)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\xaudioservice.dll -- (SetupSys)
SRV - [2008/01/20 21:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\mqdmmdfl.dll -- (elaunidr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva391)
DRV - File not found [Kernel | On_Demand] -- -- (XDva195)
DRV - File not found [Kernel | Boot] -- -- (xbdtm)
DRV - File not found [Kernel | System] -- -- (tdx)
DRV - File not found [Kernel | System] -- -- (rlzvlbkq)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (netbt)
DRV - File not found [Kernel | System] -- -- (kgvthoff)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | On_Demand] -- -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand] -- -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (cdrom)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (ASPI32)
DRV - File not found [File_System | Boot] -- -- (87439480)
DRV - File not found [File_System | Boot] -- -- (39788838)
DRV - File not found [Kernel | On_Demand] -- -- (.smb)
DRV - File not found [Kernel | On_Demand] -- -- (.afd)
DRV - [2011/07/21 15:35:19 | 000,500,704 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2011/06/27 18:41:51 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\Windows\System32\STEC3.sys -- (STEC3)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/11/17 06:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/07 14:57:05 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/04 13:17:40 | 000,046,464 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand] -- C:\Windows\System32\XDva189.sys -- (XDva189)
DRV - [2008/05/04 03:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/04 03:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/22 16:33:30 | 000,038,856 | ---- | M] (Teruten Co. LTD.) [Kernel | On_Demand] -- C:\Windows\System32\GDISpy.sys -- (GDISpyDevice)
DRV - [2008/04/18 21:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/14 08:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/03/14 00:03:48 | 000,374,784 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/03/13 06:45:50 | 000,548,352 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/03/11 01:53:02 | 000,149,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/03/11 01:53:00 | 000,277,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/03/11 01:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/11 01:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/11 01:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/11 01:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:24:55 | 000,075,264 | ---- | M] () [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/02 05:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916mdm.sys -- (s916mdm)
DRV - [2007/11/02 05:47:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916mgmt.sys -- (s916mgmt) Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM)
DRV - [2007/11/02 05:47:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916obex.sys -- (s916obex)
DRV - [2007/11/02 05:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2007/11/02 05:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s916mdfl.sys -- (s916mdfl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
IE - HKU\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
IE - HKU\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Jonathan_ON_C\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKU\Jonathan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jonathan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://weblogin.utoronto.ca/|https://portal.utoronto.ca/webapps/portal/frameset.jsp|https://www.rosi.utoronto.ca/"
FF - prefs.js..extensions.enabledItems: ankpixiv@snca.net:1.14.4
FF - prefs.js..extensions.enabledItems: peraperakun-chinese@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.4b1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.4
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "69.120.137.143"
FF - prefs.js..network.proxy.ftp_port: 27977
FF - prefs.js..network.proxy.http: "69.120.137.143"
FF - prefs.js..network.proxy.http_port: 27977
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "69.120.137.143"
FF - prefs.js..network.proxy.socks_port: 27977
FF - prefs.js..network.proxy.ssl: "69.120.137.143"
FF - prefs.js..network.proxy.ssl_port: 27977

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\System32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Jonathan\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/28 18:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 09:31:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 08:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Jonathan\Program Files\DNA [2012/02/29 16:13:51 | 000,000,000 | ---D | M]

[2010/08/20 08:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions
[2010/08/20 08:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/25 09:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions
[2011/10/20 23:04:03 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/01/26 15:02:36 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2009/01/08 22:34:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(17)
[2012/01/09 15:31:46 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\chineseperakun@gmail.com
[2012/01/10 10:18:24 | 000,000,000 | ---D | M] (Perapera Japanese) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\peraperakun@gmail.com
[2011/05/28 19:17:18 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\s1agfejk.default\extensions\rikaichan-jpen@polarcloud.com
[2008/07/28 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2C}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\{F701C26A-479A-4724-B4F1-870DB12F063C}.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\ANKPIXIV@SNCA.NET.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\NICOFOX@LITTLEBTC.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\PERAPERAKUN-CHINESE@GMAIL.COM.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\PERAPERAKUN-JPEN@GMAIL.COM.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1AGFEJK.DEFAULT\EXTENSIONS\TABCOUNT@3GREENEGGS.COM.XPI
[2012/02/17 09:31:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/04 20:04:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:17:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\Jonathan_ON_C\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Jonathan_ON_C..\Run: [BitTorrent DNA] C:\Users\Jonathan\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Jonathan_ON_C..\Run: [DellSupportCenter] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Shortcut.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 21:54:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/29 15:32:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/29 15:30:10 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonathan\Desktop\TDSSKiller.exe
[2012/02/29 13:14:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.svs
[2012/02/29 12:04:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/29 12:04:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/29 01:15:03 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.svs
[2012/02/28 23:43:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/28 23:43:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/28 23:43:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/28 23:36:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/28 23:34:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 23:26:34 | 004,422,703 | R--- | C] (Swearware) -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2012/02/28 22:32:20 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\RK_Quarantine
[2012/02/28 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\LA
[2012/02/28 02:02:10 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\DO THIS
[2012/02/28 00:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/28 00:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/27 23:56:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/27 23:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012/02/27 23:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012/02/26 15:43:14 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\Mobile Suit Gundam Novel
[2012/02/24 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/02/24 21:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2012/02/24 21:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2012/02/24 21:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2012/02/24 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\(C81) [ReDrop (Miyamoto Smoke, Otsumami)] Minna no Asuka Bon (Neon Genesis Evangelion) [English] =LWB=
[2012/02/18 04:23:06 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\Spice and Wolf Light Novel
[2012/02/16 17:32:40 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\Inkey
[2012/02/14 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\[DA HOOTCH (ShindoL)] Field Work Ch1-2
[2012/02/07 18:12:52 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\SRWZ
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 21:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 20:51:46 | 000,600,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/29 20:51:46 | 000,105,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/29 20:27:19 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/29 20:05:37 | 000,232,960 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 18:18:45 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 18:18:45 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 17:11:33 | 000,396,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/29 15:34:03 | 000,000,001 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe_.b
[2012/02/29 15:34:03 | 000,000,001 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe.b
[2012/02/29 15:20:31 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/29 15:18:22 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/29 14:32:02 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/29 14:21:35 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/29 14:20:34 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/29 14:06:36 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonathan\Desktop\TDSSKiller.exe
[2012/02/29 13:44:38 | 000,006,944 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2012/02/29 00:20:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/29 00:20:33 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/28 23:26:48 | 004,422,703 | R--- | M] (Swearware) -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2012/02/28 23:21:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/28 23:16:59 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/28 22:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/28 22:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/28 21:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/28 21:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/28 20:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/28 20:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/28 19:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/28 19:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/28 18:17:18 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/28 18:17:18 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/28 17:19:21 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/28 17:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/28 16:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/28 16:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/28 01:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/28 01:17:17 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/28 00:26:20 | 000,000,878 | ---- | M] () -- C:\Users\Jonathan\Desktop\SpywareBlaster.lnk
[2012/02/28 00:26:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/27 23:55:10 | 076,871,504 | ---- | M] () -- C:\Users\Jonathan\Documents\Firefox 10.0.2 (en-US) - 2012-02-27.pcv
[2012/02/27 23:52:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/02/27 23:52:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com
[2012/02/27 18:22:36 | 000,000,112 | ---- | M] () -- C:\ProgramData\fStYmXb30.dat
[2012/02/27 18:20:32 | 080,340,888 | ---- | M] () -- C:\Users\Jonathan\Desktop\Dr Web.exe
[2012/02/27 13:19:22 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/27 13:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/27 12:19:45 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/27 12:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/27 11:18:56 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/27 11:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/27 10:19:43 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/27 10:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/27 09:19:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/27 09:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/26 23:41:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASX to MP3 Converter
[2012/02/26 23:09:31 | 000,001,078 | ---- | M] () -- C:\Users\Jonathan\Desktop\ASX to MP3 Converter.lnk
[2012/02/26 23:06:13 | 000,114,688 | ---- | M] () -- C:\Windows\System32\msvos.dll
[2012/02/26 22:51:53 | 000,000,526 | ---- | M] () -- C:\Users\Jonathan\Desktop\xillia10.asx
[2012/02/26 22:51:36 | 000,000,526 | ---- | M] () -- C:\Users\Jonathan\Desktop\xillia11.asx
[2012/02/26 22:19:51 | 000,000,526 | ---- | M] () -- C:\Users\Jonathan\Desktop\xillia12.asx
[2012/02/26 17:05:34 | 000,362,348 | ---- | M] () -- C:\Users\Jonathan\Desktop\1330290697983.jpg
[2012/02/26 16:03:24 | 013,456,449 | ---- | M] () -- C:\Users\Jonathan\Desktop\Taketatsu Ayana and Hanazawa Kana Talk About Lolis.flv
[2012/02/24 21:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2012/02/24 21:17:45 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2012/02/23 12:50:23 | 000,262,938 | ---- | M] () -- C:\Users\Jonathan\Desktop\1330015465258.jpg
[2012/02/20 02:44:00 | 000,257,373 | ---- | M] () -- C:\Users\Jonathan\Desktop\rinne-07.jpg
[2012/02/18 20:38:46 | 039,022,043 | ---- | M] () -- C:\Users\Jonathan\Desktop\Phase Shift 1.zip
[2012/02/18 20:38:14 | 002,185,701 | ---- | M] () -- C:\Users\Jonathan\Desktop\blazblue_phase_shift_2.zip
[2012/02/15 10:34:02 | 149,144,660 | ---- | M] () -- C:\Users\Jonathan\Desktop\OP-Podcast-0506-MP3.mp3
[2012/02/12 22:14:20 | 000,397,103 | ---- | M] () -- C:\Users\Jonathan\Desktop\1329092028963.jpg
[2012/02/05 17:37:37 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2012/02/05 17:37:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[2012/02/01 12:11:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/29 15:34:03 | 000,083,136 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe_
[2012/02/29 15:34:03 | 000,083,136 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe_.b
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe.b
[2012/02/28 23:43:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/28 23:43:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/28 23:43:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/28 23:43:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/28 23:43:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/28 23:17:02 | 000,083,136 | ---- | C] () -- C:\Windows\System32\eE0cm.com
[2012/02/28 00:26:20 | 000,000,878 | ---- | C] () -- C:\Users\Jonathan\Desktop\SpywareBlaster.lnk
[2012/02/27 23:54:27 | 076,871,504 | ---- | C] () -- C:\Users\Jonathan\Documents\Firefox 10.0.2 (en-US) - 2012-02-27.pcv
[2012/02/27 23:52:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/02/27 18:16:47 | 080,340,888 | ---- | C] () -- C:\Users\Jonathan\Desktop\Dr Web.exe
[2012/02/26 23:06:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/02/26 23:06:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/02/26 23:06:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/02/26 23:06:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/02/26 23:06:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/02/26 23:06:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/02/26 23:06:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\fStYmXb30.dat
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/02/26 23:06:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/02/26 23:06:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/02/26 23:06:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/02/26 23:06:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/02/26 23:06:39 | 000,083,136 | ---- | C] () -- C:\Windows\System32\eE0cm.com_
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/02/26 23:06:39 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/02/26 23:06:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/02/26 22:56:37 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 22:51:48 | 000,000,526 | ---- | C] () -- C:\Users\Jonathan\Desktop\xillia10.asx
[2012/02/26 22:51:32 | 000,000,526 | ---- | C] () -- C:\Users\Jonathan\Desktop\xillia11.asx
[2012/02/26 17:05:32 | 000,362,348 | ---- | C] () -- C:\Users\Jonathan\Desktop\1330290697983.jpg
[2012/02/26 16:01:37 | 000,000,526 | ---- | C] () -- C:\Users\Jonathan\Desktop\xillia12.asx
[2012/02/26 15:59:07 | 013,456,449 | ---- | C] () -- C:\Users\Jonathan\Desktop\Taketatsu Ayana and Hanazawa Kana Talk About Lolis.flv
[2012/02/24 21:17:45 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2012/02/23 12:50:22 | 000,262,938 | ---- | C] () -- C:\Users\Jonathan\Desktop\1330015465258.jpg
[2012/02/20 02:43:52 | 000,257,373 | ---- | C] () -- C:\Users\Jonathan\Desktop\rinne-07.jpg
[2012/02/18 20:38:05 | 002,185,701 | ---- | C] () -- C:\Users\Jonathan\Desktop\blazblue_phase_shift_2.zip
[2012/02/18 20:38:00 | 039,022,043 | ---- | C] () -- C:\Users\Jonathan\Desktop\Phase Shift 1.zip
[2012/02/15 10:27:21 | 149,144,660 | ---- | C] () -- C:\Users\Jonathan\Desktop\OP-Podcast-0506-MP3.mp3
[2012/02/12 22:14:20 | 000,397,103 | ---- | C] () -- C:\Users\Jonathan\Desktop\1329092028963.jpg
[2012/01/19 22:07:25 | 000,051,186 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\room_v3.dat
[2011/08/25 20:49:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/08/25 20:49:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/25 20:49:51 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/25 20:49:51 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/25 20:49:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/21 00:56:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\imsfchk.dll
[2011/07/21 00:56:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\imslevel.dll
[2011/06/18 10:22:19 | 000,230,529 | ---- | C] () -- C:\Windows\System32\libpng14-14.dll
[2011/06/18 10:22:19 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011/06/18 10:22:19 | 000,098,590 | ---- | C] () -- C:\Windows\System32\libwimp.dll
[2011/06/18 10:22:19 | 000,062,130 | ---- | C] () -- C:\Windows\System32\libpixmap.dll
[2011/06/18 10:22:18 | 000,103,029 | ---- | C] () -- C:\Windows\System32\libpangocairo-1.0-0.dll
[2011/06/18 10:22:18 | 000,060,537 | ---- | C] () -- C:\Windows\System32\libgailutil-18.dll
[2011/06/18 10:22:17 | 001,136,422 | ---- | C] () -- C:\Windows\System32\libcairo-2.dll
[2011/06/18 10:22:17 | 000,551,096 | ---- | C] () -- C:\Windows\System32\freetype6.dll
[2011/06/18 10:22:17 | 000,466,257 | ---- | C] () -- C:\Windows\System32\libgail.dll
[2011/06/18 10:22:17 | 000,279,059 | ---- | C] () -- C:\Windows\System32\libfontconfig-1.dll
[2011/06/18 10:22:17 | 000,143,096 | ---- | C] () -- C:\Windows\System32\libexpat-1.dll
[2011/03/22 20:36:53 | 000,041,890 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\room.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/15 14:59:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\imsaiff.dll
[2010/06/15 14:59:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2010/05/08 21:26:27 | 000,165,425 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2009/11/03 09:38:35 | 000,388,112 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/10/27 23:01:35 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/03 17:47:10 | 000,006,328 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\PrimoPDFSet.xml
[2009/08/03 17:45:12 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/07/09 09:32:07 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/17 10:17:36 | 000,004,508 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/05/12 14:23:05 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2009/03/06 23:29:32 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009/03/06 22:45:47 | 000,165,697 | ---- | C] () -- C:\Windows\hpoins28.dat
[2008/10/26 19:01:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/08 09:07:37 | 000,008,248 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\en.ini
[2008/08/02 13:11:21 | 000,023,888 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\UserTile.png
[2008/08/01 23:07:07 | 000,077,940 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/07/29 23:15:09 | 000,006,944 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2008/07/28 21:58:01 | 000,232,960 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/28 13:50:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/07/28 13:50:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/16 23:55:43 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/07/16 23:55:43 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/07/16 23:55:43 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/07/16 23:55:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/07/16 21:22:33 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/07/16 21:16:21 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/07/16 21:16:20 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/07/16 16:00:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/05/11 22:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/04/29 13:42:24 | 000,503,808 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/01/20 21:24:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,396,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,600,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,658 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/30 11:29:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\msvos.dll
 
========== LOP Check ==========

[2008/12/05 22:56:59 | 000,000,000 | -HSD | M] -- C:\Users\Jonathan\AppData\Roaming\.#
[2011/10/08 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Audacity
[2008/07/28 13:42:32 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DigitalPersona
[2012/02/29 15:55:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DNA
[2010/12/08 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Downloaded Installations
[2011/05/26 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Dropbox
[2011/07/22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GetRightToGo
[2010/06/26 10:18:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\IObit
[2010/08/25 14:51:51 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\JAM Software
[2011/07/22 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Music Recognition
[2010/04/07 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\NCH Swift Sound
[2009/10/13 13:33:22 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\NeopleLauncherDFO
[2011/12/08 12:17:02 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Nitro PDF
[2011/12/08 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\OpenCandy
[2010/12/09 23:12:02 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\PCDr
[2008/08/02 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\PeerNetworking
[2011/07/11 17:01:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Pokemon Lab
[2011/07/09 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Pokemon Online
[2011/12/08 12:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\PrimoPDF
[2009/10/16 18:34:06 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\RenPy
[2009/05/12 11:22:01 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\River Past G5
[2010/12/17 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Sony
[2008/09/07 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\SonyEricsson
[2010/10/04 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Synthesia
[2010/08/09 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\SYSTEMAX Software Development
[2010/08/20 08:11:08 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Thunderbird
[2010/05/04 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Uniblue
[2012/02/28 19:59:59 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\uTorrent
[2009/12/30 12:01:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\VBA-M
[2008/07/29 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Windows Live Writer
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/08/09 22:26:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2008/10/29 15:55:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/04/07 10:29:38 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2009/10/27 15:18:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/09/11 16:35:36 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2011/12/08 12:16:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2011/05/24 15:14:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2011/05/02 22:20:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2009/05/12 13:52:39 | 000,000,000 | ---D | M] -- C:\ProgramData\River Past G5
[2008/09/06 19:01:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/08/09 19:37:25 | 000,000,000 | ---D | M] -- C:\ProgramData\SYSTEMAX Software Development
[2008/10/09 11:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2008/07/28 13:37:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/16 21:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2008/09/23 13:41:44 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/01/30 18:58:57 | 000,000,000 | ---D | M] -- C:\ProgramData\youku
[2012/02/24 21:17:52 | 000,000,000 | ---D | M] -- C:\ProgramData\YouTube Downloader
[2011/01/30 23:23:07 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 16:59:18 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/02/29 00:20:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/02/26 23:54:50 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/02/26 23:54:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/02/27 09:19:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/02/29 00:20:33 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/02/27 09:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/02/27 10:19:43 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/02/27 10:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/02/27 11:18:56 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/02/27 11:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/02/27 12:19:45 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/02/27 12:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/02/27 13:19:22 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/02/27 13:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/02/29 14:20:34 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/02/28 01:17:17 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/02/29 14:21:35 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/02/29 15:20:31 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/02/29 15:18:22 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/02/28 16:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/02/28 16:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/02/28 17:19:21 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/02/28 17:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/02/28 18:17:18 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/02/28 18:17:18 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/02/28 19:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/02/28 01:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/02/28 19:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/02/28 20:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/02/28 20:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/02/28 21:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/02/28 21:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/02/28 22:17:16 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/02/28 22:17:16 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/02/28 23:16:59 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/02/28 23:21:29 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/02/26 23:54:52 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/02/26 23:54:52 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/02/29 16:57:54 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AFD.SYS >
[2008/01/20 21:24:17 | 000,273,920 | ---- | M] () MD5=B758C5505715AD33D6DFB4332C7F07D5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Files - Unicode (All) ==========
[2010/06/22 23:17:59 | 000,769,473 | ---- | C] ()(C:\Users\Jonathan\Desktop\11338478- SAE^2 - ??????????.png) -- C:\Users\Jonathan\Desktop\11338478- SAE^2 - はやぶさの名を冠する.png
[2010/06/21 10:39:53 | 000,769,473 | ---- | M] ()(C:\Users\Jonathan\Desktop\11338478- SAE^2 - ??????????.png) -- C:\Users\Jonathan\Desktop\11338478- SAE^2 - はやぶさの名を冠する.png
[2009/10/06 23:06:03 | 005,765,164 | ---- | M] ()(C:\Users\Jonathan\Desktop\Life Goes On - ???.mp3) -- C:\Users\Jonathan\Desktop\Life Goes On - 中文版.mp3
[2009/10/06 23:05:37 | 005,765,164 | ---- | C] ()(C:\Users\Jonathan\Desktop\Life Goes On - ???.mp3) -- C:\Users\Jonathan\Desktop\Life Goes On - 中文版.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
DRV - File not found [Kernel | Boot] -- -- (xbdtm)
DRV - File not found [Kernel | System] -- -- (rlzvlbkq)
DRV - File not found [Kernel | System] -- -- (kgvthoff)
DRV - File not found [File_System | Boot] -- -- (87439480)
DRV - File not found [File_System | Boot] -- -- (39788838)
DRV - File not found [Kernel | On_Demand] -- -- (.smb)
DRV - File not found [Kernel | On_Demand] -- -- (.afd)
IE - HKU\Jonathan_ON_C\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\Jonathan_ON_C\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
[2012/02/24 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/02/29 14:32:02 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\ProgramData\ojMY0N0T.exe
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com_
[2012/02/27 18:22:36 | 000,083,136 | ---- | M] () -- C:\Windows\System32\eE0cm.com
[2012/02/27 18:22:36 | 000,000,112 | ---- | M] () -- C:\ProgramData\fStYmXb30.dat
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe_.b
[2012/02/29 15:34:03 | 000,000,001 | ---- | C] () -- C:\ProgramData\ojMY0N0T.exe.b
[2008/12/05 22:56:59 | 000,000,000 | -HSD | M] -- C:\Users\Jonathan\AppData\Roaming\.#
[2010/05/04 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Uniblue
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731

:Services

:Reg

:Files
C:\Windows\system32\drivers\afd.sys|C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys /replace
C:\Windows\Tasks\At*.job

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xbdtm deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rlzvlbkq deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kgvthoff deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\87439480 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\39788838 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.afd deleted successfully.
Registry value HKEY_USERS\Jonathan_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_USERS\Jonathan_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\ProgramData\ojMY0N0T.exe_ moved successfully.
C:\ProgramData\ojMY0N0T.exe moved successfully.
C:\Windows\System32\eE0cm.com_ moved successfully.
C:\Windows\System32\eE0cm.com moved successfully.
C:\ProgramData\fStYmXb30.dat moved successfully.
C:\ProgramData\ojMY0N0T.exe_.b moved successfully.
C:\ProgramData\ojMY0N0T.exe.b moved successfully.
C:\Users\Jonathan\AppData\Roaming\.# folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Jonathan\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\ProgramData\TEMP:88050731 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\system32\drivers\afd.sys successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 03012012_000625
 
Trying to see if windows works normally now, had to post the log fast because someone was sleeping in that room
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back