Only Starts in Safemode /Better virus removal (Free?)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Fri 11 Feb 2011, 8:37 am

Ok I originally posted this in another forum but was told I should post here in 'Malware' so I'll recap w/ some of the original language:

Sup ppl,

I been using AVG and it's usually adequate but I've been attacked again and I don't see how good it is if viruses keep getting thru to where my system is disabled (my desktop only starts in safemode) I'm running XP so I kind of suspect since I'm running an older OS I'm more vulnerable to this sort of thing (advice) I'm not cheap, I'm broke so is there something that I can use to restore my computer? I'm on with safemode networking and I'll download what sounds good. I just installed SP3 and I've already tried
Correct Boot INI settings
Disabled system restore
Uninstalled/reinstalled AVG
Removed suspect programs

Having redirect issues as well

Some direction will be greatly appreciated

AFTER THAT I THINK I RID MYSELF OF THE VIRUS (it's been 48+ hrs no signs) I WAS GIVEN SOME CODE AND TOLD TO DOWNLOAD OTL BUT....

Trying to get OTL on my comp but cant:

Safemode w/ Networking not letting me go to GeekPolice for some reason, same thing with google search results (i think it has to do with the .net site extension)

Safemode not reading my USB Drive
Email won't allow me to send executable files

just a reminder my comp won't start regularly
Any other way I can get this file on the comp?

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Fri 11 Feb 2011, 11:07 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Fri 11 Feb 2011, 7:13 pm

My comp won't go to any site with OTL in the title

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Sat 12 Feb 2011, 5:29 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try downloading OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Sun 13 Feb 2011, 4:43 pm

So sorry I'm just getting to this (midterms) I will attempt this shortly by morning

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Mon 14 Feb 2011, 1:31 pm

Okay, standing by.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Tue 15 Feb 2011, 2:34 am

okthe computer won't go to rkill.com either

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Tue 15 Feb 2011, 7:30 am

I can see how this sounds crazy but I really don't know why the computer wont go to the sites that have been suggested to me and I can't email the downloaded file and I can't transfer it via flash drive I don't know what to do

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Tue 15 Feb 2011, 12:23 pm

Okay lets try a boot disc, you may need to download & burn this from another machine.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Wed 16 Feb 2011, 4:31 am

Running OTL and up to 'Drivers'- It only has 'None', 'Use Safelist' and 'All' for that option BUT under 'File Scans' There is an option that says 'Skip Microsoft files' should I click that instead?

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Wed 16 Feb 2011, 12:26 pm

Yes please.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Wed 16 Feb 2011, 11:10 pm

2 OTL text files were created during the scan. I included the second one which was done after the scan was finished


OTL logfile created on: 2/16/2011 6:50:27 AM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 30.08 Gb Free Space | 40.37% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (6to4)
SRV - [2011/02/09 09:10:26 | 000,094,212 | ---- | M] () [Auto] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/31 11:05:46 | 000,619,872 | ---- | M] () [Auto] -- C:\Program Files\RALINK\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/11 11:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Program Files\RALINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/11/12 14:16:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/14 19:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/04 01:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2008/11/18 14:33:28 | 002,543,104 | ---- | M] (SolutionBox) [Disabled] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/08/15 02:33:44 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/08/15 02:33:40 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/08/15 02:33:36 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/08/15 02:33:24 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/06/23 16:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 16:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 16:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 16:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 16:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 16:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 16:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 16:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 16:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 16:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/12 13:03:58 | 000,070,656 | ---- | M] (SolutionBox) [File_System | On_Demand] -- C:\Program Files\Netdrive\ndfs.sys -- (ndfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 13:54:50 | 000,464,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/20 20:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810


IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/07 14:40:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [uyplcrxi] C:\WINDOWS\Temp\pmpycnxmc\oacqlkasika.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTER-C74F72.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\G_Man_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 07:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/05 09:14:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 07:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/11 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 10:31:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/09 09:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:04:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 08:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 19:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/08 19:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 15:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/08 15:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2011/02/08 15:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/08 14:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/08 14:52:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/07 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/05 16:43:07 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/02/05 16:43:07 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2011/02/05 16:43:07 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/02/05 16:43:07 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/02/05 16:43:07 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/02/05 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:46:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/05 10:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:20:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\SendTo
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Startup
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Accessories
[2011/02/05 10:20:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Cookies
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Templates
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Recent
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\PrintHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NetHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\My Documents
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Favorites
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Desktop
[2011/01/30 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 19:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\G Man\My Documents\My Pando Packages
[2011/01/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/29 08:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/25 06:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Utopia
[2011/01/25 06:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Project Justice
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/25 04:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive
[2011/01/20 02:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\Mr Burnz
[2011/01/19 15:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\MDocs
[2011/01/17 10:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\Downloads
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 10:13:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 09:10:26 | 000,094,212 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 09:41:04 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/09 14:14:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:06 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 01:07:42 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/08 09:41:04 | 105,700,181 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/05 16:43:07 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/02/05 16:43:07 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/02/05 16:43:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/02/05 16:43:07 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/02/05 16:42:35 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 10:39:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/05 10:20:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 10:20:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Windows Media Player.lnk
[2011/01/29 09:46:58 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:20:58 | 001,063,965 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.zip
[2011/01/25 06:20:58 | 000,006,167 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.nfo
[2011/01/25 06:20:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.sfv
[2011/01/25 06:01:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2010/09/10 18:25:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/10 18:25:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/10 18:25:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/10 18:25:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/22 12:44:58 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/05/25 12:59:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/11/26 21:09:56 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 10:26:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 23:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/16 23:58:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 23:58:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/16 23:58:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/16 23:58:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/16 23:58:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 21:06:40 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/11/16 12:43:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 15:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 15:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 14:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 20:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8
< End of report >
[2011/02/16 06:52:26 | 000,049,152 | -H-- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NTUSER.dat.LOG
[2011/02/16 06:50:16 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NTUSER.DAT
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\G Man\ntuser.dat.LOG
[2011/02/15 12:17:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2011/02/15 12:17:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/15 12:17:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\G Man\ntuser.ini
[2011/02/15 12:17:44 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\G Man\ntuser.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/13 05:41:04 | 000,004,676 | ---- | M] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/12 11:43:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
[2011/02/12 08:08:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
[2011/02/12 07:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/12 07:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/12 07:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 23:57:17 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/02/09 23:57:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/02/09 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Desktop
[2011/02/09 21:22:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\ntuser.ini
[2011/02/09 21:16:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\Start Menu\Programs\Startup
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 09:15:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft
[2011/02/09 09:15:24 | 000,000,000 | R--D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 09:15:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Netdrive
[2011/02/09 09:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/02/09 09:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 08:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 22:02:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:31:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 19:06:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G Man\Application Data
[2011/02/08 19:05:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\G Man\Cookies
[2011/02/08 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Adobe
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 16:16:09 | 000,070,064 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011/02/08 15:41:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\G Man\Recent
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:31 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\Outlook Express.lnk
[2011/02/08 15:21:31 | 000,000,234 | -HS- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\desktop.ini
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 15:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/02/08 15:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/02/08 15:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/08 15:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/02/08 15:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/08 14:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/02/08 14:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/02/08 14:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
[2011/02/08 12:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2011/02/08 12:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/02/08 12:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/02/08 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/08 00:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Local Settings\Application Data\Temp
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/02/06 20:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/02/05 16:42:34 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/05 16:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\RALINK
[2011/02/05 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:36:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 09:14:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\G Man\Application Data\Microsoft
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/01 16:49:22 | 004,945,632 | -H-- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\IconCache.db
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/30 19:57:29 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\My Documents
[2011/01/30 19:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/29 08:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
[2011/01/29 08:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\Start Menu
[2011/01/25 06:13:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\OnLive
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/01/17 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mozilla
[2011/01/06 00:49:56 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/04/09 15:25:49 | 000,069,288 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/16 20:58:14 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
[2009/11/16 20:57:28 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
[2009/11/16 12:42:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\G Man\Application Data\desktop.ini
[2009/11/16 12:42:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\desktop.ini
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 10:13:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 09:10:26 | 000,094,212 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 09:41:04 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8

< End of report >

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Thu 17 Feb 2011, 12:43 pm

Hello.

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [uyplcrxi] C:\WINDOWS\Temp\pmpycnxmc\oacqlkasika.exe ()
    [2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Fri 18 Feb 2011, 3:29 pm

Thanx!
It didn't produce a report but the computer started up windows normally when the disk was removed.. An avg scan removed 137 viruses (a personal best) but
1. I still have that google redirect virus and
2. The comp still won't load GeekPolice.com (unacceptable!) and probably some other sites

I also asked for better virus protection for free/cheap but AVG keeps getting best rank so I guess I'll keep it unless there is something else you can suggest

so In regards to those two remaining issues is it time to start a new thread??

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Sat 19 Feb 2011, 6:10 am

Wait scratch that- the comp is not loading windows normally again I'll repeat those steps I just wanted to let u know the problem persists so... I did the fix twice and it did not produce a report!

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Sat 19 Feb 2011, 12:55 pm

Okay boot OTLPE again and post a new log.
This time, if I issue you another OTLPE fix, don't do anything once you have performed it, then when the machine is boot again (hopefully), leave it be.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Sat 19 Feb 2011, 10:27 pm

Here it is:


OTL logfile created on: 2/19/2011 6:11:39 AM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.09 Gb Free Space | 44.42% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.56 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (DigiRefresh)
SRV - File not found [Auto] -- -- (6to4)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/31 11:05:46 | 000,619,872 | ---- | M] () [Auto] -- C:\Program Files\RALINK\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/11 11:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Program Files\RALINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/11/12 14:16:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/14 19:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/04 01:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2008/11/18 14:33:28 | 002,543,104 | ---- | M] (SolutionBox) [Disabled] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/08/15 02:33:44 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/08/15 02:33:40 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/08/15 02:33:36 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/08/15 02:33:24 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/06/23 16:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 16:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 16:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 16:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 16:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 16:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 16:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 16:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 16:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 16:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/12 13:03:58 | 000,070,656 | ---- | M] (SolutionBox) [File_System | On_Demand] -- C:\Program Files\Netdrive\ndfs.sys -- (ndfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 13:54:50 | 000,464,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/20 20:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810


IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/07 14:40:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {52794457-af6c-4c50-9def-f2e24f4c8889} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTER-C74F72.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\G_Man_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 07:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/05 09:14:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 21:51:23 | 002,193,408 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/02/16 21:44:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/12 07:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/11 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 22:52:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2011/02/09 09:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:04:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 08:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 19:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/08 19:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 15:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/08 15:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/08 14:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/08 14:52:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/07 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/05 16:43:07 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/02/05 16:43:07 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2011/02/05 16:43:07 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/02/05 16:43:07 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/02/05 16:43:07 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/02/05 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:46:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/05 10:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:20:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\SendTo
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Startup
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Accessories
[2011/02/05 10:20:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Cookies
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Templates
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Recent
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\PrintHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NetHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\My Documents
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Favorites
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Desktop
[2011/01/30 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 19:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\G Man\My Documents\My Pando Packages
[2011/01/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/29 08:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/25 06:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Utopia
[2011/01/25 06:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Project Justice
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/25 04:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive

========== Files - Modified Within 30 Days ==========

[2011/02/18 08:20:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/18 08:20:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/18 08:20:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/18 08:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 08:01:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/18 07:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/17 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/02/17 11:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/17 09:58:15 | 106,349,959 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/17 08:27:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/17 08:25:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/16 23:40:21 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/16 23:40:21 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/16 22:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/02 13:48:58 | 002,193,408 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk

========== Files Created - No Company Name ==========

[2011/02/17 09:58:15 | 106,349,959 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/09 01:07:42 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/08 07:52:46 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/05 16:43:07 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/02/05 16:43:07 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/02/05 16:43:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/02/05 16:43:07 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/02/05 16:42:35 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 10:39:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/05 10:20:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 10:20:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Windows Media Player.lnk
[2011/01/29 09:46:58 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:20:58 | 001,063,965 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.zip
[2011/01/25 06:20:58 | 000,006,167 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.nfo
[2011/01/25 06:20:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.sfv
[2011/01/25 06:01:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2010/09/10 18:25:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/10 18:25:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/10 18:25:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/10 18:25:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/22 12:44:58 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/05/25 12:59:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/11/26 21:09:56 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 10:26:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 23:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/16 23:58:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 23:58:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/16 23:58:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/16 23:58:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/16 23:58:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 21:06:40 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/11/16 12:43:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 15:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 15:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 14:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 20:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2010/05/25 13:00:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/17 23:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/17 08:27:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1137 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
< End of report >

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Sun 20 Feb 2011, 1:20 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {52794457-af6c-4c50-9def-f2e24f4c8889} - No CLSID value found.
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
    [2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Sun 20 Feb 2011, 3:37 pm

Haven't done anything but copy & paste the log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.

OTLPE by OldTimer - Version 3.1.44.3 log created on 02192011_233344

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Mon 21 Feb 2011, 10:41 am

Okay try loading the machine normally now, without booting OTLPE.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Mon 21 Feb 2011, 1:11 pm

Didn't work

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Tue 22 Feb 2011, 12:48 am

Things got weird..in safe mode, the computer started exhibiting more severe infection symptoms (fake antivirus scans, constant popups) and then suddenly went to the blue screen of death and then rebooted normally..
An AVG scan resolved one infection and it's been behaving normally ever since. I'm skeptical because it still doesn't load GeekPolice and I suspect other sites, and I haven't restarted it since because I suspect it will revert back to a safe mode only type of deal

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Belahzur on Tue 22 Feb 2011, 12:26 pm

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Wed 23 Feb 2011, 11:29 am

Er, just as I downloaded that my comp started showing serious symptoms again- fake antivirus, and it won't allow me to access services, selective start up, avg, or really any of the diagnostic type programs.. changed my desktop background..its really nasty. I have 'commy.exe' on the desktop but it won't open or be found through search

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by MiguelOhara on Wed 23 Feb 2011, 11:53 am

wait running 'commy' in safemode will post...

MiguelOhara

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2011-02-06
Operating System : XP Service Pack 2

View user profile

Back to top Go down

Re: Only Starts in Safemode /Better virus removal (Free?)

Post by Sponsored content Today at 5:54 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum