GeekPolice Tech TutorialsLog in

 


Only Starts in Safemode /Better virus removal (Free?)

Share

descriptionOnly Starts in Safemode /Better virus removal (Free?)

more_horiz
Ok I originally posted this in another forum but was told I should post here in 'Malware' so I'll recap w/ some of the original language:

Sup ppl,

I been using AVG and it's usually adequate but I've been attacked again and I don't see how good it is if viruses keep getting thru to where my system is disabled (my desktop only starts in safemode) I'm running XP so I kind of suspect since I'm running an older OS I'm more vulnerable to this sort of thing (advice) I'm not cheap, I'm broke so is there something that I can use to restore my computer? I'm on with safemode networking and I'll download what sounds good. I just installed SP3 and I've already tried
Correct Boot INI settings
Disabled system restore
Uninstalled/reinstalled AVG
Removed suspect programs

Having redirect issues as well

Some direction will be greatly appreciated

AFTER THAT I THINK I RID MYSELF OF THE VIRUS (it's been 48+ hrs no signs) I WAS GIVEN SOME CODE AND TOLD TO DOWNLOAD OTL BUT....

Trying to get OTL on my comp but cant:

Safemode w/ Networking not letting me go to GeekPolice for some reason, same thing with google search results (i think it has to do with the .net site extension)

Safemode not reading my USB Drive
Email won't allow me to send executable files

just a reminder my comp won't start regularly
Any other way I can get this file on the comp?

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
My comp won't go to any site with OTL in the title

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try downloading OTL now.

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
So sorry I'm just getting to this (midterms) I will attempt this shortly by morning

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Okay, standing by.

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
okthe computer won't go to rkill.com either

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
I can see how this sounds crazy but I really don't know why the computer wont go to the sites that have been suggested to me and I can't email the downloaded file and I can't transfer it via flash drive I don't know what to do

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Okay lets try a boot disc, you may need to download & burn this from another machine.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Running OTL and up to 'Drivers'- It only has 'None', 'Use Safelist' and 'All' for that option BUT under 'File Scans' There is an option that says 'Skip Microsoft files' should I click that instead?

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Yes please.

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
2 OTL text files were created during the scan. I included the second one which was done after the scan was finished


OTL logfile created on: 2/16/2011 6:50:27 AM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 30.08 Gb Free Space | 40.37% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (6to4)
SRV - [2011/02/09 09:10:26 | 000,094,212 | ---- | M] () [Auto] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/31 11:05:46 | 000,619,872 | ---- | M] () [Auto] -- C:\Program Files\RALINK\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/11 11:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Program Files\RALINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/11/12 14:16:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/14 19:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/04 01:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2008/11/18 14:33:28 | 002,543,104 | ---- | M] (SolutionBox) [Disabled] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/08/15 02:33:44 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/08/15 02:33:40 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/08/15 02:33:36 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/08/15 02:33:24 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/06/23 16:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 16:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 16:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 16:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 16:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 16:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 16:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 16:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 16:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 16:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/12 13:03:58 | 000,070,656 | ---- | M] (SolutionBox) [File_System | On_Demand] -- C:\Program Files\Netdrive\ndfs.sys -- (ndfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 13:54:50 | 000,464,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/20 20:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810


IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/07 14:40:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [uyplcrxi] C:\WINDOWS\Temp\pmpycnxmc\oacqlkasika.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTER-C74F72.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\G_Man_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 07:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/05 09:14:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 07:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/11 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 10:31:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/09 09:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:04:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 08:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 19:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/08 19:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 15:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/08 15:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2011/02/08 15:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/08 14:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/08 14:52:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/07 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/05 16:43:07 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/02/05 16:43:07 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2011/02/05 16:43:07 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/02/05 16:43:07 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/02/05 16:43:07 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/02/05 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:46:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/05 10:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:20:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\SendTo
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Startup
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Accessories
[2011/02/05 10:20:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Cookies
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Templates
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Recent
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\PrintHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NetHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\My Documents
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Favorites
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Desktop
[2011/01/30 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 19:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\G Man\My Documents\My Pando Packages
[2011/01/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/29 08:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/25 06:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Utopia
[2011/01/25 06:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Project Justice
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/25 04:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive
[2011/01/20 02:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\Mr Burnz
[2011/01/19 15:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\MDocs
[2011/01/17 10:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\Downloads
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 10:13:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 09:10:26 | 000,094,212 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 09:41:04 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/09 14:14:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:06 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 01:07:42 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/08 09:41:04 | 105,700,181 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/05 16:43:07 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/02/05 16:43:07 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/02/05 16:43:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/02/05 16:43:07 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/02/05 16:42:35 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 10:39:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/05 10:20:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 10:20:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Windows Media Player.lnk
[2011/01/29 09:46:58 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:20:58 | 001,063,965 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.zip
[2011/01/25 06:20:58 | 000,006,167 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.nfo
[2011/01/25 06:20:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.sfv
[2011/01/25 06:01:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2010/09/10 18:25:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/10 18:25:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/10 18:25:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/10 18:25:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/22 12:44:58 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/05/25 12:59:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/11/26 21:09:56 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 10:26:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 23:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/16 23:58:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 23:58:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/16 23:58:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/16 23:58:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/16 23:58:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 21:06:40 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/11/16 12:43:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 15:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 15:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 14:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 20:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8
< End of report >
[2011/02/16 06:52:26 | 000,049,152 | -H-- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NTUSER.dat.LOG
[2011/02/16 06:50:16 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NTUSER.DAT
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\G Man\ntuser.dat.LOG
[2011/02/15 12:17:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2011/02/15 12:17:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/15 12:17:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\G Man\ntuser.ini
[2011/02/15 12:17:44 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\G Man\ntuser.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/13 05:41:04 | 000,004,676 | ---- | M] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/12 11:43:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
[2011/02/12 08:08:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
[2011/02/12 07:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/12 07:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/12 07:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 23:57:17 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/02/09 23:57:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/02/09 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Desktop
[2011/02/09 21:22:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\ntuser.ini
[2011/02/09 21:16:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\Start Menu\Programs\Startup
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 09:15:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft
[2011/02/09 09:15:24 | 000,000,000 | R--D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 09:15:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Netdrive
[2011/02/09 09:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/02/09 09:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 08:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 22:02:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:31:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 19:06:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G Man\Application Data
[2011/02/08 19:05:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\G Man\Cookies
[2011/02/08 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Adobe
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 16:16:09 | 000,070,064 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011/02/08 15:41:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\G Man\Recent
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:31 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\Outlook Express.lnk
[2011/02/08 15:21:31 | 000,000,234 | -HS- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\desktop.ini
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 15:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/02/08 15:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/02/08 15:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/08 15:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/02/08 15:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/08 14:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/02/08 14:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/02/08 14:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
[2011/02/08 12:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2011/02/08 12:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/02/08 12:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/02/08 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/08 00:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Local Settings\Application Data\Temp
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/02/06 20:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/02/05 16:42:34 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/05 16:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\RALINK
[2011/02/05 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:36:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 09:14:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\G Man\Application Data\Microsoft
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/01 16:49:22 | 004,945,632 | -H-- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\IconCache.db
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/30 19:57:29 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\My Documents
[2011/01/30 19:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/29 08:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
[2011/01/29 08:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\Start Menu
[2011/01/25 06:13:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\OnLive
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/01/17 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mozilla
[2011/01/06 00:49:56 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/04/09 15:25:49 | 000,069,288 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/16 20:58:14 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
[2009/11/16 20:57:28 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
[2009/11/16 12:42:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\G Man\Application Data\desktop.ini
[2009/11/16 12:42:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\desktop.ini
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 10:13:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 09:10:26 | 000,094,212 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 09:41:04 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8

< End of report >

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Hello.

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [uyplcrxi] C:\WINDOWS\Temp\pmpycnxmc\oacqlkasika.exe ()
    [2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Thanx!
It didn't produce a report but the computer started up windows normally when the disk was removed.. An avg scan removed 137 viruses (a personal best) but
1. I still have that google redirect virus and
2. The comp still won't load GeekPolice.com (unacceptable!) and probably some other sites

I also asked for better virus protection for free/cheap but AVG keeps getting best rank so I guess I'll keep it unless there is something else you can suggest

so In regards to those two remaining issues is it time to start a new thread??

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Wait scratch that- the comp is not loading windows normally again I'll repeat those steps I just wanted to let u know the problem persists so... I did the fix twice and it did not produce a report!

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum