Only Starts in Safemode /Better virus removal (Free?)

Okay boot OTLPE again and post a new log.
This time, if I issue you another OTLPE fix, don't do anything once you have performed it, then when the machine is boot again (hopefully), leave it be.

Here it is:


OTL logfile created on: 2/19/2011 6:11:39 AM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.09 Gb Free Space | 44.42% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.56 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (DigiRefresh)
SRV - File not found [Auto] -- -- (6to4)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/31 11:05:46 | 000,619,872 | ---- | M] () [Auto] -- C:\Program Files\RALINK\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/11 11:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Program Files\RALINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/11/12 14:16:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/14 19:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/04 01:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2008/11/18 14:33:28 | 002,543,104 | ---- | M] (SolutionBox) [Disabled] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/08/15 02:33:44 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/08/15 02:33:40 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/08/15 02:33:36 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/08/15 02:33:24 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/06/23 16:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 16:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 16:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 16:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 16:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 16:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 16:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 16:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 16:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 16:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/12 13:03:58 | 000,070,656 | ---- | M] (SolutionBox) [File_System | On_Demand] -- C:\Program Files\Netdrive\ndfs.sys -- (ndfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 13:54:50 | 000,464,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/20 20:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810


IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/07 14:40:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {52794457-af6c-4c50-9def-f2e24f4c8889} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTER-C74F72.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\G_Man_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 07:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/05 09:14:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 21:51:23 | 002,193,408 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/02/16 21:44:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/12 07:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/11 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 22:52:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2011/02/09 09:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:04:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 08:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 19:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/08 19:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 15:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/08 15:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/08 14:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/08 14:52:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/07 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/05 16:43:07 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/02/05 16:43:07 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2011/02/05 16:43:07 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/02/05 16:43:07 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/02/05 16:43:07 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/02/05 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:46:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/05 10:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:20:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\SendTo
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Startup
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Accessories
[2011/02/05 10:20:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Cookies
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Templates
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Recent
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\PrintHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NetHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\My Documents
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Favorites
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Desktop
[2011/01/30 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 19:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\G Man\My Documents\My Pando Packages
[2011/01/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/29 08:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/25 06:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Utopia
[2011/01/25 06:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Project Justice
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/25 04:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive

========== Files - Modified Within 30 Days ==========

[2011/02/18 08:20:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/18 08:20:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/18 08:20:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/18 08:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 08:01:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/18 07:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/17 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/02/17 11:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/17 09:58:15 | 106,349,959 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/17 08:27:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/17 08:25:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/16 23:40:21 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/16 23:40:21 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/16 22:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/02 13:48:58 | 002,193,408 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk

========== Files Created - No Company Name ==========

[2011/02/17 09:58:15 | 106,349,959 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/09 01:07:42 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/08 07:52:46 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/05 16:43:07 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/02/05 16:43:07 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/02/05 16:43:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/02/05 16:43:07 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/02/05 16:42:35 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 10:39:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/05 10:20:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 10:20:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Windows Media Player.lnk
[2011/01/29 09:46:58 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:20:58 | 001,063,965 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.zip
[2011/01/25 06:20:58 | 000,006,167 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.nfo
[2011/01/25 06:20:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.sfv
[2011/01/25 06:01:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2010/09/10 18:25:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/10 18:25:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/10 18:25:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/10 18:25:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/22 12:44:58 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/05/25 12:59:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/11/26 21:09:56 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 10:26:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 23:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/16 23:58:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 23:58:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/16 23:58:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/16 23:58:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/16 23:58:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 21:06:40 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/11/16 12:43:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 15:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 15:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 14:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 20:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2010/05/25 13:00:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/17 23:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/17 08:27:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1137 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - {52794457-af6c-4c50-9def-f2e24f4c8889} - No CLSID value found.
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
  [2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Haven't done anything but copy & paste the log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.

OTLPE by OldTimer - Version 3.1.44.3 log created on 02192011_233344

Okay try loading the machine normally now, without booting OTLPE.

Didn't work

Things got weird..in safe mode, the computer started exhibiting more severe infection symptoms (fake antivirus scans, constant popups) and then suddenly went to the blue screen of death and then rebooted normally..
An AVG scan resolved one infection and it's been behaving normally ever since. I'm skeptical because it still doesn't load GeekPolice and I suspect other sites, and I haven't restarted it since because I suspect it will revert back to a safe mode only type of deal

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Er, just as I downloaded that my comp started showing serious symptoms again- fake antivirus, and it won't allow me to access services, selective start up, avg, or really any of the diagnostic type programs.. changed my desktop background..its really nasty. I have 'commy.exe' on the desktop but it won't open or be found through search

wait running 'commy' in safemode will post...

Okay.

Ok the files I get from bleeping computer get error'd as corrupted files and won't run. I got a list of sites that are not affiliated with bleeping computer and my computer is redirecting every time I try to get this download, and its all made worse by my now non existent anti-virus since I was told to take it out by combofix....so thats pretty much where I'm stuck at now

It looks like its fixed!! The test was 'can it go to GeekPolice' (that was one of the sites this comp strangely wouldn't go to) the results are below I'm waiting for your response before I get all excited..


\ComboFix 11-02-24.01 - G Man 02/24/2011 16:32:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2816 [GMT -5:00]
Running from: c:\documents and settings\G Man\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\nDeOlMd06504
c:\documents and settings\All Users.WINDOWS\Application Data\nDeOlMd06504\nDeOlMd06504
c:\documents and settings\All Users.WINDOWS\Application Data\nDeOlMd06504\nDeOlMd06504.exe
c:\documents and settings\G Man\Application Data\Adobe\plugs
c:\documents and settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
c:\documents and settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239\enemies-names.txt
c:\documents and settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239\local.ini
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}\chrome\content\_cfg.js
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}\chrome\content\overlay.xul
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}\install.rdf
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\dtx.ini
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\exeArgs.xml
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\guid.dat
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\setupCfg.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\addins\addins
E:\AUTORUN.INF

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-21 02:48 . 2011-02-21 03:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\jAaIbOf15405
2011-02-17 02:51 . 2011-02-02 18:48 2193408 ----a-r- C:\OTLPE.exe
2011-02-17 02:44 . 2011-02-17 02:44 -------- d-----w- C:\_OTL
2011-02-11 07:18 . 2011-02-11 07:18 -------- d-----w- c:\program files\Quick Web Player
2011-02-09 15:31 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-02-09 15:31 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-02-09 15:31 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-02-09 15:31 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IECompatCache
2011-02-09 13:58 . 2011-02-09 14:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-02-09 07:10 . 2011-02-09 07:10 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\scripting
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\bits
2011-02-08 20:00 . 2011-02-08 20:07 -------- d-----w- c:\windows\system32\en
2011-02-08 20:00 . 2011-02-08 20:00 -------- d-----w- c:\windows\l2schemas
2011-02-05 21:43 . 2011-01-18 19:48 144736 ----a-w- c:\windows\system32\RalinkGina.dll
2011-02-05 21:43 . 2010-10-07 16:54 2168160 ----a-w- c:\windows\system32\Scutum.dll
2011-02-05 21:43 . 2010-07-01 22:29 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2011-02-05 21:43 . 2010-07-01 22:09 185696 ----a-w- c:\windows\system32\W32N55.dll
2011-02-05 21:43 . 2010-06-29 15:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2011-02-05 21:43 . 2009-11-13 18:42 34080 ----a-w- c:\windows\system32\CTAAEI.dll
2011-02-05 21:43 . 2009-04-21 20:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-02-05 21:42 . 2011-02-05 21:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ralink Driver
2011-02-05 15:20 . 2011-02-05 15:39 -------- d-----w- c:\documents and settings\Administrator.COMPUTER-C74F72.000
2011-01-31 00:55 . 2011-01-31 00:55 -------- d-----w- c:\program files\Pando Networks
2011-01-29 13:44 . 2011-01-29 13:44 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-12-8 303104]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-9-10 114688]
Microsoft Office.lnk - e:\toolz\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-11-4 11474272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2010-07-26 17:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=Digi32.dll
"MIDI1"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WhiteSmoke Writer 2010+.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WhiteSmoke Writer 2010+.lnk
backup=c:\windows\pss\WhiteSmoke Writer 2010+.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G Man^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\documents and settings\G Man\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 16:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-17 18:19 136176 ----atw- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- c:\documents and settings\G Man\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netdrive]
c:\program files\Netdrive\Netdrive.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Common Files\Java\Java Update\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ndsvc"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\G Man\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [11/12/2009 1:53 PM 16400]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2/5/2011 4:43 PM 19072]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [11/12/2009 1:53 PM 97808]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [11/12/2009 1:53 PM 21648]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [11/12/2009 1:53 PM 21904]
S2 RaMediaServer;Ralink UPnP Media Server;c:\program files\RALINK\Common\RaMediaServer.exe [2/5/2011 4:43 PM 619872]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/12/2009 2:16 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
S3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [11/12/2008 1:03 PM 70656]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 8:01 PM 136176]
S4 ndsvc;NetDrive Service;c:\program files\Netdrive\ndsvc.exe [11/18/2008 2:33 PM 2543104]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-19 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - e:\toolz\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AVS Video Editor 4_is1 - e:\$avg\AVSVideoEditor\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\jscript.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Citrix\GoToMyPC\g2svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\RALINK\Common\RaRegistry.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Completion time: 2011-02-24 16:50:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 21:50

Pre-Run: 36,425,592,832 bytes free
Post-Run: 36,378,390,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8B2D4445647CF25E669947B28519F40F

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Digidesign\Drivers\MMERefresh .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Netdrive\Netdrive .exe
c:\program files\QuickTime\qttask                                                                                                                                .exe
c:\windows\system32\CTHELPER .exe

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Here it is:

ComboFix 11-02-24.01 - G Man 02/24/2011 21:15:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2756 [GMT -5:00]
Running from: c:\documents and settings\G Man\Desktop\commy.exe
Command switches used :: c:\documents and settings\G Man\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-21 02:48 . 2011-02-21 03:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\jAaIbOf15405
2011-02-17 02:51 . 2011-02-02 18:48 2193408 ----a-r- C:\OTLPE.exe
2011-02-17 02:44 . 2011-02-17 02:44 -------- d-----w- C:\_OTL
2011-02-11 07:18 . 2011-02-11 07:18 -------- d-----w- c:\program files\Quick Web Player
2011-02-09 15:31 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-02-09 15:31 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-02-09 15:31 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-02-09 15:31 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IECompatCache
2011-02-09 13:58 . 2011-02-09 14:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-02-09 07:10 . 2011-02-09 07:10 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\scripting
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\bits
2011-02-08 20:00 . 2011-02-08 20:07 -------- d-----w- c:\windows\system32\en
2011-02-08 20:00 . 2011-02-08 20:00 -------- d-----w- c:\windows\l2schemas
2011-02-05 21:43 . 2011-01-18 19:48 144736 ----a-w- c:\windows\system32\RalinkGina.dll
2011-02-05 21:43 . 2010-10-07 16:54 2168160 ----a-w- c:\windows\system32\Scutum.dll
2011-02-05 21:43 . 2010-07-01 22:29 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2011-02-05 21:43 . 2010-07-01 22:09 185696 ----a-w- c:\windows\system32\W32N55.dll
2011-02-05 21:43 . 2010-06-29 15:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2011-02-05 21:43 . 2009-11-13 18:42 34080 ----a-w- c:\windows\system32\CTAAEI.dll
2011-02-05 21:43 . 2009-04-21 20:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-02-05 21:42 . 2011-02-05 21:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ralink Driver
2011-02-05 15:20 . 2011-02-05 15:39 -------- d-----w- c:\documents and settings\Administrator.COMPUTER-C74F72.000
2011-01-31 00:55 . 2011-01-31 00:55 -------- d-----w- c:\program files\Pando Networks
2011-01-29 13:44 . 2011-01-29 13:44 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-12-8 303104]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-9-10 114688]
Microsoft Office.lnk - e:\toolz\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-11-4 11474272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2010-07-26 17:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=Digi32.dll
"MIDI1"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WhiteSmoke Writer 2010+.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WhiteSmoke Writer 2010+.lnk
backup=c:\windows\pss\WhiteSmoke Writer 2010+.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G Man^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\documents and settings\G Man\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 16:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2009-06-23 19:48 19456 ----a-w- c:\windows\system32\CTHELPER.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-17 18:19 136176 ----atw- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- c:\documents and settings\G Man\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netdrive]
2008-11-18 19:17 3089408 ----a-w- c:\program files\Netdrive\Netdrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ndsvc"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\G Man\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [11/12/2009 1:53 PM 16400]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2/5/2011 4:43 PM 19072]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [11/12/2009 1:53 PM 97808]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [11/12/2009 1:53 PM 21648]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [11/12/2009 1:53 PM 21904]
S2 RaMediaServer;Ralink UPnP Media Server;c:\program files\RALINK\Common\RaMediaServer.exe [2/5/2011 4:43 PM 619872]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/12/2009 2:16 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
S3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [11/12/2008 1:03 PM 70656]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 8:01 PM 136176]
S4 ndsvc;NetDrive Service;c:\program files\Netdrive\ndsvc.exe [11/18/2008 2:33 PM 2543104]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-19 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - e:\toolz\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-24 21:23:59
ComboFix-quarantined-files.txt 2011-02-25 02:23
ComboFix2.txt 2011-02-24 21:50

Pre-Run: 35,882,491,904 bytes free
Post-Run: 35,860,574,208 bytes free

- - End Of File - - 28F42B7433BFC7D40FECBD6847A63F3F