Only Starts in Safemode /Better virus removal (Free?)

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Only Starts in Safemode /Better virus removal (Free?)10th February 2011, 9:37 pm

Ok I originally posted this in another forum but was told I should post here in 'Malware' so I'll recap w/ some of the original language:

Sup ppl,

I been using AVG and it's usually adequate but I've been attacked again and I don't see how good it is if viruses keep getting thru to where my system is disabled (my desktop only starts in safemode) I'm running XP so I kind of suspect since I'm running an older OS I'm more vulnerable to this sort of thing (advice) I'm not cheap, I'm broke so is there something that I can use to restore my computer? I'm on with safemode networking and I'll download what sounds good. I just installed SP3 and I've already tried
Correct Boot INI settings
Disabled system restore
Uninstalled/reinstalled AVG
Removed suspect programs

Having redirect issues as well

Some direction will be greatly appreciated

AFTER THAT I THINK I RID MYSELF OF THE VIRUS (it's been 48+ hrs no signs) I WAS GIVEN SOME CODE AND TOLD TO DOWNLOAD OTL BUT....

Trying to get OTL on my comp but cant:

Safemode w/ Networking not letting me go to GeekPolice for some reason, same thing with google search results (i think it has to do with the .net site extension)

Safemode not reading my USB Drive
Email won't allow me to send executable files

just a reminder my comp won't start regularly
Any other way I can get this file on the comp?

Re: Only Starts in Safemode /Better virus removal (Free?)11th February 2011, 12:07 am

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: Only Starts in Safemode /Better virus removal (Free?)11th February 2011, 8:13 am

My comp won't go to any site with OTL in the title

Re: Only Starts in Safemode /Better virus removal (Free?)11th February 2011, 6:29 pm

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

Please Download Rkill.com. Save it to your Desktop.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try downloading OTL now.

Re: Only Starts in Safemode /Better virus removal (Free?)13th February 2011, 5:43 am

So sorry I'm just getting to this (midterms) I will attempt this shortly by morning

Re: Only Starts in Safemode /Better virus removal (Free?)14th February 2011, 2:31 am

Okay, standing by.

Re: Only Starts in Safemode /Better virus removal (Free?)14th February 2011, 3:34 pm

okthe computer won't go to rkill.com either

Re: Only Starts in Safemode /Better virus removal (Free?)14th February 2011, 8:30 pm

I can see how this sounds crazy but I really don't know why the computer wont go to the sites that have been suggested to me and I can't email the downloaded file and I can't transfer it via flash drive I don't know what to do

Re: Only Starts in Safemode /Better virus removal (Free?)15th February 2011, 1:23 am

Okay lets try a boot disc, you may need to download & burn this from another machine.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings

Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Re: Only Starts in Safemode /Better virus removal (Free?)15th February 2011, 5:31 pm

Running OTL and up to 'Drivers'- It only has 'None', 'Use Safelist' and 'All' for that option BUT under 'File Scans' There is an option that says 'Skip Microsoft files' should I click that instead?

Re: Only Starts in Safemode /Better virus removal (Free?)16th February 2011, 1:26 am

Yes please.

Re: Only Starts in Safemode /Better virus removal (Free?)16th February 2011, 12:10 pm

2 OTL text files were created during the scan. I included the second one which was done after the scan was finished

OTL logfile created on: 2/16/2011 6:50:27 AM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 30.08 Gb Free Space | 40.37% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (6to4)
SRV - [2011/02/09 09:10:26 | 000,094,212 | ---- | M] () [Auto] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/31 11:05:46 | 000,619,872 | ---- | M] () [Auto] -- C:\Program Files\RALINK\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/11 11:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Program Files\RALINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/11/12 14:16:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/14 19:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/04 01:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2008/11/18 14:33:28 | 002,543,104 | ---- | M] (SolutionBox) [Disabled] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/08/15 02:33:44 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/08/15 02:33:40 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/08/15 02:33:36 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/08/15 02:33:24 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/06/23 16:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 16:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 16:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 16:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 16:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 16:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 16:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 16:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 16:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 16:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/12 13:03:58 | 000,070,656 | ---- | M] (SolutionBox) [File_System | On_Demand] -- C:\Program Files\Netdrive\ndfs.sys -- (ndfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 13:54:50 | 000,464,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/20 20:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810

IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/07 14:40:28 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [uyplcrxi] C:\WINDOWS\Temp\pmpycnxmc\oacqlkasika.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTER-C74F72.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\G_Man_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 07:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/05 09:14:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 07:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/11 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 10:31:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/09 09:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:04:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 08:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 19:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/08 19:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 15:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/08 15:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2011/02/08 15:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/08 14:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/08 14:52:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/07 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/05 16:43:07 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/02/05 16:43:07 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2011/02/05 16:43:07 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/02/05 16:43:07 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/02/05 16:43:07 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/02/05 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:46:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/05 10:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:20:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\SendTo
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Startup
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Accessories
[2011/02/05 10:20:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Cookies
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Templates
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Recent
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\PrintHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NetHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\My Documents
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Favorites
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Desktop
[2011/01/30 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 19:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\G Man\My Documents\My Pando Packages
[2011/01/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/29 08:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/25 06:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Utopia
[2011/01/25 06:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Project Justice
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/25 04:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive
[2011/01/20 02:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\Mr Burnz
[2011/01/19 15:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\MDocs
[2011/01/17 10:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Desktop\Downloads
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 10:13:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 09:10:26 | 000,094,212 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 09:41:04 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/09 14:14:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:06 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 01:07:42 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/08 09:41:04 | 105,700,181 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/05 16:43:07 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/02/05 16:43:07 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/02/05 16:43:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/02/05 16:43:07 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/02/05 16:42:35 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 10:39:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/05 10:20:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 10:20:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Windows Media Player.lnk
[2011/01/29 09:46:58 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:20:58 | 001,063,965 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.zip
[2011/01/25 06:20:58 | 000,006,167 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.nfo
[2011/01/25 06:20:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.sfv
[2011/01/25 06:01:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2010/09/10 18:25:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/10 18:25:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/10 18:25:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/10 18:25:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/22 12:44:58 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/05/25 12:59:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/11/26 21:09:56 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 10:26:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 23:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/16 23:58:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 23:58:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/16 23:58:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/16 23:58:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/16 23:58:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 21:06:40 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/11/16 12:43:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 15:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 15:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 14:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 20:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8
< End of report >
[2011/02/16 06:52:26 | 000,049,152 | -H-- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NTUSER.dat.LOG
[2011/02/16 06:50:16 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NTUSER.DAT
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG
[2011/02/16 06:40:13 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\G Man\ntuser.dat.LOG
[2011/02/15 12:17:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2011/02/15 12:17:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/15 12:17:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\G Man\ntuser.ini
[2011/02/15 12:17:44 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\G Man\ntuser.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/13 05:41:04 | 000,004,676 | ---- | M] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/12 11:43:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
[2011/02/12 08:08:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
[2011/02/12 07:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/12 07:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/12 07:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 23:57:17 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/02/09 23:57:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/02/09 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Desktop
[2011/02/09 21:22:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\ntuser.ini
[2011/02/09 21:16:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\Start Menu\Programs\Startup
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 09:15:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft
[2011/02/09 09:15:24 | 000,000,000 | R--D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 09:15:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Netdrive
[2011/02/09 09:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/02/09 09:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 08:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 22:02:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:31:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 19:06:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G Man\Application Data
[2011/02/08 19:05:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\G Man\Cookies
[2011/02/08 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Adobe
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 16:16:09 | 000,070,064 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011/02/08 15:41:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\G Man\Recent
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:31 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\Outlook Express.lnk
[2011/02/08 15:21:31 | 000,000,234 | -HS- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\desktop.ini
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\G Man\Start Menu\Programs\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 15:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/02/08 15:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/02/08 15:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/08 15:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/02/08 15:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/08 14:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/02/08 14:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/02/08 14:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
[2011/02/08 12:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2011/02/08 12:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/02/08 12:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/02/08 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/08 00:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Local Settings\Application Data\Temp
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/02/06 20:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/02/05 16:42:34 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/05 16:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\RALINK
[2011/02/05 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:36:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 09:14:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\G Man\Application Data\Microsoft
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/01 16:49:22 | 004,945,632 | -H-- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\IconCache.db
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/30 19:57:29 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\My Documents
[2011/01/30 19:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/29 08:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
[2011/01/29 08:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | R--D | M] -- C:\Documents and Settings\G Man\Start Menu
[2011/01/25 06:13:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\OnLive
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/01/17 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mozilla
[2011/01/06 00:49:56 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/04/09 15:25:49 | 000,069,288 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/16 20:58:14 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
[2009/11/16 20:57:28 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
[2009/11/16 12:42:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\G Man\Application Data\desktop.ini
[2009/11/16 12:42:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\desktop.ini
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 12:17:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 10:13:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 07:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll
[2011/02/09 09:10:26 | 000,094,212 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/08 19:32:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 19:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 18:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 09:41:04 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/08 00:34:45 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/08 00:34:45 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/27 11:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2011/01/19 15:50:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\MP Navigator 3.0 (2).lnk
[2011/01/18 18:28:48 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\NetDrive.lnk
[2011/01/18 14:48:50 | 000,144,736 | ---- | M] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/08 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/08 15:34:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8

< End of report >

Re: Only Starts in Safemode /Better virus removal (Free?)17th February 2011, 1:43 am

Hello.

Please run OTLPE.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [uyplcrxi] C:\WINDOWS\Temp\pmpycnxmc\oacqlkasika.exe ()
[2011/02/09 14:30:42 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/09 14:14:13 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/09 14:14:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/09 14:14:04 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\cisvcy.dll

:commands
[emptytemp]
[reboot]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Only Starts in Safemode /Better virus removal (Free?)18th February 2011, 4:29 am

Thanx!
It didn't produce a report but the computer started up windows normally when the disk was removed.. An avg scan removed 137 viruses (a personal best) but
1. I still have that google redirect virus and
2. The comp still won't load GeekPolice.com (unacceptable!) and probably some other sites

I also asked for better virus protection for free/cheap but AVG keeps getting best rank so I guess I'll keep it unless there is something else you can suggest

so In regards to those two remaining issues is it time to start a new thread??

Re: Only Starts in Safemode /Better virus removal (Free?)18th February 2011, 7:10 pm

Wait scratch that- the comp is not loading windows normally again I'll repeat those steps I just wanted to let u know the problem persists so... I did the fix twice and it did not produce a report!

Re: Only Starts in Safemode /Better virus removal (Free?)19th February 2011, 1:55 am

Okay boot OTLPE again and post a new log.
This time, if I issue you another OTLPE fix, don't do anything once you have performed it, then when the machine is boot again (hopefully), leave it be.

Re: Only Starts in Safemode /Better virus removal (Free?)19th February 2011, 11:27 am

Here it is:

OTL logfile created on: 2/19/2011 6:11:39 AM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.09 Gb Free Space | 44.42% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.56 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (DigiRefresh)
SRV - File not found [Auto] -- -- (6to4)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/31 11:05:46 | 000,619,872 | ---- | M] () [Auto] -- C:\Program Files\RALINK\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/11 11:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Program Files\RALINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/11/12 14:16:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/14 19:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/04 01:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2008/11/18 14:33:28 | 002,543,104 | ---- | M] (SolutionBox) [Disabled] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/08/15 02:33:44 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/08/15 02:33:40 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/08/15 02:33:36 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/08/15 02:33:24 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/06/23 16:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 16:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 16:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 16:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 16:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 16:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 16:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 16:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 16:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 16:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 16:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 16:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 16:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 16:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/12 13:03:58 | 000,070,656 | ---- | M] (SolutionBox) [File_System | On_Demand] -- C:\Program Files\Netdrive\ndfs.sys -- (ndfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 13:54:50 | 000,464,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/20 20:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810

IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\G_Man_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\G_Man_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/07 14:40:28 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {52794457-af6c-4c50-9def-f2e24f4c8889} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\G_Man_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTER-C74F72.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\G_Man_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 07:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/05 09:14:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 21:51:23 | 002,193,408 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/02/16 21:44:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/12 07:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Real
[2011/02/11 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/11 02:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/02/10 07:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2011/02/09 22:52:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2011/02/09 09:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2011/02/09 09:15:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IECompatCache
[2011/02/09 09:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
[2011/02/09 09:04:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2011/02/09 08:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2011/02/09 02:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
[2011/02/09 02:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2011/02/09 02:10:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2011/02/08 19:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun
[2011/02/08 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2011/02/08 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2011/02/08 19:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2011/02/08 15:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/08 15:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/08 15:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/08 14:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/08 14:52:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/07 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/05 16:43:07 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/02/05 16:43:07 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2011/02/05 16:43:07 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/02/05 16:43:07 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/02/05 16:43:07 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/02/05 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\InstallShield
[2011/02/05 10:46:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/05 10:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\IETldCache
[2011/02/05 10:20:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\SendTo
[2011/02/05 10:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Application Data
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Startup
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu
[2011/02/05 10:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Accessories
[2011/02/05 10:20:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Cookies
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Templates
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Recent
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\PrintHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\NetHood
[2011/02/05 10:20:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\My Documents
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Local Settings\Application Data\Microsoft
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Favorites
[2011/02/05 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Desktop
[2011/01/30 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 19:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\G Man\My Documents\My Pando Packages
[2011/01/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/29 08:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
[2011/01/25 06:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Utopia
[2011/01/25 06:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\My Documents\Project Justice
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Start Menu\Programs\WinRAR
[2011/01/25 06:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\WinRAR
[2011/01/25 06:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/25 04:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2011/01/25 04:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive

========== Files - Modified Within 30 Days ==========

[2011/02/18 08:20:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-100A1102}.rfx
[2011/02/18 08:20:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/18 08:20:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/18 08:20:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/18 08:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 08:01:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/18 07:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
[2011/02/17 21:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
[2011/02/17 11:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/17 09:58:15 | 106,349,959 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/17 08:27:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/17 08:25:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/16 23:40:21 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Google Chrome.lnk
[2011/02/16 23:40:21 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/16 22:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 23:57:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.CDF
[2011/02/08 19:30:48 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-100A1102}.BAK
[2011/02/08 15:23:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/08 15:23:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/08 15:21:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\G Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/08 15:17:58 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 14:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/08 07:52:46 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/02 13:48:58 | 002,193,408 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/01/30 20:04:36 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 09:46:58 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:01:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk

========== Files Created - No Company Name ==========

[2011/02/17 09:58:15 | 106,349,959 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/09 01:07:42 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\G Man\avgrep.txt
[2011/02/08 07:52:46 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Shortcut to Display.lnk
[2011/02/05 16:43:07 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/02/05 16:43:07 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/02/05 16:43:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/02/05 16:43:07 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/02/05 16:42:35 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 10:39:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\avgrep.txt
[2011/02/05 10:20:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 10:20:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER-C74F72.000\Start Menu\Programs\Windows Media Player.lnk
[2011/01/29 09:46:58 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\Run Commands.rtf
[2011/01/25 06:20:58 | 001,063,965 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.zip
[2011/01/25 06:20:58 | 000,006,167 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.nfo
[2011/01/25 06:20:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\G Man\My Documents\utp-load.sfv
[2011/01/25 06:01:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\G Man\Desktop\WhiteSmoke (continue installation).lnk
[2010/09/10 18:25:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/10 18:25:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/10 18:25:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/10 18:25:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/10 18:25:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/22 12:44:58 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\G Man\ws_ext.log
[2010/05/25 12:59:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/11/26 21:09:56 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\G Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 10:26:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 23:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/16 23:58:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 23:58:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/16 23:58:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/16 23:58:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/16 23:58:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 21:06:40 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/11/16 12:43:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 15:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 15:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 14:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 20:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2010/05/25 13:00:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2010/10/13 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\AVG10
[2010/01/24 17:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Canon
[2011/02/17 23:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Digidesign
[2011/02/08 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
[2010/09/10 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\InterVideo
[2009/11/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Leadertech
[2011/01/28 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\LimeWire
[2010/11/29 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Meebo
[2010/12/18 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Mp3tag
[2010/01/08 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NCH Swift Sound
[2011/01/18 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\NetDrive
[2011/01/25 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\OnLive App
[2010/01/13 09:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Opera
[2009/11/17 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\PACE Anti-Piracy
[2009/12/23 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Propellerhead Software
[2009/11/17 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\Trillium Lane
[2011/02/01 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G Man\Application Data\uTorrent
[2011/02/11 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
[2011/02/17 08:27:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1156 bytes -> C:\Program Files\Outlook Express:He6HeMNyFdvAfwWnWe
@Alternate Data Stream - 1137 bytes -> C:\Documents and Settings\G Man\Cookies:qchfTRyBAw2OiEC5pNuq0N8
@Alternate Data Stream - 1118 bytes -> C:\Program Files\Outlook Express:wmZIScQ89prq2KULXOj9Myvrm
< End of report >

Re: Only Starts in Safemode /Better virus removal (Free?)20th February 2011, 2:20 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O3 - HKLM\..\Toolbar: (no name) - {52794457-af6c-4c50-9def-f2e24f4c8889} - No CLSID value found.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
[2011/02/11 12:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Only Starts in Safemode /Better virus removal (Free?)20th February 2011, 4:37 am

Haven't done anything but copy & paste the log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.

OTLPE by OldTimer - Version 3.1.44.3 log created on 02192011_233344

Re: Only Starts in Safemode /Better virus removal (Free?)20th February 2011, 11:41 pm

Okay try loading the machine normally now, without booting OTLPE.

Re: Only Starts in Safemode /Better virus removal (Free?)21st February 2011, 2:11 am

Didn't work

Re: Only Starts in Safemode /Better virus removal (Free?)21st February 2011, 1:48 pm

Things got weird..in safe mode, the computer started exhibiting more severe infection symptoms (fake antivirus scans, constant popups) and then suddenly went to the blue screen of death and then rebooted normally..
An AVG scan resolved one infection and it's been behaving normally ever since. I'm skeptical because it still doesn't load GeekPolice and I suspect other sites, and I haven't restarted it since because I suspect it will revert back to a safe mode only type of deal

Re: Only Starts in Safemode /Better virus removal (Free?)22nd February 2011, 1:26 am

Hello.

Please download ComboFix Only Starts in Safemode /Better virus removal (Free?) Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 12:29 am

Er, just as I downloaded that my comp started showing serious symptoms again- fake antivirus, and it won't allow me to access services, selective start up, avg, or really any of the diagnostic type programs.. changed my desktop background..its really nasty. I have 'commy.exe' on the desktop but it won't open or be found through search

Re: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 12:53 am

wait running 'commy' in safemode will post...

Re: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 1:25 am

Okay.

Re: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 2:23 am

Ok the files I get from bleeping computer get error'd as corrupted files and won't run. I got a list of sites that are not affiliated with bleeping computer and my computer is redirecting every time I try to get this download, and its all made worse by my now non existent anti-virus since I was told to take it out by combofix....so thats pretty much where I'm stuck at now

Re: Only Starts in Safemode /Better virus removal (Free?)24th February 2011, 9:54 pm

It looks like its fixed!! The test was 'can it go to GeekPolice' (that was one of the sites this comp strangely wouldn't go to) the results are below I'm waiting for your response before I get all excited..

\ComboFix 11-02-24.01 - G Man 02/24/2011 16:32:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2816 [GMT -5:00]
Running from: c:\documents and settings\G Man\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\nDeOlMd06504
c:\documents and settings\All Users.WINDOWS\Application Data\nDeOlMd06504\nDeOlMd06504
c:\documents and settings\All Users.WINDOWS\Application Data\nDeOlMd06504\nDeOlMd06504.exe
c:\documents and settings\G Man\Application Data\Adobe\plugs
c:\documents and settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239
c:\documents and settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239\enemies-names.txt
c:\documents and settings\G Man\Application Data\E7CB79EAF9F92DDFA867DB130E201239\local.ini
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}\chrome\content\_cfg.js
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}\chrome\content\overlay.xul
c:\documents and settings\G Man\Local Settings\Application Data\{70207928-A5B3-4BAC-9399-F6DB4EA1EDD8}\install.rdf
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\dtx.ini
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\exeArgs.xml
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\guid.dat
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\whitesmoketoolbar\setupCfg.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\addins\addins
E:\AUTORUN.INF

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-21 02:48 . 2011-02-21 03:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\jAaIbOf15405
2011-02-17 02:51 . 2011-02-02 18:48 2193408 ----a-r- C:\OTLPE.exe
2011-02-17 02:44 . 2011-02-17 02:44 -------- d-----w- C:\_OTL
2011-02-11 07:18 . 2011-02-11 07:18 -------- d-----w- c:\program files\Quick Web Player
2011-02-09 15:31 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-02-09 15:31 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-02-09 15:31 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-02-09 15:31 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IECompatCache
2011-02-09 13:58 . 2011-02-09 14:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-02-09 07:10 . 2011-02-09 07:10 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\scripting
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\bits
2011-02-08 20:00 . 2011-02-08 20:07 -------- d-----w- c:\windows\system32\en
2011-02-08 20:00 . 2011-02-08 20:00 -------- d-----w- c:\windows\l2schemas
2011-02-05 21:43 . 2011-01-18 19:48 144736 ----a-w- c:\windows\system32\RalinkGina.dll
2011-02-05 21:43 . 2010-10-07 16:54 2168160 ----a-w- c:\windows\system32\Scutum.dll
2011-02-05 21:43 . 2010-07-01 22:29 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2011-02-05 21:43 . 2010-07-01 22:09 185696 ----a-w- c:\windows\system32\W32N55.dll
2011-02-05 21:43 . 2010-06-29 15:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2011-02-05 21:43 . 2009-11-13 18:42 34080 ----a-w- c:\windows\system32\CTAAEI.dll
2011-02-05 21:43 . 2009-04-21 20:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-02-05 21:42 . 2011-02-05 21:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ralink Driver
2011-02-05 15:20 . 2011-02-05 15:39 -------- d-----w- c:\documents and settings\Administrator.COMPUTER-C74F72.000
2011-01-31 00:55 . 2011-01-31 00:55 -------- d-----w- c:\program files\Pando Networks
2011-01-29 13:44 . 2011-01-29 13:44 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

Code:

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Digidesign\Drivers\MMERefresh .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Netdrive\Netdrive .exe
c:\program files\QuickTime\qttask                                                                                                                                .exe
c:\windows\system32\CTHELPER .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-12-8 303104]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-9-10 114688]
Microsoft Office.lnk - e:\toolz\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-11-4 11474272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2010-07-26 17:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=Digi32.dll
"MIDI1"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WhiteSmoke Writer 2010+.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WhiteSmoke Writer 2010+.lnk
backup=c:\windows\pss\WhiteSmoke Writer 2010+.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G Man^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\documents and settings\G Man\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 16:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-17 18:19 136176 ----atw- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- c:\documents and settings\G Man\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netdrive]
c:\program files\Netdrive\Netdrive.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Common Files\Java\Java Update\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ndsvc"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\G Man\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [11/12/2009 1:53 PM 16400]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2/5/2011 4:43 PM 19072]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [11/12/2009 1:53 PM 97808]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [11/12/2009 1:53 PM 21648]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [11/12/2009 1:53 PM 21904]
S2 RaMediaServer;Ralink UPnP Media Server;c:\program files\RALINK\Common\RaMediaServer.exe [2/5/2011 4:43 PM 619872]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/12/2009 2:16 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
S3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [11/12/2008 1:03 PM 70656]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 8:01 PM 136176]
S4 ndsvc;NetDrive Service;c:\program files\Netdrive\ndsvc.exe [11/18/2008 2:33 PM 2543104]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-19 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - e:\toolz\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AVS Video Editor 4_is1 - e:\$avg\AVSVideoEditor\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\jscript.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Citrix\GoToMyPC\g2svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\RALINK\Common\RaRegistry.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Completion time: 2011-02-24 16:50:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 21:50

Pre-Run: 36,425,592,832 bytes free
Post-Run: 36,378,390,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8B2D4445647CF25E669947B28519F40F

Re: Only Starts in Safemode /Better virus removal (Free?)25th February 2011, 1:09 am

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
RenV:: c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG10\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Digidesign\Drivers\MMERefresh .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Netdrive\Netdrive .exe c:\program files\QuickTime\qttask .exe c:\windows\system32\CTHELPER .exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Only Starts in Safemode /Better virus removal (Free?)25th February 2011, 2:26 am

Here it is:

ComboFix 11-02-24.01 - G Man 02/24/2011 21:15:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2756 [GMT -5:00]
Running from: c:\documents and settings\G Man\Desktop\commy.exe
Command switches used :: c:\documents and settings\G Man\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-21 02:48 . 2011-02-21 03:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\jAaIbOf15405
2011-02-17 02:51 . 2011-02-02 18:48 2193408 ----a-r- C:\OTLPE.exe
2011-02-17 02:44 . 2011-02-17 02:44 -------- d-----w- C:\_OTL
2011-02-11 07:18 . 2011-02-11 07:18 -------- d-----w- c:\program files\Quick Web Player
2011-02-09 15:31 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-02-09 15:31 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-02-09 15:31 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-02-09 15:31 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-02-09 15:31 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2011-02-09 14:15 . 2011-02-09 14:15 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IECompatCache
2011-02-09 13:58 . 2011-02-09 14:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-02-09 07:10 . 2011-02-09 07:10 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\scripting
2011-02-08 20:00 . 2011-02-08 20:10 -------- d-----w- c:\windows\system32\bits
2011-02-08 20:00 . 2011-02-08 20:07 -------- d-----w- c:\windows\system32\en
2011-02-08 20:00 . 2011-02-08 20:00 -------- d-----w- c:\windows\l2schemas
2011-02-05 21:43 . 2011-01-18 19:48 144736 ----a-w- c:\windows\system32\RalinkGina.dll
2011-02-05 21:43 . 2010-10-07 16:54 2168160 ----a-w- c:\windows\system32\Scutum.dll
2011-02-05 21:43 . 2010-07-01 22:29 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2011-02-05 21:43 . 2010-07-01 22:09 185696 ----a-w- c:\windows\system32\W32N55.dll
2011-02-05 21:43 . 2010-06-29 15:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2011-02-05 21:43 . 2009-11-13 18:42 34080 ----a-w- c:\windows\system32\CTAAEI.dll
2011-02-05 21:43 . 2009-04-21 20:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-02-05 21:42 . 2011-02-05 21:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ralink Driver
2011-02-05 15:20 . 2011-02-05 15:39 -------- d-----w- c:\documents and settings\Administrator.COMPUTER-C74F72.000
2011-01-31 00:55 . 2011-01-31 00:55 -------- d-----w- c:\program files\Pando Networks
2011-01-29 13:44 . 2011-01-29 13:44 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-12-8 303104]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-9-10 114688]
Microsoft Office.lnk - e:\toolz\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-11-4 11474272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2010-07-26 17:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=Digi32.dll
"MIDI1"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WhiteSmoke Writer 2010+.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WhiteSmoke Writer 2010+.lnk
backup=c:\windows\pss\WhiteSmoke Writer 2010+.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G Man^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\documents and settings\G Man\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 16:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2009-06-23 19:48 19456 ----a-w- c:\windows\system32\CTHELPER.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-17 18:19 136176 ----atw- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- c:\documents and settings\G Man\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netdrive]
2008-11-18 19:17 3089408 ----a-w- c:\program files\Netdrive\Netdrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ndsvc"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\G Man\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [11/12/2009 1:53 PM 16400]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2/5/2011 4:43 PM 19072]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [11/12/2009 1:53 PM 97808]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [11/12/2009 1:53 PM 21648]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [11/12/2009 1:53 PM 21904]
S2 RaMediaServer;Ralink UPnP Media Server;c:\program files\RALINK\Common\RaMediaServer.exe [2/5/2011 4:43 PM 619872]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 4:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/12/2009 2:16 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 4:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 4:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 4:34 PM 566296]
S3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [11/12/2008 1:03 PM 70656]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 8:01 PM 136176]
S4 ndsvc;NetDrive Service;c:\program files\Netdrive\ndsvc.exe [11/18/2008 2:33 PM 2543104]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 18:19]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003Core.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1844823847-839522115-1003UA.job
- c:\documents and settings\G Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 18:19]

2011-02-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-19 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - e:\toolz\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-24 21:23:59
ComboFix-quarantined-files.txt 2011-02-25 02:23
ComboFix2.txt 2011-02-24 21:50

Pre-Run: 35,882,491,904 bytes free
Post-Run: 35,860,574,208 bytes free

- - End Of File - - 28F42B7433BFC7D40FECBD6847A63F3F

Re: Only Starts in Safemode /Better virus removal (Free?)26th February 2011, 1:58 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Only Starts in Safemode /Better virus removal (Free?)26th February 2011, 3:47 pm

I haven't restarted or anything since the scan has completed. I'm awaiting your response before I do that or install antivirus (as I've had to uninstall a few times for these scans) but everything looks good so far. here's the results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=5f54543076430b44b448213d7086ae34
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-26 03:33:25
# local_time=2011-02-26 10:33:25 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 10784909 10784909 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63897
# found=3
# cleaned=3
# scan_time=2431
C:\Qoobox\Quarantine\C\Documents and Settings\All
Users.WINDOWS\Application Data\nDeOlMd06504\nDeOlMd06504.exe.vir a
variant of Win32/Kryptik.LAA trojan (cleaned by deleting -
quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\G Man\Application
Data\E7CB79EAF9F92DDFA867DB130E201239\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen
application (cleaned by deleting -
quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\G Man\Application
Data\E7CB79EAF9F92DDFA867DB130E201239\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen
application (cleaned by deleting -
quarantined) 00000000000000000000000000000000 C

Re: Only Starts in Safemode /Better virus removal (Free?)27th February 2011, 1:38 am

Looks good, how is the machine running now?

Re: Only Starts in Safemode /Better virus removal (Free?)28th February 2011, 3:17 pm

Everything looks good so far. I can't thank you enough, I wouldn't have come close to fixing this without your help. So should I stay with avg? I know I'll have to pay soon so should I just upgrade from the free ed at that time?

Only Starts in Safemode /Better virus removal (Free?)

descriptionOnly Starts in Safemode /Better virus removal (Free?)10th February 2011, 9:37 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)11th February 2011, 12:07 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)11th February 2011, 8:13 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)11th February 2011, 6:29 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)13th February 2011, 5:43 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)14th February 2011, 2:31 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)14th February 2011, 3:34 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)14th February 2011, 8:30 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)15th February 2011, 1:23 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)15th February 2011, 5:31 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)16th February 2011, 1:26 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)16th February 2011, 12:10 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)17th February 2011, 1:43 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)18th February 2011, 4:29 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)18th February 2011, 7:10 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)19th February 2011, 1:55 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)19th February 2011, 11:27 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)20th February 2011, 2:20 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)20th February 2011, 4:37 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)20th February 2011, 11:41 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)21st February 2011, 2:11 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)21st February 2011, 1:48 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)22nd February 2011, 1:26 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 12:29 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 12:53 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 1:25 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)23rd February 2011, 2:23 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)24th February 2011, 9:54 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)25th February 2011, 1:09 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)25th February 2011, 2:26 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)26th February 2011, 1:58 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)26th February 2011, 3:47 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)27th February 2011, 1:38 am

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)28th February 2011, 3:17 pm

descriptionRe: Only Starts in Safemode /Better virus removal (Free?)