Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yay Another "Your System is Infected"

Started by Rykono , Dec 26 2009 03:32 PM

  • Please log in to reply

#1
Rykono
Posted 26 December 2009 - 03:32 PM

Rykono

    New Member

  • Member
  • Pip
  • 3 posts
Another Green Desktop "Your System is Infected" Came along with a fake Internet Security 2010 Program. Have looked at the other problems trying to fix off of those but, computer is keeping me from running alot of the programs. Can't run, Ad-Aware, Smitrem, AVG finds nothing, Spybot finds but doesn't destory, Malwarebytes, GMER... i get a window (WARNING) Application cannont be executed. The file is infected. Please activate your antivirus software. CAn't run Safe mode (end up with blue screen for hardware malfunction. Running OTL posting logs...


OTL logfile created on: 12/26/2009 3:45:15 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Rykono\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.22 Gb Total Space | 3.65 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive D: | 383.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYKONOLAP
Current User Name: Rykono
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/26 15:44:00 | 00,696,832 | ---- | M] () -- C:\Documents and Settings\Rykono\Local Settings\Temp\is-IJ70F.tmp\mbam-setup.tmp
PRC - [2009/12/26 15:42:32 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rykono\My Documents\Downloads\OTL.exe
PRC - [2009/12/26 15:41:31 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rykono\My Documents\Downloads\mbam-setup.exe
PRC - [2009/12/26 12:09:05 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/26 12:09:04 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/26 12:09:02 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/26 12:09:02 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/26 12:09:02 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/26 12:08:59 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/26 00:43:54 | 00,915,968 | ---- | M] (fSSvXQ) -- C:\Program Files\InternetSecurity2010\IS2010.exe
PRC - [2009/12/26 00:43:21 | 00,022,016 | ---- | M] (SWUsVvhddARXbqA) -- C:\WINDOWS\system32\winupdate86.exe
PRC - [2009/12/24 14:52:36 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/12/17 10:54:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/17 16:11:46 | 01,636,192 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files\GameTracker\GSInGameService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/07/07 15:12:42 | 00,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/07 15:12:40 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/04 21:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/10/09 18:17:44 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/10/09 18:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/10/09 18:17:40 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 00,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/05/10 10:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/02/20 11:29:08 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/09/12 07:05:16 | 00,054,784 | ---- | M] (EnTech Taiwan) -- C:\Program Files\MultiRes\MultiRes.exe
PRC - [2006/04/27 09:53:24 | 00,532,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/20 17:38:06 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/10/20 12:00:28 | 00,157,696 | ---- | M] () -- C:\Program Files\ERUNT\ERUNT.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/26 15:42:32 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rykono\My Documents\Downloads\OTL.exe
MOD - [2009/09/26 12:49:01 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\remebeyi.dll
MOD - [2009/09/26 12:48:20 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\system32\yizimife.dll
MOD - [2008/07/07 15:11:06 | 00,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2006/04/27 09:49:08 | 00,040,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\lgscroll.dll
MOD - [2005/01/19 13:50:50 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2005/01/19 13:50:50 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - [2009/12/26 12:08:59 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/24 14:52:36 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 16:11:46 | 01,636,192 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2009/06/30 12:10:43 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/07 15:12:40 | 00,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/12/04 21:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/10/09 18:17:44 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/09/28 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {89c9e067-2605-4f75-a608-f6ea31c9d085}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/26 12:08:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 10:54:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 10:54:51 | 00,000,000 | ---D | M]

[2009/06/07 19:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\Mozilla\Extensions
[2009/12/26 14:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\Mozilla\Firefox\Profiles\3ew2rbj6.default\extensions
[2009/10/13 13:08:28 | 00,000,000 | ---D | M] (FFXI Helper) -- C:\Documents and Settings\Rykono\Application Data\Mozilla\Firefox\Profiles\3ew2rbj6.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d085}
[2009/12/21 14:06:50 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rykono\Application Data\Mozilla\Firefox\Profiles\3ew2rbj6.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/12/26 14:14:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (329883 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11300 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [buwijoloz] C:\WINDOWS\System32\yizimife.DLL ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (SWUsVvhddARXbqA)
O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (fSSvXQ)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Rykono\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Rykono\Start Menu\Programs\Startup\MultiRes [2009/11/21 15:59:14 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Rykono\Start Menu\Programs\Startup\MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe (EnTech Taiwan)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258835256218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\ c:\windows\system32\yizimife.dll) - File not found
O20 - AppInit_DLLs: (remebeyi.dll) - C:\WINDOWS\System32\remebeyi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (SWUsVvhddARXbqA)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: holahavaz - {4f2c178b-45be-413f-87c1-fba0c92a263a} - C:\WINDOWS\system32\yizimife.dll ()
O22 - SharedTaskScheduler: {4f2c178b-45be-413f-87c1-fba0c92a263a} - jugezatag - C:\WINDOWS\system32\yizimife.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/07 15:34:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/27 21:16:46 | 01,440,056 | R--- | M] () - D:\autorun.bmp -- [ CDFS ]
O32 - AutoRun File - [2008/11/06 00:54:28 | 00,233,472 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/06 00:55:11 | 00,032,298 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/04/13 05:30:34 | 00,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/10/07 01:15:21 | 00,002,354 | R--- | M] () - D:\autorun.ini -- [ CDFS ]
O33 - MountPoints2\{0692340c-6581-11de-9aea-00188bceb510}\Shell - "" = AutoRun
O33 - MountPoints2\{0692340c-6581-11de-9aea-00188bceb510}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0692340c-6581-11de-9aea-00188bceb510}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0692340d-6581-11de-9aea-00188bceb510}\Shell\AutoRun\command - "" = F:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{0692340d-6581-11de-9aea-00188bceb510}\Shell\Explore\Command - "" = F:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{0692340d-6581-11de-9aea-00188bceb510}\Shell\Open\Command - "" = F:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{6fc46994-9c79-11de-9b3f-001bfc5cdaa3}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{6fc46994-9c79-11de-9b3f-001bfc5cdaa3}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{6fc46994-9c79-11de-9b3f-001bfc5cdaa3}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{9c0272e0-ea6b-11de-9bc5-001bfc5cdaa3}\Shell\AutoRun\command - "" = E:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{9c0272e0-ea6b-11de-9bc5-001bfc5cdaa3}\Shell\Explore\Command - "" = E:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{9c0272e0-ea6b-11de-9bc5-001bfc5cdaa3}\Shell\Open\Command - "" = E:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{a43a082e-9c78-11de-9b3e-001bfc5cdaa3}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{a43a082e-9c78-11de-9b3e-001bfc5cdaa3}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{a43a082e-9c78-11de-9b3e-001bfc5cdaa3}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{ce4555be-5aac-11de-9adf-00188bceb510}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 15:45:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 15:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/26 15:45:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 15:45:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/26 15:44:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/26 15:44:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/26 15:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GameTracker
[2009/12/26 15:14:10 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/12/26 15:12:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/26 15:11:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Application Data\AVG8
[2009/12/26 15:05:19 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/26 15:05:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/12/26 15:00:52 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/12/26 14:59:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/12/26 14:59:10 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/12/26 14:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Desktop\Smitrem
[2009/12/26 12:09:45 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/26 12:09:31 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/26 12:09:31 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/26 12:09:14 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/26 12:09:12 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/26 12:09:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/26 12:08:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/26 12:04:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/26 12:04:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/26 12:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/26 12:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/26 11:58:50 | 00,000,000 | ---D | C] -- C:\VT AntiVirus
[2009/12/26 11:46:15 | 00,000,000 | ---D | C] -- C:\VT-SEPVersion
[2009/12/26 11:42:24 | 92,706,156 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Rykono\Desktop\vtsep1105002.exe
[2009/12/26 11:01:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/26 10:51:14 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Rykono\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/26 01:27:56 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/26 00:59:07 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2009/12/26 00:43:27 | 00,022,016 | ---- | C] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/26 00:43:27 | 00,022,016 | ---- | C] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winlogon86.exe
[2009/12/24 14:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/24 14:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Application Data\Google
[2009/12/24 14:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/24 14:52:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Local Settings\Application Data\Temp
[2009/12/24 14:52:36 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/12/24 14:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Local Settings\Application Data\Google
[2009/12/23 23:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Local Settings\Application Data\BVRP Software
[2009/12/23 23:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2009/12/23 23:19:06 | 00,000,000 | ---D | C] -- C:\Program Files\Motorola Phone Tools
[2009/12/23 23:19:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/21 20:18:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Bluetooth Software
[2009/12/21 20:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2009/12/20 21:07:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Application Data\TS3Client
[2009/12/20 21:07:23 | 00,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2009/12/18 09:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rykono\Application Data\Logitech
[2009/12/18 09:15:24 | 00,013,440 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042Kbd.SYS
[2009/12/18 09:14:56 | 00,069,376 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMouKE.Sys
[2009/12/18 09:14:56 | 00,055,424 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042MOU.SYS
[2009/12/18 09:14:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/12/18 09:14:15 | 00,027,008 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidKE.Sys
[2009/12/18 09:14:15 | 00,000,000 | ---D | C] -- C:\Program Files\SetPoint
[2009/07/10 13:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/26 16:00:42 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Rykono\Local Settings\Application Data\prvlcl.dat
[2009/12/26 16:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\uwlrdrco.job
[2009/12/26 15:57:01 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bipurigo
[2009/12/26 15:57:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/26 15:45:22 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 15:44:36 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Rykono\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/26 15:44:28 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Rykono\Desktop\NTREGOPT.lnk
[2009/12/26 15:44:28 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Rykono\Desktop\ERUNT.lnk
[2009/12/26 15:42:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
[2009/12/26 15:22:30 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/12/26 15:22:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/12/26 15:22:03 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/26 15:21:05 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/26 15:21:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 15:20:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 15:11:25 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/26 15:01:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21204.exe
[2009/12/26 14:41:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27515.exe
[2009/12/26 14:21:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24386.exe
[2009/12/26 13:38:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5333.exe
[2009/12/26 13:18:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5818.exe
[2009/12/26 12:58:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6671.exe
[2009/12/26 12:38:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32212.exe
[2009/12/26 12:18:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5762.exe
[2009/12/26 12:09:33 | 07,340,032 | -H-- | M] () -- C:\Documents and Settings\Rykono\NTUSER.DAT
[2009/12/26 12:09:32 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/26 12:09:31 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/26 12:09:31 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/26 12:09:14 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/26 12:09:12 | 47,065,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/26 12:09:12 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/26 12:09:12 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/26 12:09:09 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/26 12:09:09 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/26 12:09:09 | 00,127,917 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/26 11:59:59 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/12/26 11:46:39 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Rykono\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/26 11:44:42 | 92,706,156 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Rykono\Desktop\vtsep1105002.exe
[2009/12/26 11:44:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16873.exe
[2009/12/26 11:24:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17593.exe
[2009/12/26 11:04:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25427.exe
[2009/12/26 10:51:14 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Rykono\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/26 10:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1579.exe
[2009/12/26 10:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10965.exe
[2009/12/26 09:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20617.exe
[2009/12/26 09:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20330.exe
[2009/12/26 09:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32222.exe
[2009/12/26 08:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25530.exe
[2009/12/26 08:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13099.exe
[2009/12/26 08:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9722.exe
[2009/12/26 07:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24165.exe
[2009/12/26 07:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27692.exe
[2009/12/26 07:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20083.exe
[2009/12/26 06:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5957.exe
[2009/12/26 06:25:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29164.exe
[2009/12/26 06:05:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27331.exe
[2009/12/26 05:45:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16490.exe
[2009/12/26 05:25:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15553.exe
[2009/12/26 05:05:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29274.exe
[2009/12/26 04:45:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26583.exe
[2009/12/26 04:25:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22914.exe
[2009/12/26 04:05:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\878.exe
[2009/12/26 03:45:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30912.exe
[2009/12/26 03:25:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30812.exe
[2009/12/26 03:05:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29605.exe
[2009/12/26 02:45:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24271.exe
[2009/12/26 02:25:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9986.exe
[2009/12/26 02:02:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rykono\ntuser.ini
[2009/12/26 02:01:08 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/26 01:43:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 01:27:57 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\Rykono\Desktop\HiJackThis.lnk
[2009/12/26 01:23:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:03:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/26 00:43:45 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/26 00:43:21 | 00,022,016 | ---- | M] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/26 00:43:21 | 00,022,016 | ---- | M] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winlogon86.exe
[2009/12/26 00:43:00 | 00,034,308 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2009/12/25 14:28:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/24 21:52:30 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/12/24 00:41:44 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2009/12/24 00:40:10 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2009/12/24 00:38:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2009/12/24 00:38:33 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2009/12/24 00:38:31 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/12/23 23:22:13 | 00,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk
[2009/12/21 20:13:54 | 00,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/12/20 21:07:28 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2009/12/20 03:57:00 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/12/18 09:14:43 | 00,001,383 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2009/12/13 12:27:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 15:45:22 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 15:44:36 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Rykono\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/26 15:44:28 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Rykono\Desktop\NTREGOPT.lnk
[2009/12/26 15:44:28 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Rykono\Desktop\ERUNT.lnk
[2009/12/26 15:42:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14945.exe
[2009/12/26 15:11:25 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/26 15:01:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21204.exe
[2009/12/26 14:55:22 | 00,141,372 | ---- | C] () -- C:\Documents and Settings\Rykono\Local Settings\Application Data\prvlcl.dat
[2009/12/26 14:41:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27515.exe
[2009/12/26 14:21:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24386.exe
[2009/12/26 13:38:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5333.exe
[2009/12/26 13:18:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5818.exe
[2009/12/26 12:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6671.exe
[2009/12/26 12:48:24 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\uwlrdrco.job
[2009/12/26 12:38:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32212.exe
[2009/12/26 12:18:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5762.exe
[2009/12/26 12:09:32 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/26 12:09:12 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/26 12:09:09 | 47,065,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/26 12:09:09 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/26 12:09:09 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/26 12:09:09 | 00,127,917 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/26 11:46:20 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/12/26 11:44:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16873.exe
[2009/12/26 11:24:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17593.exe
[2009/12/26 11:04:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25427.exe
[2009/12/26 10:25:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1579.exe
[2009/12/26 10:05:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\10965.exe
[2009/12/26 09:45:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20617.exe
[2009/12/26 09:25:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20330.exe
[2009/12/26 09:05:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32222.exe
[2009/12/26 08:45:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25530.exe
[2009/12/26 08:25:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13099.exe
[2009/12/26 08:05:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9722.exe
[2009/12/26 07:45:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24165.exe
[2009/12/26 07:25:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27692.exe
[2009/12/26 07:05:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20083.exe
[2009/12/26 06:45:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5957.exe
[2009/12/26 06:25:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29164.exe
[2009/12/26 06:05:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27331.exe
[2009/12/26 05:45:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16490.exe
[2009/12/26 05:25:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15553.exe
[2009/12/26 05:05:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29274.exe
[2009/12/26 04:45:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26583.exe
[2009/12/26 04:25:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22914.exe
[2009/12/26 04:05:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\878.exe
[2009/12/26 03:45:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30912.exe
[2009/12/26 03:25:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30812.exe
[2009/12/26 03:05:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29605.exe
[2009/12/26 02:45:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24271.exe
[2009/12/26 02:25:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9986.exe
[2009/12/26 02:01:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/26 01:43:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 01:27:57 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\Rykono\Desktop\HiJackThis.lnk
[2009/12/26 01:23:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:03:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/26 00:43:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/12/26 00:43:45 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/26 00:43:30 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/26 00:43:10 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2009/12/24 14:52:43 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/24 14:52:42 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/24 00:41:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2009/12/24 00:40:10 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2009/12/24 00:38:34 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2009/12/24 00:38:33 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2009/12/24 00:38:31 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/12/23 23:22:13 | 00,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk
[2009/12/21 20:13:54 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/12/20 21:07:28 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2009/12/18 09:14:43 | 00,001,383 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2009/11/21 15:58:47 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/09/26 12:49:01 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\sonumiwo.dll
[2009/09/26 12:49:01 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\remebeyi.dll
[2009/09/26 12:49:01 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\pekuveme.dll
[2009/09/26 12:48:20 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\yizimife.dll
[2009/09/26 12:48:20 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\yapipije.dll
[2009/09/26 12:48:20 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\sagimame.dll
[2009/09/26 12:48:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\remowoka.dll
[2009/09/26 02:01:21 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\higulima.dll
[2009/09/26 00:48:01 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\sozayaza.dll_old
[2009/09/26 00:48:01 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pahimasa.dll
[2009/07/26 12:35:09 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/06/23 09:13:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/06/08 15:33:15 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Rykono\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 17:48:05 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/06/07 17:48:02 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/09 16:40:13 | 00,001,310 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM4.DLL
[2008/07/07 15:11:32 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/12/26 12:08:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/26 11:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/29 08:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/07/31 23:20:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wayward Gamers
[2009/09/11 13:58:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/23 09:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/26 15:12:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/11/25 23:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\Blitware
[2009/11/22 15:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\GameTracker
[2009/11/29 21:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\GARMIN
[2009/10/12 10:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\TeamViewer
[2009/12/20 21:07:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\TS3Client
[2009/10/21 20:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\Uniblue
[2009/12/25 13:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rykono\Application Data\uTorrent
[2009/12/26 11:59:59 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2009/12/20 03:57:00 | 00,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2009/12/26 16:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\uwlrdrco.job

========== Purity Check ==========


< End of report >




OTL Extras logfile created on: 12/26/2009 3:45:15 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Rykono\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.22 Gb Total Space | 3.65 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive D: | 383.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYKONOLAP
Current User Name: Rykono
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Rykono\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\Rykono\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\rykono\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\rykono\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\rykono\half-life\hl.exe" = C:\Program Files\Steam\steamapps\rykono\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- ()
"C:\Program Files\Steam\steamapps\common\osmos\osmos.exe" = C:\Program Files\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- ()
"C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe" = C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{54A90A9E-E537-11DE-811A-005056806466}" = Google Earth Plug-in
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C08784B-D955-4BB4-8C70-43C89A738F58}" = Motorola Phone Tools
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F4507EF-C5F3-46CE-9718-9D3698821333}" = Motorola Driver Installation
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1" = ApRadar 3.0.0.30 Update
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Digsby" = Digsby
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GameTracker Lite" = GameTracker Lite
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MultiRes (remove only)" = MultiRes (remove only)
"PowerISO" = PowerISO
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"Steam App 130" = Half-Life: Blue Shift
"Steam App 240" = Counter-Strike: Source
"Steam App 29180" = Osmos
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 590" = Left 4 Dead 2 Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"SEPVersion" = VT-SEPVersion checks for latest updates of Symantec Endpoint Protection
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2009 12:46:03 PM | Computer Name = RYKONOLAP | Source = MsiInstaller | ID = 10005
Description = Product: Symantec Endpoint Protection -- Symantec Endpoint Protection
has detected that there are pending system changes that require a reboot. Please
reboot the system and rerun the installation.

Error - 12/26/2009 12:47:36 PM | Computer Name = RYKONOLAP | Source = MsiInstaller | ID = 10005
Description = Product: Symantec Endpoint Protection -- Symantec Endpoint Protection
has detected that there are pending system changes that require a reboot. Please
reboot the system and rerun the installation.

Error - 12/26/2009 2:50:16 PM | Computer Name = RYKONOLAP | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM BIOSEvent" could not be (re)activated
in namespace "//./root/wmi" because of error 0x80041010. Events may not be delivered
through this filter until the problem is corrected.

Error - 12/26/2009 4:13:26 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2009 4:25:23 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2009 4:26:05 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2009 4:31:41 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2009 4:32:26 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2009 4:34:05 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2009 4:34:50 PM | Computer Name = RYKONOLAP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 12/26/2009 12:45:30 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:30 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:30 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:30 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:30 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:31 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:31 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 12:45:31 PM | Computer Name = RYKONOLAP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/26/2009 2:50:16 PM | Computer Name = RYKONOLAP | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 12/26/2009 2:55:08 PM | Computer Name = RYKONOLAP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest.
Reference
error message: The operation completed successfully. .


< End of report >
  • 0

Advertisements

#2
fenzodahl512
Posted 26 December 2009 - 05:25 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:OTL
PRC - [2009/12/26 00:43:54 | 00,915,968 | ---- | M] (fSSvXQ) -- C:\Program Files\InternetSecurity2010\IS2010.exe
PRC - [2009/12/26 00:43:21 | 00,022,016 | ---- | M] (SWUsVvhddARXbqA) -- C:\WINDOWS\system32\winupdate86.exe
MOD - [2009/09/26 12:49:01 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\remebeyi.dll
MOD - [2009/09/26 12:48:20 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\system32\yizimife.dll
O4 - HKLM..\Run: [buwijoloz] C:\WINDOWS\System32\yizimife.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (SWUsVvhddARXbqA)
O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (fSSvXQ)
O20 - AppInit_DLLs: (c:\windows\system32\ c:\windows\system32\yizimife.dll) - File not found
O20 - AppInit_DLLs: (remebeyi.dll) - C:\WINDOWS\System32\remebeyi.dll ()
O21 - SSODL: holahavaz - {4f2c178b-45be-413f-87c1-fba0c92a263a} - C:\WINDOWS\system32\yizimife.dll ()
O22 - SharedTaskScheduler: {4f2c178b-45be-413f-87c1-fba0c92a263a} - jugezatag - C:\WINDOWS\system32\yizimife.dll ()
O33 - MountPoints2\{0692340d-6581-11de-9aea-00188bceb510}\Shell\AutoRun\command - "" = F:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{0692340d-6581-11de-9aea-00188bceb510}\Shell\Explore\Command - "" = F:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{0692340d-6581-11de-9aea-00188bceb510}\Shell\Open\Command - "" = F:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{6fc46994-9c79-11de-9b3f-001bfc5cdaa3}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{6fc46994-9c79-11de-9b3f-001bfc5cdaa3}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{6fc46994-9c79-11de-9b3f-001bfc5cdaa3}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{9c0272e0-ea6b-11de-9bc5-001bfc5cdaa3}\Shell\AutoRun\command - "" = E:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{9c0272e0-ea6b-11de-9bc5-001bfc5cdaa3}\Shell\Explore\Command - "" = E:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{9c0272e0-ea6b-11de-9bc5-001bfc5cdaa3}\Shell\Open\Command - "" = E:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{a43a082e-9c78-11de-9b3e-001bfc5cdaa3}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{a43a082e-9c78-11de-9b3e-001bfc5cdaa3}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{a43a082e-9c78-11de-9b3e-001bfc5cdaa3}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
[2009/12/26 00:59:07 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2009/12/26 00:43:27 | 00,022,016 | ---- | C] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/26 00:43:27 | 00,022,016 | ---- | C] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winlogon86.exe
[2009/12/26 16:00:42 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Rykono\Local Settings\Application Data\prvlcl.dat
[2009/12/26 16:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\uwlrdrco.job
[2009/12/26 15:57:01 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bipurigo
[2009/12/26 15:57:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/26 15:42:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
[2009/12/26 15:22:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/12/26 15:22:03 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/26 15:21:05 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/26 15:01:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21204.exe
[2009/12/26 14:41:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27515.exe
[2009/12/26 14:21:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24386.exe
[2009/12/26 13:38:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5333.exe
[2009/12/26 13:18:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5818.exe
[2009/12/26 12:58:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6671.exe
[2009/12/26 12:38:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32212.exe
[2009/12/26 12:18:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5762.exe
[2009/12/26 11:59:59 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/12/26 11:44:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16873.exe
[2009/12/26 11:24:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17593.exe
[2009/12/26 11:04:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25427.exe
[2009/12/26 10:51:14 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Rykono\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/26 10:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1579.exe
[2009/12/26 10:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10965.exe
[2009/12/26 09:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20617.exe
[2009/12/26 09:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20330.exe
[2009/12/26 09:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32222.exe
[2009/12/26 08:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25530.exe
[2009/12/26 08:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13099.exe
[2009/12/26 08:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9722.exe
[2009/12/26 07:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24165.exe
[2009/12/26 07:25:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27692.exe
[2009/12/26 07:05:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20083.exe
[2009/12/26 06:45:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5957.exe
[2009/12/26 06:25:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29164.exe
[2009/12/26 06:05:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27331.exe
[2009/12/26 05:45:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16490.exe
[2009/12/26 05:25:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15553.exe
[2009/12/26 05:05:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29274.exe
[2009/12/26 04:45:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26583.exe
[2009/12/26 04:25:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22914.exe
[2009/12/26 04:05:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\878.exe
[2009/12/26 03:45:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30912.exe
[2009/12/26 03:25:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30812.exe
[2009/12/26 03:05:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29605.exe
[2009/12/26 02:45:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24271.exe
[2009/12/26 02:25:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9986.exe
[2009/12/26 01:43:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 01:23:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:03:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/26 00:43:45 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/26 00:43:21 | 00,022,016 | ---- | M] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/26 00:43:21 | 00,022,016 | ---- | M] (SWUsVvhddARXbqA) -- C:\WINDOWS\System32\winlogon86.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...




Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Edited by fenzodahl512, 26 December 2009 - 05:25 PM.

  • 0

#3
Rykono
Posted 27 December 2009 - 01:22 PM

Rykono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for taking your time to help me. I have ran the coemedian (had problms runnning it at first (getting same Can't run app,the file is infected please activate antivirus)got it to run by leaving that message up and running it. Did the OTL with the fix and now when i restart It won't load my explorer, Just gives me my Background image and a cursor. Can't do crtl + alt + del. on other comp at the moment.

Edit: After about 15 minutes it has put me back at the Windows Login Screen. Clicked again at the same blank desktop.

Edit2: YEah have tried about 6 times and have tried restarting, it won't load the explorer.

Edited by Rykono, 27 December 2009 - 04:28 PM.

  • 0

#4
fenzodahl512
Posted 28 December 2009 - 05:32 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
I did told you this on "The Comedian" step..

STOP! if you can't complete this step.. Tell me more about it..


Now, did you manage to install ERUNT when running The Comedian? Or have you install and backup your Registry with ERUNT before?

Edited by fenzodahl512, 28 December 2009 - 05:40 AM.

  • 0

#5
Rykono
Posted 28 December 2009 - 05:25 PM

Rykono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Yes i have run Erunt from comedian and have had Erunt up before i ran comedian. But Comedian ran all the way through processes this is why i didn't stop. So i proceeded to the next step.
  • 0

#6
fenzodahl512
Posted 29 December 2009 - 06:12 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. You will need Windows CD to boot into Recovery Console.. Please refer below website to understand on how to boot into Recovery Console..

http://pcsupport.abo...ss/rconsole.htm << This one has 6 slides, navigate them all..

http://www.windowsne...s/wxprcons.html


Upon C:\WINDOWS> directory, type below and press Enter (make sure you type it right..)

cd erdnt\autobackup

And you'll got C:\WINDOWS\ERDNT\AutoBackup>

Then type dir and press Enter

You'll got something similar like below..

Posted Image

Then type below and press Enter (make sure you type it right..)

cd 4-20-2009

Take note that the GREEN is the date of ERUNT autobackup that you see in the Recovery Console. Make sure you type it according to the second latest date you find.

Then you'll got something similar to C:\WINDOWS\ERDNT\AutoBackup\4-20-2009>

After that type below and press Enter (make sure you type it right..)

batch erdnt.con

You'll got several 1 file(s) copied. entries.. Type Exit and press Enter.. Reboot your computer and tell me how it goes..
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP