Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer restarted and now no .exe file will open [Solved]


  • This topic is locked This topic is locked

#1
Riodn

Riodn

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

Just yesterday my desktop (currently using laptop) randomly restarted and now no .exe files will open. I have ran the computer in safemode and still no luck. I have the following antivirus programs: AVG 2012, Malwarbyte, Super antivirus, and CC cleaner. Oddly enough, CC cleaner and Super antivirus works normally but doesn't fix any problems. I would say 90% of my programs cannot open. I can run the command prompt and notepad as well. I tried running TheKiller (renamed as explorer), OTL, Combofix and none of them works because I cannot open .exe files. Any help would be greatly appreciated and thank you for your time.
  • 1

Advertisements


#2
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Also, I'm using firefox and that cannot open as well. Again, thank you for reading.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets try this version of OTL

But first download this pif file and double click to run as normal
Clean Autorun pif

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi there,

I downloaded cleanautorun and OTL. However, when I double click cleanautorun, a box that looks almost like the cmd pops up for a split second and then nothing happens. I've tried it multiple times and it has been the same result. Additionally, OTL doesn't open as well. It appears to be a screensaver? Note: I'm running safe mode while trying to do this. I have tried it on this machine and it appears to be working. I believe the problem is that it runs as if it is a .exe file which the infected computer cannot run. Thank you for your patience and help.

Edited by Riodn, 19 March 2012 - 02:18 PM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes OTL was masquerading as a screen saver, so that did not run either

OK can you create a cd ? If so we will do a quick and dirty fix outside of windows

Please print these instruction out so that you know what you are doing
  • On the clean computer
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Download Scan.txt to a USB drive[attachment=56714:scan.txt]
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop scan.txt into the Custom scans and fixes box, or double click the scan box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#6
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for your prompt response.

I'm currently on step 9) and I have a question. How do I know which folder is the infected one? This may sound like a silly question sorry. Ideally I would like to scan my entire drive (which I've tried but doesn't allow). Thank you again for your help.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is purely an analysis tool with repair functions. The scan will enable me to stop the bad processes and enable exe functionality thereby getting into windows properly
  • 0

#8
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you.

Here is the results:

OTL logfile created on: 3/19/2012 3:44:16 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 614.42 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.69 Gb Free Space | 99.21% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/26 22:39:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 20:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/24 12:38:28 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 05:07:24 | 000,244,960 | ---- | M] () [Disabled] -- D:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/10/12 10:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 10:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 13:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 10:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 10:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 10:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 17:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- D:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 05:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 05:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 05:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 05:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/24 09:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 06:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/08/20 01:42:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0439b064
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C DF 35 47 FA 5E CC 01 [binary data]
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.jzip.com/
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: D:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 00:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 18:31:52 | 000,000,000 | ---D | M]

[2012/01/08 03:25:33 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 11:31:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/18 00:11:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/23 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/08 22:21:28 | 000,002,310 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/12 19:27:58 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 20:59:52 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/30 14:43:02 | 000,002,497 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/12 19:27:58 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/25 04:33:05 | 000,001,422 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 46.4.179.84 yahoo.com
O1 - Hosts: 212.124.122.156 google.com
O1 - Hosts: 46.4.179.84 myspace.com
O1 - Hosts: 212.124.122.156 msn.com
O1 - Hosts: 46.4.179.84 amazon.com
O1 - Hosts: 212.124.122.156 youtube.com
O1 - Hosts: 46.4.179.84 craigslist.org
O1 - Hosts: 212.124.122.156 wikipedia.org
O1 - Hosts: 46.4.179.110 cnn.com
O1 - Hosts: 46.4.179.84 facebook.com
O1 - Hosts: 46.4.179.110 go.com
O1 - Hosts: 46.4.179.84 live.com
O1 - Hosts: 46.4.179.84 blogger.com
O1 - Hosts: 46.4.179.110 aol.com
O1 - Hosts: 46.4.179.84 microsoft.com
O1 - Hosts: 46.4.179.110 comcast.net
O1 - Hosts: 46.4.179.84 imdb.com
O1 - Hosts: 46.4.179.84 digg.com
O1 - Hosts: 46.4.179.84 flickr.com
O1 - Hosts: 46.4.179.84 Expedia.com
O1 - Hosts: 46.4.179.84 Monster.com
O1 - Hosts: 212.124.122.156 Paypal.com
O1 - Hosts: 46.4.179.84 Weather.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trixie.Bho) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 22:25:24 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - D:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 16:12:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/19 16:12:36 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 20:08:44 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\Windows 7 Ultimate
[2012/03/18 18:00:00 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\malwar
[2012/03/18 04:33:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/18 04:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/18 04:33:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/18 04:33:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/18 04:33:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/18 04:33:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/18 04:08:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\svchost.exe
[2012/03/13 23:04:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/13 06:01:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/03/08 22:21:54 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\PDFlite
[2012/03/08 22:21:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar
[2012/03/08 22:21:27 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Local\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2012/02/29 02:33:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2012/02/27 12:32:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/01/11 22:45:08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- D:\Users\Riodn\AppData\Local\pwv.exe
[2011/02/25 13:59:34 | 004,007,936 | ---- | C] (Flagship Industries, Inc.) -- D:\Program Files (x86)\Ventrilo.exe

========== Files - Modified Within 30 Days ==========

[2012/03/19 17:11:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/19 16:02:09 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/18 23:19:17 | 000,623,940 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/18 23:19:17 | 000,106,316 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/18 21:39:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000UA.job
[2012/03/18 19:07:12 | 009,809,282 | ---- | M] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 16:18:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/18 16:17:54 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 13:21:51 | 000,489,824 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/18 00:15:02 | 000,002,127 | ---- | M] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/17 23:10:28 | 030,758,216 | ---- | M] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/17 20:26:56 | 001,587,696 | ---- | M] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/17 19:16:12 | 001,410,192 | ---- | M] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/17 19:04:00 | 000,001,278 | ---- | M] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/17 18:53:00 | 000,004,895 | ---- | M] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/17 16:47:51 | 000,002,006 | -H-- | M] () -- D:\Users\Riodn\Documents\Default.rdp
[2012/03/13 03:39:00 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000Core.job
[2012/03/13 01:38:47 | 000,000,064 | ---- | M] () -- D:\Windows\SysWow64\rp_stats.dat
[2012/03/13 01:38:47 | 000,000,044 | ---- | M] () -- D:\Windows\SysWow64\rp_rules.dat
[2012/03/12 20:42:25 | 091,606,683 | ---- | M] () -- D:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 20:38:36 | 000,298,954 | ---- | M] () -- D:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/11 18:27:03 | 000,000,200 | ---- | M] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:20:04 | 000,000,747 | -H-- | M] () -- D:\IPH.PH
[2012/03/09 18:19:48 | 000,002,012 | ---- | M] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:52 | 000,001,859 | ---- | M] () -- D:\Users\Public\Desktop\PDFlite.lnk
[2012/03/08 22:21:35 | 000,000,237 | ---- | M] () -- D:\user.js
[2012/02/29 02:33:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 04:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 12:42:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/03/19 00:08:44 | 000,002,127 | ---- | C] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/18 23:17:44 | 000,002,600 | ---- | C] () -- D:\Users\Riodn\Desktop\xp_exe_fix.reg
[2012/03/18 23:04:17 | 030,758,216 | ---- | C] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/18 20:29:49 | 001,587,696 | ---- | C] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/18 20:11:55 | 009,809,282 | ---- | C] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 19:09:50 | 001,410,192 | ---- | C] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/18 18:57:32 | 000,001,278 | ---- | C] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/18 18:46:48 | 000,004,895 | ---- | C] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/11 18:27:03 | 000,000,200 | ---- | C] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:19:48 | 000,002,012 | ---- | C] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:34 | 000,000,237 | ---- | C] () -- D:\user.js
[2012/01/11 22:45:14 | 000,001,508 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\441i16t235626yt7ww818yq
[2012/01/11 22:45:14 | 000,001,508 | -HS- | C] () -- D:\ProgramData\441i16t235626yt7ww818yq
[2012/01/09 01:12:33 | 000,001,478 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\if1877rk0wof43v47i776hb5o6a7ymkgy074skuh4h22vq
[2012/01/09 01:12:33 | 000,001,478 | -HS- | C] () -- D:\ProgramData\if1877rk0wof43v47i776hb5o6a7ymkgy074skuh4h22vq
[2011/12/26 13:35:18 | 000,001,582 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\03627262x6x3
[2011/12/26 13:35:18 | 000,001,582 | -HS- | C] () -- D:\ProgramData\03627262x6x3
[2011/12/24 23:53:46 | 000,000,259 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/16 03:32:52 | 000,001,260 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\4w15jd6w47p677
[2011/12/16 03:32:52 | 000,001,260 | -HS- | C] () -- D:\ProgramData\4w15jd6w47p677
[2011/12/12 04:06:30 | 000,001,380 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\umysuw1q7ayv7vkg0ngl5i520n5t
[2011/12/12 04:06:30 | 000,001,380 | -HS- | C] () -- D:\ProgramData\umysuw1q7ayv7vkg0ngl5i520n5t
[2011/12/04 05:25:11 | 000,001,074 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\w3rl80h3ef3ypw
[2011/12/04 05:25:11 | 000,001,074 | -HS- | C] () -- D:\ProgramData\w3rl80h3ef3ypw
[2011/12/04 02:38:36 | 000,001,272 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\lltbrr2j3xwh5cdk3uyg3v452m4y
[2011/12/04 02:38:36 | 000,001,272 | -HS- | C] () -- D:\ProgramData\lltbrr2j3xwh5cdk3uyg3v452m4y
[2011/08/20 15:16:46 | 000,000,064 | ---- | C] () -- D:\Windows\SysWow64\rp_stats.dat
[2011/08/20 15:16:46 | 000,000,044 | ---- | C] () -- D:\Windows\SysWow64\rp_rules.dat
[2011/08/20 04:06:47 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2011/08/20 04:06:47 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/20 04:06:44 | 000,011,832 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/20 04:06:44 | 000,010,216 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/20 04:02:06 | 000,038,211 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/08/20 04:01:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/08/20 04:01:23 | 000,030,252 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/19 19:28:34 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/18 02:54:02 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/17 17:53:00 | 000,119,502 | ---- | C] () -- D:\Program Files (x86)\Channel.wav
[2007/08/17 17:48:58 | 000,119,358 | ---- | C] () -- D:\Program Files (x86)\UserComment.wav
[2007/08/08 00:54:58 | 000,154,902 | ---- | C] () -- D:\Program Files (x86)\privchatmsg.wav
[2007/08/08 00:41:16 | 000,073,730 | ---- | C] () -- D:\Program Files (x86)\privchatopen.wav
[2007/07/16 12:57:14 | 000,207,694 | ---- | C] () -- D:\Program Files (x86)\disconnect.wav
[2007/07/16 12:54:06 | 000,148,822 | ---- | C] () -- D:\Program Files (x86)\connect.wav
[2003/02/03 22:47:20 | 000,020,378 | ---- | C] () -- D:\Program Files (x86)\SwitchBindings.wav
[2003/01/31 19:05:46 | 000,023,446 | ---- | C] () -- D:\Program Files (x86)\ChannelLeave.wav
[2003/01/31 19:04:54 | 000,019,444 | ---- | C] () -- D:\Program Files (x86)\ChannelJoin.wav
[2003/01/30 20:38:26 | 000,001,165 | ---- | C] () -- D:\Program Files (x86)\default.vet
[2002/07/22 23:28:14 | 000,025,678 | ---- | C] () -- D:\Program Files (x86)\Binds.wav
[2002/06/05 03:04:22 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyUp.wav
[2002/06/05 03:04:14 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyDown.wav
[2002/06/05 02:25:08 | 000,026,254 | ---- | C] () -- D:\Program Files (x86)\MuteSound.wav
[2002/06/05 02:23:48 | 000,021,742 | ---- | C] () -- D:\Program Files (x86)\MuteMic.wav
[1999/09/02 03:44:58 | 000,057,202 | ---- | C] () -- D:\Program Files (x86)\missing.wav
[1999/08/29 16:31:42 | 000,106,646 | ---- | C] () -- D:\Program Files (x86)\UserConnect.wav
[1999/08/29 16:12:40 | 000,066,266 | ---- | C] () -- D:\Program Files (x86)\UserDisconnect.wav

========== LOP Check ==========

[2011/08/20 01:33:57 | 000,000,000 | ---D | M] -- D:\ProgramData\AIM
[2011/08/20 03:31:39 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/08/30 01:00:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2011/11/19 06:22:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2012
[2012/03/08 22:21:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/02/03 00:29:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/10/02 13:14:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2011/11/19 05:38:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/03/18 04:04:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DeviceVm
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/12 20:42:28 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2012/03/18 04:06:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/09/05 03:24:44 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/04 04:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/09/07 03:46:47 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/11/17 04:25:05 | 000,000,382 | ---- | M] () -- D:\Windows\Tasks\At1.job
[2012/03/09 14:53:32 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/03/17 04:30:14 | 004,438,697 | ---- | M] (Swearware) MD5=22FF84799934BA506E253C0C785063CA -- D:\Users\Riodn\Desktop\malwar\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/03/17 17:31:18 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- D:\Users\Riodn\Desktop\USB drive\malwar\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- D:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 18:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 18:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{73AB3188-3213-42F3-B7E2-74ADE39B582E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 03 01 01 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

Invalid Environment Variable: %Temp%\smtmp\1\*.*

Invalid Environment Variable: %Temp%\smtmp\2\*.*

Invalid Environment Variable: %Temp%\smtmp\3\*.*

Invalid Environment Variable: %Temp%\smtmp\4\*.*

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:DFC5A2B2
< End of report >
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached fix.txt to a USB drive
[attachment=56716:fix.txt]
Place the USB drive in the affected system
From the Reatogo desktop
Run OTL
Press the run fix button
A dialogue will ask for the location of fix.txt
Navigate to the usb and select fix.txt
press run fix again

Once it has completed reboot to normal windows and run Malwarebytes
  • 0

#10
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
When I load the "run fix" with the downloaded file, it inputs the text into the custom scans/fixes. But when I try to click "run fix" again to rerun, nothing happens. The program is running normal, it appears to not be responding to the "run fix". I followed the steps as described, perhaps I'm doing something wrong? Thank you again for all your help. Note: I also cannot navigate to the usb drive via OTLPE. It states the following: "access violation at address 7CA0C936 in module 'shell32.dll". Read of addresss 00000006." So instead what I did was just drag it to a folder where OTLPE would accept it.

Edited by Riodn, 19 March 2012 - 04:15 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you close OTLPE

Copy the fix text to the desktop
Reopen OTL
Open the fix.txt and copy/paste the details to the custom scan and fixes box
Then press run fix
  • 0

#12
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I completed the fix run and booted in normal. However, the same problem still exists. I open Malwarebyte but there is no response. Also something else to note that happened when all of this occurred. At the bottom right corner it states "Windows 7 Build 7601 This copy of windows is not genuine" This only happened after I tried to do a system restore to about a week ago as a response to this problem of not being able to open .exe files/Internet and is the first time its happened. The windows 7 that I have is legit. Just thought I'd share that with you as it may or may not have any effect. Thank you.

Edited by Riodn, 19 March 2012 - 04:29 PM.

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reboot to the Reatogo desktop again and in the custom scans box paste the in following and press run scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution /s

Then post the resultant log here

We will look at re-registering windows later
  • 0

#14
Riodn

Riodn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here are the results:

OTL logfile created on: 3/19/2012 4:38:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 614.41 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/26 22:39:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 20:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/24 12:38:28 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 05:07:24 | 000,244,960 | ---- | M] () [Disabled] -- D:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/10/12 10:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 10:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 13:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 10:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 10:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 10:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 17:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- D:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 05:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 05:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 05:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 05:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/24 09:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 06:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/08/20 01:42:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0439b064
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C DF 35 47 FA 5E CC 01 [binary data]
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.jzip.com/
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: D:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 00:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 18:31:52 | 000,000,000 | ---D | M]

[2012/01/08 03:25:33 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 11:31:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/18 00:11:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/23 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 19:27:58 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 20:59:52 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/30 14:43:02 | 000,002,497 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/12 19:27:58 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/19 16:19:08 | 000,000,098 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trixie.Bho) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 22:25:24 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - D:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 16:12:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/19 16:12:36 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/19 16:06:49 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/03/18 20:08:44 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\Windows 7 Ultimate
[2012/03/18 18:00:00 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\malwar
[2012/03/18 04:33:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/18 04:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/18 04:33:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/18 04:33:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/18 04:33:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/18 04:33:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/18 04:08:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\svchost.exe
[2012/03/13 23:04:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/13 06:01:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/03/08 22:21:54 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\PDFlite
[2012/03/08 22:21:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar
[2012/03/08 22:21:27 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Local\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2012/02/29 02:33:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2012/02/27 12:32:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/02/25 13:59:34 | 004,007,936 | ---- | C] (Flagship Industries, Inc.) -- D:\Program Files (x86)\Ventrilo.exe

========== Files - Modified Within 30 Days ==========

[2012/03/19 19:21:49 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/19 18:32:19 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/18 23:19:17 | 000,623,940 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/18 23:19:17 | 000,106,316 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/18 21:39:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000UA.job
[2012/03/18 19:07:12 | 009,809,282 | ---- | M] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 16:18:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/18 16:17:54 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 13:21:51 | 000,489,824 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/18 00:15:02 | 000,002,127 | ---- | M] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/17 23:10:28 | 030,758,216 | ---- | M] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/17 20:26:56 | 001,587,696 | ---- | M] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/17 19:16:12 | 001,410,192 | ---- | M] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/17 19:04:00 | 000,001,278 | ---- | M] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/17 18:53:00 | 000,004,895 | ---- | M] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/17 16:47:51 | 000,002,006 | -H-- | M] () -- D:\Users\Riodn\Documents\Default.rdp
[2012/03/13 03:39:00 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000Core.job
[2012/03/13 01:38:47 | 000,000,064 | ---- | M] () -- D:\Windows\SysWow64\rp_stats.dat
[2012/03/13 01:38:47 | 000,000,044 | ---- | M] () -- D:\Windows\SysWow64\rp_rules.dat
[2012/03/12 20:42:25 | 091,606,683 | ---- | M] () -- D:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 20:38:36 | 000,298,954 | ---- | M] () -- D:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/11 18:27:03 | 000,000,200 | ---- | M] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:20:04 | 000,000,747 | -H-- | M] () -- D:\IPH.PH
[2012/03/09 18:19:48 | 000,002,012 | ---- | M] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:52 | 000,001,859 | ---- | M] () -- D:\Users\Public\Desktop\PDFlite.lnk
[2012/02/29 02:33:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 04:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 12:42:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/03/19 00:08:44 | 000,002,127 | ---- | C] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/18 23:17:44 | 000,002,600 | ---- | C] () -- D:\Users\Riodn\Desktop\xp_exe_fix.reg
[2012/03/18 23:04:17 | 030,758,216 | ---- | C] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/18 20:29:49 | 001,587,696 | ---- | C] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/18 20:11:55 | 009,809,282 | ---- | C] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 19:09:50 | 001,410,192 | ---- | C] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/18 18:57:32 | 000,001,278 | ---- | C] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/18 18:46:48 | 000,004,895 | ---- | C] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/11 18:27:03 | 000,000,200 | ---- | C] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:19:48 | 000,002,012 | ---- | C] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2011/12/24 23:53:46 | 000,000,259 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/20 15:16:46 | 000,000,064 | ---- | C] () -- D:\Windows\SysWow64\rp_stats.dat
[2011/08/20 15:16:46 | 000,000,044 | ---- | C] () -- D:\Windows\SysWow64\rp_rules.dat
[2011/08/20 04:06:47 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2011/08/20 04:06:47 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/20 04:06:44 | 000,011,832 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/20 04:06:44 | 000,010,216 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/20 04:02:06 | 000,038,211 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/08/20 04:01:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/08/20 04:01:23 | 000,030,252 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/19 19:28:34 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/18 02:54:02 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/17 17:53:00 | 000,119,502 | ---- | C] () -- D:\Program Files (x86)\Channel.wav
[2007/08/17 17:48:58 | 000,119,358 | ---- | C] () -- D:\Program Files (x86)\UserComment.wav
[2007/08/08 00:54:58 | 000,154,902 | ---- | C] () -- D:\Program Files (x86)\privchatmsg.wav
[2007/08/08 00:41:16 | 000,073,730 | ---- | C] () -- D:\Program Files (x86)\privchatopen.wav
[2007/07/16 12:57:14 | 000,207,694 | ---- | C] () -- D:\Program Files (x86)\disconnect.wav
[2007/07/16 12:54:06 | 000,148,822 | ---- | C] () -- D:\Program Files (x86)\connect.wav
[2003/02/03 22:47:20 | 000,020,378 | ---- | C] () -- D:\Program Files (x86)\SwitchBindings.wav
[2003/01/31 19:05:46 | 000,023,446 | ---- | C] () -- D:\Program Files (x86)\ChannelLeave.wav
[2003/01/31 19:04:54 | 000,019,444 | ---- | C] () -- D:\Program Files (x86)\ChannelJoin.wav
[2003/01/30 20:38:26 | 000,001,165 | ---- | C] () -- D:\Program Files (x86)\default.vet
[2002/07/22 23:28:14 | 000,025,678 | ---- | C] () -- D:\Program Files (x86)\Binds.wav
[2002/06/05 03:04:22 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyUp.wav
[2002/06/05 03:04:14 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyDown.wav
[2002/06/05 02:25:08 | 000,026,254 | ---- | C] () -- D:\Program Files (x86)\MuteSound.wav
[2002/06/05 02:23:48 | 000,021,742 | ---- | C] () -- D:\Program Files (x86)\MuteMic.wav
[1999/09/02 03:44:58 | 000,057,202 | ---- | C] () -- D:\Program Files (x86)\missing.wav
[1999/08/29 16:31:42 | 000,106,646 | ---- | C] () -- D:\Program Files (x86)\UserConnect.wav
[1999/08/29 16:12:40 | 000,066,266 | ---- | C] () -- D:\Program Files (x86)\UserDisconnect.wav

========== LOP Check ==========

[2011/08/20 01:33:57 | 000,000,000 | ---D | M] -- D:\ProgramData\AIM
[2011/08/20 03:31:39 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/08/30 01:00:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2011/11/19 06:22:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2012
[2012/03/08 22:21:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/02/03 00:29:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/10/02 13:14:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2011/11/19 05:38:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/03/18 04:04:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DeviceVm
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/12 20:42:28 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2012/03/18 04:06:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/09/05 03:24:44 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/04 04:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/09/07 03:46:47 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/09 14:53:32 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:DFC5A2B2
< End of report >
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there appears to be something seriously amiss here

The previous fix failed to execute

So I will now go for a Virus scan using a boot cd

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP