It's quite alright; it actually happens a lot. Your logs don't show much, but there are a couple of malicious files hidden in your computer. This may take a couple of tries, but we'll do what we can.
First, do you recognize this file?
D:\Stuff\AGs\Mania\o2mania.exeIt's being marked as malicious on a lot of sites. But I'll give you a chance to identify it (if you can) before removing it.
You should uninstall a program called Rainlendar2 from your computer and then follow these steps...
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your systemDelete these files/folders, as follows:
1. Go to
Start >
Run > type
Notepad.exe and click
OK to open Notepad.
It
must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing
Ctrl+CKillAll::
Folder::
C:\Program Files\Rainlendar2
File::
C:\Program Files\Rainlendar2\Rainlendar2.exe
c:\windows\system32\qonenx.dll
c:\windows\system32\hvexalt.dll
c:\windows\system32\delnicek.exe
c:\windows\system32\kandoftt.dll
c:\windows\system32\417871mm.dll
c:\windows\system32\417871cqwz.dll
c:\windows\system32\sysmxd.dll
c:\windows\system32\Æ×ÄÊÀÁÉÉk.exe
c:\windows\system32\kandawf.dll
c:\windows\system32\woodkenk.exe
c:\windows\system32\qensng.dll
c:\windows\system32\cenvta.dll
c:\windows\system32\zesttnsk.exe
c:\windows\system32\A~AEA?AEEk.exe
c:\windows\Fonts\AA31D5B0.DLL
c:\windows\Fonts\45BB3148.EXE
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÐÞ¸´¹¤¾ß.exe]
3. Go to the Notepad window and click
Edit >
Paste4. Then click
File >
Save5. Name the file
CFScript.txt - Save the file to your Desktop
6. Then drag the
CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below.
Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply along with a new HJT log.Note:
Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze