XP AntiVirus Protection

[victorbrca]

Hi all,

My dds is locking up and SpyBot does not show any issue. Not sure what else I can do.

Here are the steps I have taken so far (I can post the logs if needed, but read on "Before you post" not to put any other than the asked).

===========================================

"XP AntiVirus Protection" came up and disabled my free AVG AV and Comodo firewall (no permission to start comodo, executable not associated anymore).

Steps I took:
1- Disabled network
2- Booted into safe mode with networking
3- Ran f-secure.com on-line scanner (saved log)
4- Ran disk cleanup for temp ie files and Recycle bin
5- Ran bitdefender.com on-line sanner (saved log)
6- Booted into normal mode, installed hijackthis however could not run it
7- Renamed regedit.exe to regedit.com and fixed HKEY_CLASSES_ROOT\exefile\shell\open\command
from
"C:\Documents and Settings\Victor\Local Settings\Application Data\rij.exe" -a "%1" %*
to
"%1" %*
8- Ran hijack - (saved log)
9- Ran sysinternals RootKitRevealer
10- Installed and ran spybot, error with framedyn.dll
11- Copied (as instructed by M$ site), still error.
12- Checked PATH and was set to "C:\Program Files\Bitvise Tunnelier". Changed to "%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\wbem"
13- Ran dds, locked computer 3x times (hard reboot)
14- Disabled tea timer, ran check for problems on spybot, found 4 issues and fixed it. Ran check again and ok.

[Blade81]

Hi,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Also, I'd like to take a look at logs from those scanners you had run earlier.

[victorbrca]

Thank you for the reply and your time. Here's the requested information:

##################
Extras.txt
##################
OTL Extras logfile created on: 4/5/2011 10:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 16.05 Gb Free Space | 27.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 390.43 Gb Free Space | 83.83% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XP | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\RemoteX\remotex.exe" = C:\Program Files\RemoteX\remotex.exe:*:Enabled:RemoteX
"C:\Program Files\Ringtone Maker\RingtoneMaker.exe" = C:\Program Files\Ringtone Maker\RingtoneMaker.exe:*:Enabled:BBMRingtoneMaker
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A6B42F5-7B17-D788-5052-8FAC0CEDFD4C}" = CCC Help Chinese Traditional
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EA19680-B744-D9FF-E4DF-F882718DD95B}" = CCC Help Polish
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A55F760-A711-D610-5387-145E711FF356}" = CCC Help Chinese Standard
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30A3D3FC-6344-0B79-9DF8-1A1AD48DD620}" = CCC Help Japanese
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D253F10-CB32-D5F8-3B2D-0210FB2332D5}" = Catalyst Control Center Core Implementation
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E2E2FBD-EAF9-405C-0297-0AB3C86F97D7}" = ATI Catalyst Install Manager
"{3EF86476-79AF-AB5F-12B4-6C26B42E9D71}" = CCC Help Spanish
"{4087DBD5-A51F-EC27-F8D1-0159517923FC}" = CCC Help Swedish
"{41D2B895-BB34-3823-28B4-B85492E0040D}" = ccc-core-static
"{41FEA6D8-C6C4-51FF-1CC0-ED7826807B07}" = CCC Help Norwegian
"{422CCD1A-8CBC-DAC9-4431-9265ADE3A645}" = CCC Help Korean
"{42EAF785-A1CE-EA12-0230-00866962A7A6}" = CCC Help Czech
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{480BD9E9-D210-1E1B-8807-2FF1368744CE}" = Catalyst Control Center Graphics Full Existing
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EE9E62F-5CFB-8704-E1DC-C2B8EBCF4B1E}" = CCC Help French
"{52FD147A-CBD4-17AD-AA3F-02AB0179717A}" = CCC Help Hungarian
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60FB969A-CCA6-33EC-5BF5-3A2247ED2986}" = CCC Help Thai
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DC90653-ACEB-3388-F8DA-A8F06CE3C700}" = CCC Help Finnish
"{71AF2CD4-1CF1-273B-D437-6F307A9F5AF7}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E427286-EAD6-DA5D-0653-7642D009B6D8}" = Catalyst Control Center Localization All
"{7E881626-0362-95C5-C25C-6A5CD2CE0EFF}" = CCC Help Russian
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8995AA26-8D59-43DB-1BF0-66F707D915E7}" = Skins
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9B7A811C-0BDE-FEF7-AF80-2B67175D6DF8}" = CCC Help Portuguese
"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5
"{9DA011CC-BDF6-9937-6ADE-3105B4288CCD}" = CCC Help German
"{9F875DF5-B60F-4326-96AE-0162E0F3BFE4}" = calibre
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4099946-418B-DCC5-B56F-97391515ED28}" = Catalyst Control Center InstallProxy
"{A85AD707-781F-2B73-E134-38084AACB5D5}" = ATI AVIVO Codecs
"{AC121971-CF91-9A04-0E96-2049D48F0DD3}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C356AE79-463B-48C4-B7C4-E08800799284}_is1" = XPS Annotator 1.22
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8334BE4-E342-E33A-0AAD-8F3449D7A27C}" = CCC Help Greek
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCE6B923-03A8-D06B-0D4A-9371604911E4}" = CCC Help Turkish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2786E50-D08E-1E1B-C3B1-1DD26F23071F}" = CCC Help Italian
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D4D3B18B-3BE0-17BA-55BC-391A7CB6E518}" = CCC Help English
"{D86F3EA6-93A3-D020-0D77-204AB1696067}" = ATI Problem Report Wizard
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4335710-A620-2718-3388-1131E6A07080}" = CCC Help Dutch
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7CE957C-09C3-7D9C-9F2A-81E020D3723A}" = ccc-core-preinstall
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}" = IP Camera Adapter
"{F85E4782-5B90-4845-9D7D-D11DE2F5EA5E}" = HydraVision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB9EA640-5030-037E-6B39-7E05DC31C75E}" = Catalyst Control Center Graphics Full New
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE69D535-592F-52BA-7B28-98396018825A}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Avidemux 2.5" = Avidemux 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"Fences" = Fences
"Free CD Ripper_is1" = Free CD Ripper 3.1
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mp3tag" = Mp3tag v2.46a
"mRemote" = mRemote
"Notepad++" = Notepad++
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"PuTTY Connection Manager_is1" = PuTTY Connection Manager 0.7.1.136beta
"TightVNC" = TightVNC 2.0.2
"ToneFXsCreator" = ToneFXsCreator 1.0
"Tunnelier" = Bitvise Tunnelier 4.37 (remove only)
"VirtuaWin_is1" = VirtuaWin v4.2
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yankee Clipper III" = Yankee Clipper III

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2011 4:12:35 PM | Computer Name = DESKTOP-XP | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 4/2/2011 4:12:44 PM | Computer Name = DESKTOP-XP | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 4/2/2011 4:22:14 PM | Computer Name = DESKTOP-XP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/2/2011 4:35:41 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/2/2011 5:25:39 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/2/2011 7:04:13 PM | Computer Name = DESKTOP-XP | Source = Application Error | ID = 1000
Description = Faulting application SZGMOLOKODUDDNMJ.exe, version 1.71.0.0, faulting
module SZGMOLOKODUDDNMJ.exe, version 1.71.0.0, fault address 0x0003841a.

Error - 4/2/2011 7:47:32 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/3/2011 8:13:33 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/4/2011 12:15:00 AM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/5/2011 10:45:48 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 12/4/2010 2:54:38 PM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/4/2010 5:27:27 PM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/4/2010 9:52:11 PM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/5/2010 10:41:41 AM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/5/2010 10:42:30 AM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.


< End of report >

[victorbrca]

##################
OTL.txt
##################
OTL logfile created on: 4/5/2011 10:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 16.05 Gb Free Space | 27.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 390.43 Gb Free Space | 83.83% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XP | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\VirtuaWin\modules\vwKvasdoPager.exe ()
PRC - C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
PRC - C:\Program Files\VirtuaWin\modules\WinList.exe ()
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\YCIII\YankClip.exe (inteleXual.com)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MJW) -- File not found
SRV - (SZGMOLOKODUDDNMJ) -- C:\Documents and Settings\Victor\Local Settings\Temp\SZGMOLOKODUDDNMJ.exe (Sysinternals - www.sysinternals.com)
SRV - (XU) -- C:\Documents and Settings\Administrator\Local Settings\Temp\XU.exe (Sysinternals - www.sysinternals.com)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\lgandadb.sys (Google Inc)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: TooManyTabs@visibotech.com:1.3.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/03/24 11:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/08/21 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions
[2010/09/09 21:32:22 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/11/28 22:52:13 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\TooManyTabs@visibotech.com
[2010/08/30 00:03:32 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\VMwareVMRC@vmware.com
[2011/01/25 22:36:17 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\searchplugins\askcom.xml
[2010/11/25 15:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\FACEPAD@LAZYRUSSIAN.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/01/05 21:54:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/05 21:54:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/02 13:37:11 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe (inteleXual.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/21 21:23:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 22:51:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2011/04/02 19:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/02 19:02:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/02 19:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/02 19:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/02 17:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/02 16:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/02 16:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/02 16:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/02 15:49:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\regedit.com
[2011/04/02 15:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/02 15:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Start Menu\Programs\HiJackThis
[2011/04/02 13:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/04/02 13:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/04/02 12:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/03/25 09:34:09 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/03/24 11:32:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/15 10:26:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 22:50:05 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 22:50:05 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 22:49:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 22:45:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/05 22:45:40 | 3488,792,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 21:27:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2011/04/03 19:14:38 | 074,203,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/02 20:11:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2011/04/02 15:56:57 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk
[2011/04/02 13:37:11 | 000,000,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 12:59:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 22:52:08 | 000,013,124 | -HS- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 22:52:08 | 000,013,124 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 01:00:52 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\PUTTY.RND
[2011/03/28 23:10:05 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\winscp.rnd
[2011/03/28 22:37:24 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/03/28 22:37:23 | 000,094,784 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/03/28 22:37:23 | 000,027,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/03/28 22:37:22 | 000,239,368 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/03/28 22:37:22 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/03/16 23:45:23 | 000,178,028 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\Galaxy Tab Cover with Stand.pdf
[2011/03/16 23:43:07 | 000,190,516 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\fm-modulator.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 19:47:17 | 3488,792,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/02 15:44:44 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/16 23:45:22 | 000,178,028 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\Galaxy Tab Cover with Stand.pdf
[2011/03/16 23:43:06 | 000,190,516 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\fm-modulator.pdf
[2011/02/06 21:49:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 20:31:26 | 000,372,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/17 01:46:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/14 01:36:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/12/14 01:36:30 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/13 16:21:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/05 00:06:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/11/25 15:10:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/06 23:02:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/04 01:02:05 | 000,017,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 01:41:40 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 01:36:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\PUTTY.RND
[2010/08/28 20:39:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2010/08/27 12:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 18:46:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Application Data\winscp.rnd
[2010/08/21 22:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/21 21:51:27 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/21 21:51:27 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/21 21:51:25 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/21 21:51:25 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/21 21:47:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/21 21:47:36 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/21 21:47:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/21 21:47:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/08/21 21:47:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/08/21 21:40:07 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/21 21:34:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/21 21:33:57 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/08/21 21:33:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2010/08/21 21:33:50 | 000,034,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/21 21:33:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/21 21:25:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 21:21:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/21 17:12:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/21 16:22:32 | 001,992,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe:SummaryInformation

< End of report >

[victorbrca]

##################
f-secure
##################
19 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
Suspicious:W32/Malware!Gemini (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.WebTrendsLive (spyware)
System (Disinfected)
TrackingCookie.Fastclick (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
TrackingCookie.Imrworldwide (spyware)
System (Disinfected)
Suspicious:W32/Malware!Gemini (virus)
C:\RECYCLER\S-1-5-21-839522115-1078081533-682003330-1003\DC216.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
C:\PROGRAM FILES\AVIDEMUX 2.5\AVIDEMUX2.EXE (Not cleaned)
Gen:Variant.Kazy.17420 (virus)
C:\DOCUMENTS AND SETTINGS\VICTOR\LOCAL SETTINGS\APPLICATION DATA\PVL.EXE (Renamed & Submitted)
Gen:Variant.Kazy.17420 (virus)
C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\26\1E758E5A-41C9A8EB (Renamed & Submitted)
Statistics
Scanned:
Files: 73476
System: 3781
Not scanned: 8
Actions:
Disinfected: 15
Renamed: 2
Deleted: 0
Not cleaned: 2
Submitted: 3
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D013304477F3689E5815D4051F89C4AF_B896423E-2448-4D8A-99D7-8418E033B493
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\1932



##################
bitdefender
##################
Scanned File Status
C:\Documents and Settings\Victor\Application Data\Sun\Java\Deployment\cache\6.0\26\1E758E5A-41C9A8EB.0
Infected with: Gen:Variant.Kazy.17420
C:\Documents and Settings\Victor\Application Data\Sun\Java\Deployment\cache\6.0\26\1E758E5A-41C9A8EB.0
Deleted
C:\Documents and Settings\Victor\Local Settings\Application Data\PVL.0XE
Infected with: Gen:Variant.Kazy.17420
C:\Documents and Settings\Victor\Local Settings\Application Data\PVL.0XE
Deleted
C:\System Volume Information\_restore{6B299F5C-DAC6-4829-A17B-91899EE94AF1}\RP195\A0015494.exe
Infected with: Gen:Variant.Kazy.17420
C:\System Volume Information\_restore{6B299F5C-DAC6-4829-A17B-91899EE94AF1}\RP195\A0015494.exe
Deleted


##################
RootkitReveal.txt
##################
HKU\S-1-5-21-839522115-1078081533-682003330-1003\Software\Adobe\MediaBrowser\MRU\illustrator\ApplicationPath 8/28/2010 7:49 PM 91 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-839522115-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL 8/21/2010 10:00 PM 73 bytes Data mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 8/21/2010 8:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/21/2010 8:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\ASUS\AI Gear3\EPU\MB\CurrentPower 4/2/2011 5:31 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{CBE92BF9-3679-4ACA-A2B6-FB60B1F5C635}\Icon 9/27/2010 9:33 PM 45 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{CBE92BF9-3679-4ACA-A2B6-FB60B1F5C635}\Icon 9/27/2010 9:33 PM 45 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg\except.cfg 4/2/2011 5:51 PM 456 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\avg9\Log\avgexc.log 4/2/2011 5:51 PM 314 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\avg9\Log\avgexc.log.lock 4/2/2011 5:51 PM 0 bytes Hidden from Windows API.

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[victorbrca]

Hi Blade81,

Sorry for the late reply. Haven't had a chance to run your instructions.

I downloaded combo fix and tried running, however I have Free AVG installed. I know I need to uninstall it, however my doubts are if I should install any other AV after that, or leave the PC without any AV and wait for further instructions from you.

Thanks again!

Vic.

[Blade81]

Hi,

Leave system without antivirus until we've finished cleaning.

[victorbrca]

Have been fighting with this without success. Had problems removing AVG, but got that figured out.

Now I'm not able to run combofix. Ran a few times and it freezes my PC forcing me to do a hard reset. I also got a message that a couple of files got corrupted.

Should I ran it in safe mode?

Note: I have disabled Firewall and Spybot before running combofix.

=============================

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 4/13/2011
Time: 5:13:54 PM
User: N/A
Computer: DESKTOP-XP
Description:
Application popup: cmd.cfxxe - Corrupt File : The file or directory C:\ComboFix\NT-OSS~1 is corrupt and unreadable. Please run the Chkdsk utility.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

========================================================================

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 4/13/2011
Time: 5:20:12 PM
User: N/A
Computer: DESKTOP-XP
Description:
Application popup: PEV.cfxxe - Corrupt File : The file or directory C:\Documents and Settings\Victor\Local Settings\Temp\catchme.dll is corrupt and unreadable. Please run the Chkdsk utility.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

[Blade81]

Hi,

Yes, try in safe mode (ensuring no protection software is running).