Hi all,

My dds is locking up and SpyBot does not show any issue. Not sure what else I can do.

Here are the steps I have taken so far (I can post the logs if needed, but read on "Before you post" not to put any other than the asked).

===========================================

"XP AntiVirus Protection" came up and disabled my free AVG AV and Comodo firewall (no permission to start comodo, executable not associated anymore).

Steps I took:
1- Disabled network
2- Booted into safe mode with networking
3- Ran f-secure.com on-line scanner (saved log)
4- Ran disk cleanup for temp ie files and Recycle bin
5- Ran bitdefender.com on-line sanner (saved log)
6- Booted into normal mode, installed hijackthis however could not run it
7- Renamed regedit.exe to regedit.com and fixed HKEY_CLASSES_ROOT\exefile\shell\open\command
from
"C:\Documents and Settings\Victor\Local Settings\Application Data\rij.exe" -a "%1" %*
to
"%1" %*
8- Ran hijack - (saved log)
9- Ran sysinternals RootKitRevealer
10- Installed and ran spybot, error with framedyn.dll
11- Copied (as instructed by M$ site), still error.
12- Checked PATH and was set to "C:\Program Files\Bitvise Tunnelier". Changed to "%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\wbem"
13- Ran dds, locked computer 3x times (hard reboot)
14- Disabled tea timer, ran check for problems on spybot, found 4 issues and fixed it. Ran check again and ok.

Hi,

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Also, I'd like to take a look at logs from those scanners you had run earlier.

Thank you for the reply and your time. Here's the requested information:

##################
Extras.txt
##################
OTL Extras logfile created on: 4/5/2011 10:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 16.05 Gb Free Space | 27.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 390.43 Gb Free Space | 83.83% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XP | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\RemoteX\remotex.exe" = C:\Program Files\RemoteX\remotex.exe:*:Enabled:RemoteX
"C:\Program Files\Ringtone Maker\RingtoneMaker.exe" = C:\Program Files\Ringtone Maker\RingtoneMaker.exe:*:Enabled:BBMRingtoneMaker
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A6B42F5-7B17-D788-5052-8FAC0CEDFD4C}" = CCC Help Chinese Traditional
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EA19680-B744-D9FF-E4DF-F882718DD95B}" = CCC Help Polish
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A55F760-A711-D610-5387-145E711FF356}" = CCC Help Chinese Standard
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30A3D3FC-6344-0B79-9DF8-1A1AD48DD620}" = CCC Help Japanese
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D253F10-CB32-D5F8-3B2D-0210FB2332D5}" = Catalyst Control Center Core Implementation
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E2E2FBD-EAF9-405C-0297-0AB3C86F97D7}" = ATI Catalyst Install Manager
"{3EF86476-79AF-AB5F-12B4-6C26B42E9D71}" = CCC Help Spanish
"{4087DBD5-A51F-EC27-F8D1-0159517923FC}" = CCC Help Swedish
"{41D2B895-BB34-3823-28B4-B85492E0040D}" = ccc-core-static
"{41FEA6D8-C6C4-51FF-1CC0-ED7826807B07}" = CCC Help Norwegian
"{422CCD1A-8CBC-DAC9-4431-9265ADE3A645}" = CCC Help Korean
"{42EAF785-A1CE-EA12-0230-00866962A7A6}" = CCC Help Czech
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{480BD9E9-D210-1E1B-8807-2FF1368744CE}" = Catalyst Control Center Graphics Full Existing
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EE9E62F-5CFB-8704-E1DC-C2B8EBCF4B1E}" = CCC Help French
"{52FD147A-CBD4-17AD-AA3F-02AB0179717A}" = CCC Help Hungarian
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60FB969A-CCA6-33EC-5BF5-3A2247ED2986}" = CCC Help Thai
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DC90653-ACEB-3388-F8DA-A8F06CE3C700}" = CCC Help Finnish
"{71AF2CD4-1CF1-273B-D437-6F307A9F5AF7}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E427286-EAD6-DA5D-0653-7642D009B6D8}" = Catalyst Control Center Localization All
"{7E881626-0362-95C5-C25C-6A5CD2CE0EFF}" = CCC Help Russian
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8995AA26-8D59-43DB-1BF0-66F707D915E7}" = Skins
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9B7A811C-0BDE-FEF7-AF80-2B67175D6DF8}" = CCC Help Portuguese
"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5
"{9DA011CC-BDF6-9937-6ADE-3105B4288CCD}" = CCC Help German
"{9F875DF5-B60F-4326-96AE-0162E0F3BFE4}" = calibre
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4099946-418B-DCC5-B56F-97391515ED28}" = Catalyst Control Center InstallProxy
"{A85AD707-781F-2B73-E134-38084AACB5D5}" = ATI AVIVO Codecs
"{AC121971-CF91-9A04-0E96-2049D48F0DD3}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C356AE79-463B-48C4-B7C4-E08800799284}_is1" = XPS Annotator 1.22
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8334BE4-E342-E33A-0AAD-8F3449D7A27C}" = CCC Help Greek
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCE6B923-03A8-D06B-0D4A-9371604911E4}" = CCC Help Turkish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2786E50-D08E-1E1B-C3B1-1DD26F23071F}" = CCC Help Italian
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D4D3B18B-3BE0-17BA-55BC-391A7CB6E518}" = CCC Help English
"{D86F3EA6-93A3-D020-0D77-204AB1696067}" = ATI Problem Report Wizard
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4335710-A620-2718-3388-1131E6A07080}" = CCC Help Dutch
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7CE957C-09C3-7D9C-9F2A-81E020D3723A}" = ccc-core-preinstall
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}" = IP Camera Adapter
"{F85E4782-5B90-4845-9D7D-D11DE2F5EA5E}" = HydraVision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB9EA640-5030-037E-6B39-7E05DC31C75E}" = Catalyst Control Center Graphics Full New
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE69D535-592F-52BA-7B28-98396018825A}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Avidemux 2.5" = Avidemux 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"Fences" = Fences
"Free CD Ripper_is1" = Free CD Ripper 3.1
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mp3tag" = Mp3tag v2.46a
"mRemote" = mRemote
"Notepad++" = Notepad++
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"PuTTY Connection Manager_is1" = PuTTY Connection Manager 0.7.1.136beta
"TightVNC" = TightVNC 2.0.2
"ToneFXsCreator" = ToneFXsCreator 1.0
"Tunnelier" = Bitvise Tunnelier 4.37 (remove only)
"VirtuaWin_is1" = VirtuaWin v4.2
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yankee Clipper III" = Yankee Clipper III

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2011 4:12:35 PM | Computer Name = DESKTOP-XP | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 4/2/2011 4:12:44 PM | Computer Name = DESKTOP-XP | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 4/2/2011 4:22:14 PM | Computer Name = DESKTOP-XP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/2/2011 4:35:41 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/2/2011 5:25:39 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/2/2011 7:04:13 PM | Computer Name = DESKTOP-XP | Source = Application Error | ID = 1000
Description = Faulting application SZGMOLOKODUDDNMJ.exe, version 1.71.0.0, faulting
module SZGMOLOKODUDDNMJ.exe, version 1.71.0.0, fault address 0x0003841a.

Error - 4/2/2011 7:47:32 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/3/2011 8:13:33 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/4/2011 12:15:00 AM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/5/2011 10:45:48 PM | Computer Name = DESKTOP-XP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 12/4/2010 2:54:38 PM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/4/2010 5:27:27 PM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/4/2010 9:52:11 PM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/5/2010 10:41:41 AM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/5/2010 10:42:30 AM | Computer Name = DESKTOP-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/19/2010 1:29:17 AM | Computer Name = DESKTOP-XP | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.


< End of report >

##################
OTL.txt
##################
OTL logfile created on: 4/5/2011 10:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 16.05 Gb Free Space | 27.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 390.43 Gb Free Space | 83.83% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XP | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\VirtuaWin\modules\vwKvasdoPager.exe ()
PRC - C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
PRC - C:\Program Files\VirtuaWin\modules\WinList.exe ()
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\YCIII\YankClip.exe (inteleXual.com)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MJW) -- File not found
SRV - (SZGMOLOKODUDDNMJ) -- C:\Documents and Settings\Victor\Local Settings\Temp\SZGMOLOKODUDDNMJ.exe (Sysinternals - www.sysinternals.com)
SRV - (XU) -- C:\Documents and Settings\Administrator\Local Settings\Temp\XU.exe (Sysinternals - www.sysinternals.com)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\lgandadb.sys (Google Inc)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: TooManyTabs@visibotech.com:1.3.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/03/24 11:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/08/21 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions
[2010/09/09 21:32:22 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/11/28 22:52:13 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\TooManyTabs@visibotech.com
[2010/08/30 00:03:32 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\VMwareVMRC@vmware.com
[2011/01/25 22:36:17 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\searchplugins\askcom.xml
[2010/11/25 15:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\FACEPAD@LAZYRUSSIAN.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/01/05 21:54:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/05 21:54:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/02 13:37:11 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe (inteleXual.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/21 21:23:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 22:51:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2011/04/02 19:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/02 19:02:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/02 19:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/02 19:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/02 17:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/02 16:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/02 16:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/02 16:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/02 15:49:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\regedit.com
[2011/04/02 15:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/02 15:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Start Menu\Programs\HiJackThis
[2011/04/02 13:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/04/02 13:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/04/02 12:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/03/25 09:34:09 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/03/24 11:32:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/15 10:26:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 22:50:05 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 22:50:05 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 22:49:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 22:45:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/05 22:45:40 | 3488,792,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 21:27:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2011/04/03 19:14:38 | 074,203,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/02 20:11:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2011/04/02 15:56:57 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk
[2011/04/02 13:37:11 | 000,000,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 12:59:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 22:52:08 | 000,013,124 | -HS- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 22:52:08 | 000,013,124 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 01:00:52 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\PUTTY.RND
[2011/03/28 23:10:05 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\winscp.rnd
[2011/03/28 22:37:24 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/03/28 22:37:23 | 000,094,784 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/03/28 22:37:23 | 000,027,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/03/28 22:37:22 | 000,239,368 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/03/28 22:37:22 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/03/16 23:45:23 | 000,178,028 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\Galaxy Tab Cover with Stand.pdf
[2011/03/16 23:43:07 | 000,190,516 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\fm-modulator.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 19:47:17 | 3488,792,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/02 15:44:44 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/16 23:45:22 | 000,178,028 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\Galaxy Tab Cover with Stand.pdf
[2011/03/16 23:43:06 | 000,190,516 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\fm-modulator.pdf
[2011/02/06 21:49:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 20:31:26 | 000,372,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/17 01:46:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/14 01:36:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/12/14 01:36:30 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/13 16:21:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/05 00:06:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/11/25 15:10:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/06 23:02:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/04 01:02:05 | 000,017,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 01:41:40 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 01:36:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\PUTTY.RND
[2010/08/28 20:39:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2010/08/27 12:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 18:46:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Application Data\winscp.rnd
[2010/08/21 22:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/21 21:51:27 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/21 21:51:27 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/21 21:51:25 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/21 21:51:25 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/21 21:47:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/21 21:47:36 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/21 21:47:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/21 21:47:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/08/21 21:47:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/08/21 21:40:07 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/21 21:34:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/21 21:33:57 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/08/21 21:33:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2010/08/21 21:33:50 | 000,034,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/21 21:33:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/21 21:25:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 21:21:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/21 17:12:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/21 16:22:32 | 001,992,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe:SummaryInformation

< End of report >

##################
f-secure
##################
19 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
Suspicious:W32/Malware!Gemini (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.WebTrendsLive (spyware)
System (Disinfected)
TrackingCookie.Fastclick (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
TrackingCookie.Imrworldwide (spyware)
System (Disinfected)
Suspicious:W32/Malware!Gemini (virus)
C:\RECYCLER\S-1-5-21-839522115-1078081533-682003330-1003\DC216.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
C:\PROGRAM FILES\AVIDEMUX 2.5\AVIDEMUX2.EXE (Not cleaned)
Gen:Variant.Kazy.17420 (virus)
C:\DOCUMENTS AND SETTINGS\VICTOR\LOCAL SETTINGS\APPLICATION DATA\PVL.EXE (Renamed & Submitted)
Gen:Variant.Kazy.17420 (virus)
C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\26\1E758E5A-41C9A8EB (Renamed & Submitted)
Statistics
Scanned:
Files: 73476
System: 3781
Not scanned: 8
Actions:
Disinfected: 15
Renamed: 2
Deleted: 0
Not cleaned: 2
Submitted: 3
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D013304477F3689E5815D4051F89C4AF_B896423E-2448-4D8A-99D7-8418E033B493
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\1932



##################
bitdefender
##################
Scanned File Status
C:\Documents and Settings\Victor\Application Data\Sun\Java\Deployment\cache\6.0\26\1E758E5A-41C9A8EB.0
Infected with: Gen:Variant.Kazy.17420
C:\Documents and Settings\Victor\Application Data\Sun\Java\Deployment\cache\6.0\26\1E758E5A-41C9A8EB.0
Deleted
C:\Documents and Settings\Victor\Local Settings\Application Data\PVL.0XE
Infected with: Gen:Variant.Kazy.17420
C:\Documents and Settings\Victor\Local Settings\Application Data\PVL.0XE
Deleted
C:\System Volume Information\_restore{6B299F5C-DAC6-4829-A17B-91899EE94AF1}\RP195\A0015494.exe
Infected with: Gen:Variant.Kazy.17420
C:\System Volume Information\_restore{6B299F5C-DAC6-4829-A17B-91899EE94AF1}\RP195\A0015494.exe
Deleted


##################
RootkitReveal.txt
##################
HKU\S-1-5-21-839522115-1078081533-682003330-1003\Software\Adobe\MediaBrowser\MRU\illustrator\ApplicationPath 8/28/2010 7:49 PM 91 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-839522115-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL 8/21/2010 10:00 PM 73 bytes Data mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 8/21/2010 8:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/21/2010 8:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\ASUS\AI Gear3\EPU\MB\CurrentPower 4/2/2011 5:31 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{CBE92BF9-3679-4ACA-A2B6-FB60B1F5C635}\Icon 9/27/2010 9:33 PM 45 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{CBE92BF9-3679-4ACA-A2B6-FB60B1F5C635}\Icon 9/27/2010 9:33 PM 45 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg\except.cfg 4/2/2011 5:51 PM 456 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\avg9\Log\avgexc.log 4/2/2011 5:51 PM 314 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\avg9\Log\avgexc.log.lock 4/2/2011 5:51 PM 0 bytes Hidden from Windows API.

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi Blade81,

Sorry for the late reply. Haven't had a chance to run your instructions.

I downloaded combo fix and tried running, however I have Free AVG installed. I know I need to uninstall it, however my doubts are if I should install any other AV after that, or leave the PC without any AV and wait for further instructions from you.

Thanks again!

Vic.

Hi,

Leave system without antivirus until we've finished cleaning.

Have been fighting with this without success. Had problems removing AVG, but got that figured out.

Now I'm not able to run combofix. Ran a few times and it freezes my PC forcing me to do a hard reset. I also got a message that a couple of files got corrupted.

Should I ran it in safe mode?

Note: I have disabled Firewall and Spybot before running combofix.

=============================

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 4/13/2011
Time: 5:13:54 PM
User: N/A
Computer: DESKTOP-XP
Description:
Application popup: cmd.cfxxe - Corrupt File : The file or directory C:\ComboFix\NT-OSS~1 is corrupt and unreadable. Please run the Chkdsk utility.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

========================================================================

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 4/13/2011
Time: 5:20:12 PM
User: N/A
Computer: DESKTOP-XP
Description:
Application popup: PEV.cfxxe - Corrupt File : The file or directory C:\Documents and Settings\Victor\Local Settings\Temp\catchme.dll is corrupt and unreadable. Please run the Chkdsk utility.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hi,

Yes, try in safe mode (ensuring no protection software is running).

Tried that as well... no luck. System still freezes.

Hi,

Disable protection software and then try to run ComboFix by following steps below:

Click START then RUN
Now copy-paste Combofix /nombr in the runbox and click OK

It ran ok in safe mode. :)

===============================

ComboFix 11-04-12.02 - Administrator 04/14/2011 15:52:27.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3054 [GMT -4:00]
Running from: f:\temp\virus\ComboFix.exe
Command switches used :: /nombr
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Victor\Application Data\ntos.exe
c:\windows\regedit.com
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 00:17 . 2011-04-14 00:17 -------- d-----w- c:\windows\LastGood
2011-04-13 23:48 . 2011-04-13 23:48 -------- d-----w- C:\found.001
2011-04-02 23:02 . 2011-04-02 23:02 -------- d-----w- c:\program files\Common Files\Java
2011-04-02 20:25 . 2011-04-02 20:25 -------- d-----w- c:\program files\ERUNT
2011-04-02 20:06 . 2011-04-02 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-02 20:06 . 2011-04-02 20:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-02 19:44 . 2011-04-02 19:44 388096 ----a-r- c:\documents and settings\Victor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 19:44 . 2011-04-02 19:44 -------- d-----w- c:\program files\Trend Micro
2011-04-02 17:48 . 2011-04-02 19:39 -------- d-----w- c:\windows\BDOSCAN8
2011-04-02 17:07 . 2011-04-02 17:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\f-secure
2011-04-02 17:07 . 2011-04-02 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-04-02 16:56 . 2011-04-02 16:56 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-04-02 16:53 . 2011-04-02 16:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-02 16:53 . 2011-04-02 16:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2011-03-25 13:34 . 2011-03-25 13:34 -------- d-----w- C:\found.000
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 02:37 . 2010-06-01 23:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-03-29 02:37 . 2010-06-01 23:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-03-29 02:37 . 2010-06-01 23:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-03-29 02:37 . 2010-06-04 15:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-03-29 02:37 . 2010-06-01 23:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-02-03 02:40 . 2011-01-06 01:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19 . 2011-01-06 01:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-01-07 5831296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-11-18 33697792]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-03-31 2548552]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Victor\Start Menu\Programs\Startup\
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2010-8-21 133632]
Yankee Clipper III.lnk - c:\program files\YCIII\YankClip.exe [2010-8-21 1368064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 27576]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [12/13/2010 10:57 AM 24521]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 239368]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [12/14/2010 1:47 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [12/14/2010 1:47 AM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [12/14/2010 1:47 AM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [12/14/2010 1:47 AM 24960]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [12/14/2010 1:47 AM 25728]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [12/13/2010 10:57 AM 155184]
S3 MJW;MJW;c:\docume~1\Victor\LOCALS~1\Temp\MJW.exe --> c:\docume~1\Victor\LOCALS~1\Temp\MJW.exe [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SZGMOLOKODUDDNMJ;SZGMOLOKODUDDNMJ;c:\docume~1\Victor\LOCALS~1\Temp\SZGMOLOKODUDDNMJ.exe --> c:\docume~1\Victor\LOCALS~1\Temp\SZGMOLOKODUDDNMJ.exe [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/21/2010 10:01 PM 1425280]
S3 XU;XU;c:\docume~1\ADMINI~1\LOCALS~1\Temp\XU.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\XU.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {80068271-6A7E-4D1E-9CF4-E458A38BD00E} = 208.67.222.222
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\documents and settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 15:58
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1078081533-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,b6,fc,c5,56,ee,e7,46,a9,5b,e9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,b6,fc,c5,56,ee,e7,46,a9,5b,e9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-14 15:59:14
ComboFix-quarantined-files.txt 2011-04-14 19:59
.
Pre-Run: 24,832,090,112 bytes free
Post-Run: 26,728,644,608 bytes free
.
- - End Of File - - 20DC164812891DE81BAE33A0D85C7A5A

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



Driver::
MJW
SZGMOLOKODUDDNMJ
XU
File::
c:\docume~1\Victor\LOCALS~1\Temp\MJW.exe
c:\docume~1\Victor\LOCALS~1\Temp\SZGMOLOKODUDDNMJ.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\XU.exe
C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f



Save this as
CFScript.txt to your desktop

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.


Make sure that you have above created CFScript.txt file on your desktop before doing the following:

Disable protection software and then try to run ComboFix by following steps below:

Click START then RUN
Now copy-paste Combofix "%userprofile%\desktop\CFScript.txt" /nombr in the runbox and click OK


Wait for ComboFix to proceed and post back the report.



Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall this old Java:
Java(TM) SE Development Kit 6 Update 23


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Sorry for the delay.

Tried running combofix (safe mode) and I'm getting a weird file name error... doesn't make sense. I searched online for a solution and the only I could find was to move combofix to C:\, which did not solve it.

combofix was also updated as I ran it, so it's the latest version.

===============================================
Combofix "%userprofile%\desktop\CFScript.txt" /nombr
----------------------------------------------------

---------------------------
CFScript Name Error
---------------------------
Were you trying to run CFScript?



The name, CFScript appears to be incorrectly spelt
---------------------------
OK
---------------------------

----------------------------------------------------

C:\Documents and Settings\Administrator\Desktop>dir
Volume in drive C has no label.
Volume Serial Number is 905E-6B0C

Directory of C:\Documents and Settings\Administrator\Desktop

04/20/2011 01:24 AM <DIR> .
04/20/2011 01:24 AM <DIR> ..
04/12/2011 01:20 AM 4,075,362 123.reg
04/20/2011 01:24 AM 377 CFScript.txt
04/02/2011 01:07 PM 1,258 readme.txt
04/20/2011 01:24 AM 514 Shortcut to ComboFix.exe.lnk
08/21/2010 09:39 PM 455 Shortcut to Downloads.lnk
08/21/2010 10:04 PM 124 to_download.txt
6 File(s) 4,078,090 bytes
2 Dir(s) 27,078,434,816 bytes free

Here's to confirm the contents of the file:


victor@opensuse:/windows/C/Documents and Settings/Administrator/Desktop> cat CFScript.txt
Driver::
MJW
SZGMOLOKODUDDNMJ
XU
File::
c:\docume~1\Victor\LOCALS~1\Temp\MJW.exe
c:\docume~1\Victor\LOCALS~1\Temp\SZGMOLOKODUDDNMJ.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\XU.exe
C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f

Hi,

This line shouldn't be in CFScript.txt file:

victor@opensuse:/windows/C/Documents and Settings/Administrator/Desktop> cat CFScript.txt

Take it off, please. Also, try this command while running ComboFix:
Combofix "%userprofile%\desktop\CFScript.txt"

Hi blade,

That line is not in the file. I dual boot this box with OpenSuse. Cat is a command to display the contents of a file. So that first line is actually what I type in the command prompt, and the following lines are the content of the file.

So I tried it again without "/nombr", it created a new restore point and it froze like before. When I forced reboot it froze on the BIOS screen; a cold reboot fixed it (seems like no harm done).

Tried it again with "/nombr" and gave me the same error message in regards to the wrong file name.

Any ideas?

Thanks!

Hi,

Please re-run OTL you did earlier and post back its OTL.txt contents.

Still there?

Hi Blade,

Sorry for the delay... implementation week... been working till very late every day.

Please don't close the thread. I will provide the information no later than next Tuesday.

Thanks!

Ok. Thanks for the heads up.

Sorry for the delay... Here's the data:

OTL logfile created on: 5/4/2011 12:10:00 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 21.94 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 384.05 Gb Free Space | 82.46% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XP | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\VirtuaWin\modules\vwKvasdoPager.exe ()
PRC - C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
PRC - C:\Program Files\VirtuaWin\modules\WinList.exe ()
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\YCIII\YankClip.exe (inteleXual.com)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (XU) -- File not found
SRV - (SZGMOLOKODUDDNMJ) -- File not found
SRV - (PEVSystemStart) -- File not found
SRV - (MJW) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)


========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\lgandadb.sys (Google Inc)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: TooManyTabs@visibotech.com:1.3.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/03/24 11:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/08/21 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions
[2010/09/09 21:32:22 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/11/28 22:52:13 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\TooManyTabs@visibotech.com
[2010/08/30 00:03:32 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\VMwareVMRC@vmware.com
[2011/01/25 22:36:17 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\searchplugins\askcom.xml
[2010/11/25 15:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\FACEPAD@LAZYRUSSIAN.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/01/05 21:54:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/05 21:54:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/14 15:58:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe (inteleXual.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/21 21:23:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 00:09:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2011/04/20 01:19:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/16 16:50:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/14 15:59:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/13 19:48:10 | 000,000,000 | ---D | C] -- C:\found.001
[2011/04/13 15:59:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/13 15:58:06 | 000,000,000 | ---D | C] -- C:\ComboFix1
[2011/04/12 01:32:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/12 01:32:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/12 01:32:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/12 01:27:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2011/04/10 19:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\My Documents\BlackBerry
[2011/04/10 18:27:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 00:09:39 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 00:09:39 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/04 00:08:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 00:02:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 00:02:07 | 3488,792,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 01:35:18 | 004,325,107 | ---- | M] () -- C:\ComboFix.exe
[2011/04/19 11:12:55 | 002,000,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 15:58:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/13 15:59:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/04/12 00:56:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2011/04/10 19:44:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 21:27:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 00:02:07 | 3488,792,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 01:35:15 | 004,325,107 | ---- | C] () -- C:\ComboFix.exe
[2011/04/13 15:59:21 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/04/12 01:36:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/12 01:32:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/12 01:32:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/12 01:32:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/12 01:32:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/12 01:32:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/02/06 21:49:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 20:31:26 | 000,610,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/17 01:46:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/14 01:36:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/12/14 01:36:30 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/13 16:21:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/05 00:06:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/11/25 15:10:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/06 23:02:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/04 01:02:05 | 000,017,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 01:41:40 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 01:36:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\PUTTY.RND
[2010/08/28 20:39:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2010/08/27 12:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 18:46:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Application Data\winscp.rnd
[2010/08/21 22:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/21 21:51:27 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/21 21:51:27 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/21 21:51:25 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/21 21:51:25 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/21 21:47:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/21 21:47:36 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/21 21:47:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/21 21:47:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/08/21 21:47:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/08/21 21:40:07 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/21 21:34:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/21 21:33:57 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/08/21 21:33:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2010/08/21 21:33:50 | 000,034,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/21 21:33:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/21 21:25:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 21:21:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/21 17:12:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/21 16:22:32 | 002,000,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe:SummaryInformation

< End of report >

Hi,

Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
SRV - (SZGMOLOKODUDDNMJ) -- File not found
SRV - (MJW) -- File not found
:Commands
[emptytemp]


Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log



Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Are you still there?

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.