XP AntiVirus Protection

[victorbrca]

Hi Blade,

Sorry for the delay... implementation week... been working till very late every day.

Please don't close the thread. I will provide the information no later than next Tuesday.

Thanks!

 

[Blade81]

Ok. Thanks for the heads up.

 

[victorbrca]

Sorry for the delay... Here's the data:

OTL logfile created on: 5/4/2011 12:10:00 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 21.94 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 384.05 Gb Free Space | 82.46% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XP | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\VirtuaWin\modules\vwKvasdoPager.exe ()
PRC - C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
PRC - C:\Program Files\VirtuaWin\modules\WinList.exe ()
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\YCIII\YankClip.exe (inteleXual.com)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Victor\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (XU) -- File not found
SRV - (SZGMOLOKODUDDNMJ) -- File not found
SRV - (PEVSystemStart) -- File not found
SRV - (MJW) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)


========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\lgandadb.sys (Google Inc)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: TooManyTabs@visibotech.com:1.3.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 03:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/03/24 11:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/08/21 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions
[2010/09/09 21:32:22 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/11/28 22:52:13 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/04/02 15:53:49 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\TooManyTabs@visibotech.com
[2010/08/30 00:03:32 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\extensions\VMwareVMRC@vmware.com
[2011/01/25 22:36:17 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\3d40vikk.default\searchplugins\askcom.xml
[2010/11/25 15:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\FACEPAD@LAZYRUSSIAN.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VICTOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3D40VIKK.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/01/05 21:54:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/05 21:54:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/14 15:58:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Victor\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe (inteleXual.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/21 21:23:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 00:09:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2011/04/20 01:19:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/16 16:50:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/14 15:59:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/13 19:48:10 | 000,000,000 | ---D | C] -- C:\found.001
[2011/04/13 15:59:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/13 15:58:06 | 000,000,000 | ---D | C] -- C:\ComboFix1
[2011/04/12 01:32:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/12 01:32:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/12 01:32:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/12 01:27:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2011/04/10 19:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\My Documents\BlackBerry
[2011/04/10 18:27:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 00:09:39 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 00:09:39 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/04 00:08:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 00:02:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 00:02:07 | 3488,792,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 01:35:18 | 004,325,107 | ---- | M] () -- C:\ComboFix.exe
[2011/04/19 11:12:55 | 002,000,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 15:58:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/13 15:59:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/04/12 00:56:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2011/04/10 19:44:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 21:27:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 00:02:07 | 3488,792,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 01:35:15 | 004,325,107 | ---- | C] () -- C:\ComboFix.exe
[2011/04/13 15:59:21 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/04/12 01:36:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/12 01:32:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/12 01:32:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/12 01:32:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/12 01:32:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/12 01:32:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/03/30 22:48:29 | 000,013,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k3gf5y4w6865444l7cxg0ohs8015opk8482f
[2011/02/06 21:49:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/26 20:31:26 | 000,610,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/17 01:46:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/14 01:36:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/12/14 01:36:30 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/13 16:21:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/05 00:06:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/11/25 15:10:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/06 23:02:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/04 01:02:05 | 000,017,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 01:41:40 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 01:36:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\PUTTY.RND
[2010/08/28 20:39:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\prvlcl.dat
[2010/08/27 12:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 18:46:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Victor\Application Data\winscp.rnd
[2010/08/21 22:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/21 21:51:27 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/21 21:51:27 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/21 21:51:25 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/21 21:51:25 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/21 21:47:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/21 21:47:36 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/21 21:47:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/21 21:47:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/08/21 21:47:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/08/21 21:40:07 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/21 21:34:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/21 21:33:57 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/08/21 21:33:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2010/08/21 21:33:50 | 000,034,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/21 21:33:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/21 21:25:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 21:21:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/21 17:12:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/21 16:22:32 | 002,000,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe:SummaryInformation

< End of report >

 

[Blade81]

Hi,

Let's run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - (SZGMOLOKODUDDNMJ) -- File not found
  SRV - (MJW) -- File not found
  :Commands
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply.

 

[Blade81]

Are you still there?

 

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.