Solved ie redirects; hijack this not run; no safe mode or sys restore

ocean · 2010/10/16

broni,
Here is the log from ComboFix+CFScript :

ComboFix 10-10-15.03 - binh 16/10/2010 16:36:19.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.895.567 [GMT 10:00]
Running from: c:\documents and settings\aaa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\aaa\Desktop\CFScript.txt

FILE ::
"c:\windows\System32\kav.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 02:12 . 2010-10-16 02:12 -------- d-----w- c:\documents and settings\aaa\Application Data\Malwarebytes
2010-10-16 02:12 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 02:11 . 2010-10-16 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 02:11 . 2010-10-16 02:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-16 02:11 . 2010-04-29 05:39 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 23:25 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-15 23:25 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-15 23:25 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-15 23:25 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-15 23:25 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-15 23:25 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-15 23:24 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-15 23:24 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-15 06:49 . 2010-10-15 06:49 -------- d-----w- c:\program files\ESET
2010-10-14 07:57 . 2010-10-15 23:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-10-14 07:57 . 2010-10-14 07:57 -------- d-----w- c:\program files\Alwil Software
2010-10-14 01:18 . 2001-08-17 12:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-10-14 01:18 . 2001-08-17 12:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-10-14 01:18 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-10-14 01:18 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-10-14 01:18 . 2001-08-17 04:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-10-14 01:18 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-10-11 02:07 . 2010-10-11 02:09 -------- d-----w- c:\windows\system32\NtmsData
2010-10-11 01:09 . 2010-10-11 01:09 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-10-11 01:09 . 2010-10-11 01:09 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-10-11 00:51 . 2010-10-11 00:52 -------- d-----w- c:\program files\Unlocker
2010-10-10 06:49 . 2001-08-17 12:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-10-10 06:49 . 2001-08-17 12:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-10-10 06:49 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-10-10 06:49 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-10-10 06:49 . 2001-08-17 04:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-10-10 06:49 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-10-10 06:49 . 2010-10-16 00:41 -------- d-----w- C:\TSTP
2010-10-10 06:31 . 2010-10-13 03:56 -------- d-----w- c:\program files\ATI
2010-10-08 05:18 . 2010-10-08 05:18 -------- d-----w- c:\documents and settings\aaa\Local Settings\Application Data\Help
2010-10-03 12:30 . 2001-08-23 12:00 272896 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-10-03 12:01 . 2010-10-03 12:01 -------- d-----w- c:\windows\system32\Logfiles
2010-10-03 10:36 . 2010-10-03 10:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 07:25 . 2010-10-02 07:25 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 919280]
"AdaptecDirectCD "= "c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-05-17 643072]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-08-08 155648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-08 202256]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IridiumTimeWizard]
2008-09-20 05:54 245760 ----a-w- f:\xp\misc\Iridium.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2002-08-29 10:41 1511453 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Share-to-Web Namespace Daemon "=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [15/05/2001 4:48 PM 12224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/10/2010 9:25 AM 165584]
R1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [17/05/2001 3:28 PM 229664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-05 00:32]

2010-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 17:02]

2010-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 17:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.Google.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
- - - - ORPHANS REMOVED - - - -

BHO-{CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(6056)
c:\windows\System32\msi.dll
c:\program files\Unlocker\UnlockerCOM.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Zone Labs\ZoneAlarm\zlavscan.dll
c:\progra~1\WinZip\WZSHLSTB.DLL
c:\progra~1\GLARYU~1\CONTEX~1.DLL
c:\progra~1\GLARYU~1\vcl70.bpl
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\progra~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-16 17:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-16 07:06
ComboFix2.txt 2010-10-14 04:06
ComboFix3.txt 2010-10-13 07:24

Pre-Run: 8,019,768,832 bytes free
Post-Run: 8,001,079,296 bytes free

- - End Of File - - 9A9085D95C5C642DE72C8458A1497695

Thanks.

ocean · 2010/10/16

broni,
I am afraid that I have an extremely serious concern. About a minute a go at 7:58pm 16 oct, I try to used FreshGet to download mp3 from www.abc.net.au again. Avast blocked a trojact from FreshGet & I have not use it again. pc is still working ok & seems not to be infected. We may have found the source & way of this trojan infection.

I look at C:\program files\freshget folder. There are :
*Five default files, all about size of 4.3mb, default.jcd (latest, yesterday evening), default.jcd.bak, default.bk1, default.bk2 & default.bk3
*Thirty four files, 16 pairs of .rpt & .dmp, with name like "freshget-(8 characters from 0-Z).rpt "/1kb or .dmp/0byte
*Two .jcs files (table.jcs/1kb & normal.jcs/1kb) and
*Two .tmp files (MFCCC.tmp/0byte & MFC156/0byte).
Hope these info helpful. Should I uninstall FreshGet & delete all entries ? Please advise. Many thanks

broni · 2010/10/16

Please, update MBAM, run "Quick scan" and post fresh log.

When done....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ocean · 2010/10/16

broni,
Sorry, All 3 logs or even 2 logs is too log for this reply space. Will post OTL & Extras logs in next replies.

Here is the MBAM log :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4855

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

17/10/2010 3:11:06 PM
mbam-log-2010-10-17 (15-11-06).txt

Scan type: Quick scan
Objects scanned: 179374
Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\(default) (Hijack.HomePage) -> Bad: ( "c:\program files\internet explorer\iexplore.exe" http://www.9384.com/?100077) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ocean · 2010/10/16

broni,
Here is the 1st half of OTL log :

OTL logfile created on: 17/10/2010 3:25:18 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\aaa\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

895.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 7.44 Gb Free Space | 39.94% Space Free | Partition Type: NTFS
Drive D: | 27.93 Gb Total Space | 6.18 Gb Free Space | 22.11% Space Free | Partition Type: FAT32
Drive E: | 27.94 Gb Total Space | 0.72 Gb Free Space | 2.59% Space Free | Partition Type: FAT32
Drive F: | 19.06 Gb Total Space | 0.91 Gb Free Space | 4.79% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: binh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\desktop\OTL.exe
PRC - [2010/09/08 01:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/08 23:50:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/05 05:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/03/09 00:02:00 | 000,919,280 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2002/08/29 20:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/05/17 15:25:10 | 000,643,072 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001/05/16 09:04:10 | 000,110,592 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\desktop\OTL.exe
MOD - [2010/07/05 07:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2002/08/29 20:39:20 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2002/08/29 03:41:32 | 000,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\aaa\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/08 14:47:09 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/08 09:24:34 | 000,053,072 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2010/08/08 09:24:34 | 000,022,201 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/09 00:02:10 | 000,394,192 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 05:39:20 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2002/08/29 18:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 22:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 22:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/05/17 15:39:30 | 000,213,248 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr.sys -- (UdfReadr)
DRV - [2001/05/17 15:30:50 | 000,009,622 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/05/17 15:30:42 | 000,017,686 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/05/17 15:30:34 | 000,062,070 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/05/17 15:28:26 | 000,229,664 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf.sys -- (cdudf)
DRV - [2001/05/15 16:48:28 | 000,012,224 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PrtSeqRd.sys -- (PrtSeqRd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/10/16 16:49:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
O4 - HKLM..\Run: [KAV] C:\WINDOWS\System32\kav.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WMC_AutoUpdate] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/16 23:56:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 14:46:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aaa\Desktop\OTL.exe
[2010/10/16 23:03:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/16 22:38:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aaa\Recent
[2010/10/16 16:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/16 14:31:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/16 12:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Malwarebytes
[2010/10/16 12:12:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/16 12:11:58 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/16 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/16 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/10/16 12:09:34 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\aaa\Desktop\mbam-setup-1.46.exe
[2010/10/16 09:25:04 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/16 09:25:03 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/16 09:25:02 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/16 09:25:01 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/16 09:25:01 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/16 09:25:00 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/16 09:24:34 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/16 09:24:33 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/15 16:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/14 17:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/14 17:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/10/13 13:46:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 13:46:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 13:46:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 13:46:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 13:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 13:45:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/11 12:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 11:10:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\aaa\Desktop\setup-spybotsd162.exe
[2010/10/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/10/11 11:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/10/11 10:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/10/10 16:49:23 | 000,000,000 | ---D | C] -- C:\TSTP
[2010/10/10 16:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/10/08 15:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Help
[2010/10/08 15:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Help
[2010/10/03 22:30:57 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/10/03 22:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2010/09/08 14:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/08/26 22:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Identities
[2010/08/08 23:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/08/08 23:52:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/08/08 23:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/08/08 23:50:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/08 23:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2010/08/08 23:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Real
[2010/08/08 23:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/08 23:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/08/08 23:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/08/08 23:24:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/08 22:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Apple Computer
[2010/08/08 22:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Apple Computer
[2010/08/08 22:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2010/08/08 22:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/08/08 20:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AdobeUM
[2010/08/08 17:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\$CUERoot$
[2010/08/08 10:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\My Documents\My Webs
[2010/08/08 09:24:34 | 000,053,072 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_2K.sys
[2010/08/08 09:24:34 | 000,045,056 | ---- | C] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2010/08/08 09:24:34 | 000,045,056 | ---- | C] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2010/08/08 09:24:34 | 000,022,201 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/08/08 09:13:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2010/08/08 09:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Microsoft Web Folders
[2010/08/08 01:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\GlarySoft
[2010/08/07 22:19:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2010/08/07 22:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/08/07 16:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Macromedia
[2010/08/07 14:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Adobe
[2010/08/07 14:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Adobe
[2010/08/07 07:22:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2010/08/07 07:22:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2010/08/07 07:22:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2010/08/07 07:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2010/08/07 07:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2010/08/07 07:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/07 07:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/08/07 07:21:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2010/08/07 07:21:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2010/08/07 07:16:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/08/07 07:16:12 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/08/07 07:16:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/08/07 07:16:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/08/07 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Google
[2010/08/07 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Google
[2010/08/07 01:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2010/08/07 01:24:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/07 01:01:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/07 01:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/08/07 00:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Lavasoft
[2010/08/07 00:33:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\aaa\UserData
[2010/08/07 00:22:05 | 000,075,512 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2010/08/07 00:21:36 | 000,071,408 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2010/08/07 00:21:30 | 000,083,696 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2010/08/07 00:21:30 | 000,071,408 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/08/07 00:21:21 | 000,046,832 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2010/08/07 00:21:20 | 001,087,216 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2010/08/07 00:21:19 | 000,100,080 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2010/08/07 00:21:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/07 00:21:17 | 000,276,208 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2010/08/07 00:21:17 | 000,104,176 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/08/07 00:21:16 | 000,394,192 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2010/08/07 00:20:22 | 000,472,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2010/08/07 00:20:22 | 000,157,424 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2010/08/07 00:20:22 | 000,083,696 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2010/08/07 00:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/07 00:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AVG7
[2010/08/07 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
[2010/08/07 00:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/06 23:32:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/06 23:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Share-to-Web Upload Folder
[2010/08/06 23:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/08/06 23:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\NCH Swift Sound
[2010/08/06 23:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/08/06 23:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/08/06 23:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Registry Booster
[2010/08/06 23:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/06 23:10:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents\My Videos
[2010/08/06 22:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\NOS
[2010/08/06 21:55:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/08/06 21:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Identities
[2010/08/06 21:55:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents\My Pictures
[2010/08/06 21:55:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents\My Music
[2010/08/06 21:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft
[2010/08/06 21:54:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\aaa\Application Data\Microsoft
[2010/08/06 21:54:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\aaa\Cookies
[2010/08/06 21:54:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aaa\SendTo
[2010/08/06 21:54:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aaa\Application Data
[2010/08/06 21:54:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\Start Menu
[2010/08/06 21:54:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents
[2010/08/06 21:54:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\Favorites
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\Templates
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\PrintHood
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\NetHood
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\Local Settings
[2010/08/06 21:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\desktop
[2010/08/06 21:48:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/08/06 21:48:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/08/06 21:48:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/08/06 21:46:21 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/08/06 21:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/08/06 21:43:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2010/08/06 21:42:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/08/06 21:42:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/08/06 21:42:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/08/06 21:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/08/06 21:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/08/06 21:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/08/06 21:40:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2010/08/06 21:40:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/08/06 21:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2010/08/06 21:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2010/08/06 21:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/08/06 21:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/08/06 21:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/08/01 00:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tag Support Plugin for Media Player
[2010/07/25 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

ocean · 2010/10/16

broni,
Here is 2nd half of OTL log :

========== Files - Modified Within 90 Days ==========

[2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\Desktop\OTL.exe
[2010/10/17 14:33:54 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/17 14:33:54 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/10/17 12:27:40 | 000,049,617 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/17 12:27:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 12:26:59 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/16 21:35:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/16 16:49:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/16 14:31:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/16 14:22:29 | 003,879,060 | R--- | M] () -- C:\Documents and Settings\aaa\Desktop\ComboFix.exe
[2010/10/16 12:12:04 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 12:09:40 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\aaa\Desktop\mbam-setup-1.46.exe
[2010/10/16 11:18:20 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2010/10/16 11:18:10 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Shortcut to iexplore.exe.lnk
[2010/10/16 10:30:02 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2010/10/16 09:25:04 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/10/16 09:25:01 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/15 09:33:11 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Windows Explorer.lnk
[2010/10/13 14:01:56 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/13 14:01:56 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/13 08:49:13 | 000,143,920 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Dk.bak
[2010/10/11 11:29:05 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image (2).bmp
[2010/10/11 11:22:28 | 000,001,745 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101011-143038.backup
[2010/10/11 11:19:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/11 11:16:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Spybot - Search & Destroy.lnk
[2010/10/11 11:13:16 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\aaa\Desktop\setup-spybotsd162.exe
[2010/10/11 11:01:15 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Glary Utilities.lnk
[2010/10/11 10:41:09 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image.bmp
[2010/10/10 23:56:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/10/08 17:19:37 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\commodities.lnk
[2010/10/03 22:31:46 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/03 21:54:51 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/03 21:54:49 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/10/03 21:49:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/03 21:49:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/02 17:25:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/09/08 14:48:44 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Director.lnk
[2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/08 01:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/08 00:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 07:33:47 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\SystemLook.exe
[2010/08/11 16:34:23 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\diskbackup.lnk
[2010/08/11 13:02:04 | 000,000,429 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\ReclaimLeakedRAM.lnk
[2010/08/09 09:42:56 | 011,962,447 | ---- | M] () -- C:\AVG7QT.DAT
[2010/08/08 23:50:19 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/08 23:37:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/08 23:36:18 | 000,110,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/08 23:27:59 | 000,233,632 | RHS- | M] () -- C:\ntldr
[2010/08/08 23:27:59 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/08 22:36:09 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2010/08/08 22:34:54 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/08 22:33:44 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/08 20:46:05 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Hldg Cost Base.lnk
[2010/08/08 17:28:08 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/08 09:36:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp956C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpCD4C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp906C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2C5C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp275C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp225C9.FOT
[2010/08/08 09:25:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2010/08/08 09:24:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\uneng.exe
[2010/08/08 09:24:34 | 000,053,072 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_2K.sys
[2010/08/08 09:24:34 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2010/08/08 09:24:34 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2010/08/08 09:24:34 | 000,022,201 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/08/08 09:24:27 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/08 09:14:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/08 09:14:19 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/07 23:28:47 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Gmail Email from Google.url
[2010/08/07 19:33:28 | 000,000,429 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.bat.lnk
[2010/08/07 01:50:31 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet.lnk
[2010/08/07 01:35:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/07 01:01:29 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/07 01:01:29 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/08/07 00:47:38 | 000,000,429 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.lnk
[2010/08/07 00:25:24 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEE6B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpA27B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp676B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp626B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3F5B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2B6B7.FOT
[2010/08/06 23:09:34 | 000,000,268 | ---- | M] () -- C:\WINDOWS\KCHESSW.INI
[2010/08/06 23:09:30 | 000,000,097 | ---- | M] () -- C:\WINDOWS\iridium.ini
[2010/08/06 23:08:57 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\IrfanView.lnk
[2010/08/06 22:26:59 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Audacity.lnk
[2010/08/06 21:51:23 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/06 21:49:58 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/06 21:44:40 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/06 21:44:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/06 21:39:39 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/01 21:36:52 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\MBRCheck.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/16 15:22:46 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 14:31:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/16 14:31:11 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2010/10/16 14:22:29 | 003,879,060 | R--- | C] () -- C:\Documents and Settings\aaa\Desktop\ComboFix.exe
[2010/10/16 12:12:04 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 11:18:20 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2010/10/16 11:18:10 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Shortcut to iexplore.exe.lnk
[2010/10/16 10:41:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/16 10:30:02 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2010/10/16 09:25:04 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/10/15 09:33:11 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Windows Explorer.lnk
[2010/10/13 13:46:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 13:46:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 13:46:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 13:46:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 13:46:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/11 14:30:38 | 000,001,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101011-143038.backup
[2010/10/11 11:28:49 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image (2).bmp
[2010/10/11 11:16:28 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Spybot - Search & Destroy.lnk
[2010/10/11 11:01:17 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/11 11:01:15 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Glary Utilities.lnk
[2010/10/11 10:40:54 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image.bmp
[2010/10/10 16:48:36 | 000,143,920 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Dk.bak
[2010/10/08 17:19:37 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\commodities.lnk
[2010/10/03 22:30:36 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/10/03 22:30:36 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/03 22:30:36 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/10/03 22:30:35 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/03 22:30:35 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/10/03 22:30:35 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/10/03 22:30:35 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/10/03 22:30:35 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/10/03 22:30:35 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/03 22:30:35 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/10/03 22:30:35 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/10/03 22:30:27 | 000,001,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\quotes
[2010/10/03 21:16:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/03 21:16:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/02 17:25:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/10/02 17:25:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/09/08 14:48:44 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Director.lnk
[2010/09/04 07:33:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\SystemLook.exe
[2010/08/11 16:34:23 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\diskbackup.lnk
[2010/08/11 13:02:04 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\ReclaimLeakedRAM.lnk
[2010/08/09 09:42:52 | 011,962,447 | ---- | C] () -- C:\AVG7QT.DAT
[2010/08/08 23:52:31 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/08/08 23:52:30 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/08/08 23:23:48 | 001,325,568 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2010/08/08 23:22:56 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2010/08/08 23:22:39 | 000,004,294 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010/08/08 23:22:20 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/08 23:21:51 | 000,842,268 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2010/08/08 23:21:46 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010/08/08 23:20:35 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/08/08 23:20:35 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/08/08 23:20:34 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/08/08 23:20:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/08/08 23:20:17 | 000,766,934 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2010/08/08 23:20:15 | 000,019,514 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/08/08 23:20:14 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2010/08/08 23:19:51 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/08/08 22:36:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2010/08/08 22:34:54 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/08 22:33:44 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/08 20:46:05 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Hldg Cost Base.lnk
[2010/08/08 17:28:08 | 000,005,630 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\HPCOM_48BitScanUpdate.log
[2010/08/08 17:28:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/08 09:36:54 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp956C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpCD4C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp906C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2C5C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp275C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp225C9.FOT
[2010/08/08 09:25:23 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2010/08/08 09:24:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2010/08/08 09:14:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/08 09:14:19 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/07 22:18:23 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/07 19:33:28 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.bat.lnk
[2010/08/07 18:34:07 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Gmail Email from Google.url
[2010/08/07 07:22:43 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/07 07:22:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/07 07:22:13 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/08/07 07:21:59 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/08/07 07:21:59 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/08/07 07:21:59 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/08/07 07:21:59 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/08/07 07:21:58 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/08/07 07:21:58 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/08/07 07:21:58 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/08/07 07:21:19 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/07 07:20:04 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/07 01:50:31 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet.lnk
[2010/08/07 01:02:16 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverTool.log
[2010/08/07 01:01:29 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/07 01:01:29 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/08/07 00:47:38 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.lnk
[2010/08/07 00:22:22 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/07 00:21:36 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/08/07 00:21:16 | 000,049,617 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEE6B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpA27B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp676B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp626B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3F5B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2B6B7.FOT
[2010/08/06 23:09:34 | 000,000,268 | ---- | C] () -- C:\WINDOWS\KCHESSW.INI
[2010/08/06 23:09:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\iridium.ini
[2010/08/06 23:08:57 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\IrfanView.lnk
[2010/08/06 22:26:59 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Audacity.lnk
[2010/08/06 21:55:22 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/06 21:55:08 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/06 21:51:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/06 21:49:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 21:47:49 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/08/06 21:47:28 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/08/06 21:47:09 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/08/06 21:47:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/08/06 21:44:48 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/06 21:44:43 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/08/06 21:44:40 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/06 21:42:08 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/08/06 21:41:15 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/08/06 21:41:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/08/06 21:41:12 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/08/06 21:41:05 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/08/06 21:39:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/06 21:38:23 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/08/06 21:38:23 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/08/06 21:38:19 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/08/06 21:38:02 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/08/01 21:36:52 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\MBRCheck.exe
[2010/06/15 16:56:57 | 000,593,408 | ---- | C] () -- C:\WINDOWS\libmysql.dll
[2001/08/23 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/08 17:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\$CUERoot$
[2010/10/14 13:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\AVG7
[2010/08/19 23:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\GlarySoft
[2010/08/06 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\NCH Swift Sound
[2010/08/06 23:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\Registry Booster
[2010/10/16 09:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/10/14 13:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
[2010/08/06 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/10/10 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/10/11 11:34:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/10/17 14:33:54 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/04/16 23:56:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/09 09:42:56 | 011,962,447 | ---- | M] () -- C:\AVG7QT.DAT
[2010/08/07 01:35:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/16 14:31:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/16 10:30:02 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2006/07/14 23:21:44 | 000,000,835 | ---- | M] () -- C:\ChangeVLKeySP1.vbs
[2002/08/29 01:05:52 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2005/04/16 23:56:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/04/02 17:49:17 | 000,324,669 | ---- | M] () -- C:\D0204p13.pdf
[2009/10/20 10:31:23 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/10/17 12:26:59 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2005/04/16 23:56:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/16 23:56:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/08 23:27:59 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/08 23:27:59 | 000,233,632 | RHS- | M] () -- C:\ntldr
[2010/10/17 12:26:57 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys
[2007/01/12 19:22:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/01/12 21:28:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/01/12 23:03:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/01/13 12:14:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/01/13 14:38:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/01/13 15:46:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/01/13 16:56:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/01/13 17:27:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/01/13 17:32:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/01/12 19:22:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/01/12 21:28:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/01/12 23:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/01/13 12:14:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/01/13 14:38:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/01/13 15:46:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/01/13 16:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/01/13 17:27:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/01/13 17:32:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/08/01 00:16:29 | 000,077,768 | ---- | M] () -- C:\winzip.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/08/06 21:44:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/08/07 07:20:07 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/08/07 07:20:07 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/08/07 07:20:07 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/08/08 23:32:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/03 22:31:10 | 000,000,139 | -HS- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/08/08 23:37:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/16 14:22:29 | 003,879,060 | R--- | M] () -- C:\Documents and Settings\aaa\desktop\ComboFix.exe
[2010/10/16 12:09:40 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\aaa\desktop\mbam-setup-1.46.exe
[2010/08/01 21:36:52 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\aaa\desktop\MBRCheck.exe
[2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\desktop\OTL.exe
[2010/10/11 11:13:16 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\aaa\desktop\setup-spybotsd162.exe
[2010/09/04 07:33:47 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\aaa\desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 23:37:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\aaa\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/17 14:55:44 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\aaa\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2002/08/29 20:41:28 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2004/08/04 00:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2010/08/08 23:22:10 | 000,005,102 | ---- | M] () -- C:\Program Files\Messenger\logo.gif
[2002/12/17 10:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 10:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/21 13:29:46 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/08/21 13:29:46 | 000,109,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2002/08/29 17:36:24 | 000,221,215 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2002/08/29 20:41:26 | 001,511,453 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2002/08/29 20:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 10:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 10:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 10:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/21 13:30:08 | 000,203,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\rtcimsp.dll
[2002/12/17 10:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34

< End of report >

ocean · 2010/10/16

broni,
Here is the Extras log :

OTL Extras logfile created on: 17/10/2010 3:25:18 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\aaa\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

895.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 7.44 Gb Free Space | 39.94% Space Free | Partition Type: NTFS
Drive D: | 27.93 Gb Total Space | 6.18 Gb Free Space | 22.11% Space Free | Partition Type: FAT32
Drive E: | 27.94 Gb Total Space | 0.72 Gb Free Space | 2.59% Space Free | Partition Type: FAT32
Drive F: | 19.06 Gb Total Space | 0.91 Gb Free Space | 4.79% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: binh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1E8CF57A-24E8-4A97-9564-A8F1956C447B}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EF729AE1-4AE9-402A-AF64-5C5A8150F549}" = HP Photo and Imaging 1.2 - Scanjet 4570c Series
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"DivXCodec" = DivX 4.12 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FlashGet" = FlashGet 1.9.6.1073
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"HijackThis" = HijackThis 1.99.1
"InstallShield_{1E8CF57A-24E8-4A97-9564-A8F1956C447B}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"RealPlayer 12.0" = RealPlayer
"Unlocker" = Unlocker 1.9.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 1a
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2010 1:21:39 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2010 5:31:24 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module unknown, version 0.0.0.0, fault address 0x04c25ec6.

Error - 12/10/2010 8:14:18 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000028fa.

Error - 12/10/2010 8:28:28 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000028fa.

Error - 12/10/2010 8:44:07 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000028fa.

Error - 12/10/2010 9:06:31 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000028fa.

Error - 12/10/2010 9:11:40 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000028fa.

Error - 12/10/2010 10:11:44 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000028fa.

Error - 13/10/2010 1:59:03 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module unknown, version 0.0.0.0, fault address 0x01f47c06.

Error - 13/10/2010 1:59:30 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module unknown, version 0.0.0.0, fault address 0x01ef8afe.

[ System Events ]
Error - 16/10/2010 2:48:25 AM | Computer Name = DESKTOP | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 16/10/2010 2:48:55 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 16/10/2010 5:42:56 AM | Computer Name = DESKTOP | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 16/10/2010 5:42:56 AM | Computer Name = DESKTOP | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 16/10/2010 5:43:25 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 16/10/2010 8:23:51 AM | Computer Name = DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0040F4B3DC49 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 16/10/2010 8:24:03 AM | Computer Name = DESKTOP | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 16/10/2010 8:24:03 AM | Computer Name = DESKTOP | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 16/10/2010 8:24:33 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 16/10/2010 10:18:24 AM | Computer Name = DESKTOP | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

< End of report >

broni · 2010/10/17

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED} - No CLSID value found.
O4 - HKLM..\Run: [WMC_AutoUpdate] File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2010/08/07 00:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AVG7
[2010/08/07 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
[2010/08/09 09:42:56 | 011,962,447 | ---- | M] () -- C:\AVG7QT.DAT
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

ocean · 2010/10/17

broni,
Java updated. Here is 1st part of the OTL log :

OTL logfile created on: 17/10/2010 5:08:14 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\aaa\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

895.00 Mb Total Physical Memory | 559.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 7.16 Gb Free Space | 38.45% Space Free | Partition Type: NTFS
Drive D: | 27.93 Gb Total Space | 6.18 Gb Free Space | 22.11% Space Free | Partition Type: FAT32
Drive E: | 27.94 Gb Total Space | 0.72 Gb Free Space | 2.59% Space Free | Partition Type: FAT32
Drive F: | 19.06 Gb Total Space | 0.91 Gb Free Space | 4.78% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: binh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\desktop\OTL.exe
PRC - [2010/09/08 01:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/08 23:50:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/05 05:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/03/09 00:02:00 | 000,919,280 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2002/08/29 20:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/05/17 15:25:10 | 000,643,072 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001/05/16 09:04:10 | 000,110,592 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\desktop\OTL.exe
MOD - [2010/07/05 07:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2002/08/29 20:39:20 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2002/08/29 03:41:32 | 000,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\aaa\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/08 14:47:09 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/08 09:24:34 | 000,053,072 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2010/08/08 09:24:34 | 000,022,201 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/09 00:02:10 | 000,394,192 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 05:39:20 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2002/08/29 18:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 22:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 22:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/05/17 15:39:30 | 000,213,248 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr.sys -- (UdfReadr)
DRV - [2001/05/17 15:30:50 | 000,009,622 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/05/17 15:30:42 | 000,017,686 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/05/17 15:30:34 | 000,062,070 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/05/17 15:28:26 | 000,229,664 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf.sys -- (cdudf)
DRV - [2001/05/15 16:48:28 | 000,012,224 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PrtSeqRd.sys -- (PrtSeqRd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/10/16 16:49:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
O4 - HKLM..\Run: [KAV] C:\WINDOWS\System32\kav.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WMC_AutoUpdate] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/16 23:56:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 17:06:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aaa\Desktop\TFC.exe
[2010/10/17 16:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/17 16:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/10/17 16:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 16:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/17 16:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Sun
[2010/10/17 14:46:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aaa\Desktop\OTL.exe
[2010/10/16 23:03:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/16 22:38:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aaa\Recent
[2010/10/16 16:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/16 14:31:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/16 12:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Malwarebytes
[2010/10/16 12:12:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/16 12:11:58 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/16 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/16 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/10/16 12:09:34 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\aaa\Desktop\mbam-setup-1.46.exe
[2010/10/16 09:25:04 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/16 09:25:03 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/16 09:25:02 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/16 09:25:01 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/16 09:25:01 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/16 09:25:00 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/16 09:24:34 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/16 09:24:33 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/15 16:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/14 17:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/14 17:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/10/13 13:46:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 13:46:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 13:46:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 13:46:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 13:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 13:45:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/11 12:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 11:10:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\aaa\Desktop\setup-spybotsd162.exe
[2010/10/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/10/11 11:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/10/11 10:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/10/10 16:49:23 | 000,000,000 | ---D | C] -- C:\TSTP
[2010/10/10 16:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/10/08 15:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Help
[2010/10/08 15:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Help
[2010/10/03 22:30:57 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/10/03 22:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2010/09/08 14:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/08/26 22:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Identities
[2010/08/08 23:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/08/08 23:52:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/08/08 23:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/08/08 23:50:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/08 23:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2010/08/08 23:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Real
[2010/08/08 23:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/08 23:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/08/08 23:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/08/08 23:24:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/08 22:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Apple Computer
[2010/08/08 22:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Apple Computer
[2010/08/08 22:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2010/08/08 22:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/08/08 20:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AdobeUM
[2010/08/08 17:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\$CUERoot$
[2010/08/08 10:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\My Documents\My Webs
[2010/08/08 09:24:34 | 000,053,072 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_2K.sys
[2010/08/08 09:24:34 | 000,045,056 | ---- | C] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2010/08/08 09:24:34 | 000,045,056 | ---- | C] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2010/08/08 09:24:34 | 000,022,201 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/08/08 09:13:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2010/08/08 09:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Microsoft Web Folders
[2010/08/08 01:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\GlarySoft
[2010/08/07 22:19:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2010/08/07 22:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/08/07 16:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Macromedia
[2010/08/07 14:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Adobe
[2010/08/07 14:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Adobe
[2010/08/07 07:22:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2010/08/07 07:22:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2010/08/07 07:22:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2010/08/07 07:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2010/08/07 07:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2010/08/07 07:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/07 07:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/08/07 07:21:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2010/08/07 07:21:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2010/08/07 07:16:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/08/07 07:16:12 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/08/07 07:16:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/08/07 07:16:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/08/07 07:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/08/07 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Google
[2010/08/07 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Google
[2010/08/07 01:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2010/08/07 01:24:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/07 01:01:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/07 01:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/08/07 00:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Lavasoft
[2010/08/07 00:33:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\aaa\UserData
[2010/08/07 00:22:05 | 000,075,512 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2010/08/07 00:21:36 | 000,071,408 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2010/08/07 00:21:30 | 000,083,696 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2010/08/07 00:21:30 | 000,071,408 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/08/07 00:21:21 | 000,046,832 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2010/08/07 00:21:20 | 001,087,216 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2010/08/07 00:21:19 | 000,100,080 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2010/08/07 00:21:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/07 00:21:17 | 000,276,208 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2010/08/07 00:21:17 | 000,104,176 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/08/07 00:21:16 | 000,394,192 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2010/08/07 00:20:22 | 000,472,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2010/08/07 00:20:22 | 000,157,424 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2010/08/07 00:20:22 | 000,083,696 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2010/08/07 00:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/07 00:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AVG7
[2010/08/07 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
[2010/08/07 00:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/06 23:32:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/06 23:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Share-to-Web Upload Folder
[2010/08/06 23:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/08/06 23:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\NCH Swift Sound
[2010/08/06 23:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/08/06 23:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/08/06 23:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Registry Booster
[2010/08/06 23:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/06 23:10:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents\My Videos
[2010/08/06 22:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\NOS
[2010/08/06 21:55:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/08/06 21:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\Identities
[2010/08/06 21:55:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents\My Pictures
[2010/08/06 21:55:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents\My Music
[2010/08/06 21:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft
[2010/08/06 21:54:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\aaa\Application Data\Microsoft
[2010/08/06 21:54:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\aaa\Cookies
[2010/08/06 21:54:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aaa\SendTo
[2010/08/06 21:54:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aaa\Application Data
[2010/08/06 21:54:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\Start Menu
[2010/08/06 21:54:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\My Documents
[2010/08/06 21:54:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aaa\Favorites
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\Templates
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\PrintHood
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\NetHood
[2010/08/06 21:54:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\aaa\Local Settings
[2010/08/06 21:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\desktop
[2010/08/06 21:48:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/08/06 21:48:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/08/06 21:48:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/08/06 21:46:21 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/08/06 21:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/08/06 21:43:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2010/08/06 21:42:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/08/06 21:42:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/08/06 21:42:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/08/06 21:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/08/06 21:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/08/06 21:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/08/06 21:40:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2010/08/06 21:40:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/08/06 21:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2010/08/06 21:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2010/08/06 21:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/08/06 21:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/08/06 21:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/08/01 00:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tag Support Plugin for Media Player
[2010/07/25 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

ocean · 2010/10/17

broni,
Here is 2nd half of the OTL log :

========== Files - Modified Within 90 Days ==========

[2010/10/17 17:06:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\Desktop\TFC.exe
[2010/10/17 17:05:49 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\SecurityCheck.exe
[2010/10/17 16:57:08 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\JavaRa.zip
[2010/10/17 16:08:58 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/17 16:08:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/10/17 16:05:08 | 000,049,617 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/17 16:04:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 16:04:25 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 14:46:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaa\Desktop\OTL.exe
[2010/10/16 21:35:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/16 16:49:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/16 14:31:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/16 14:22:29 | 003,879,060 | R--- | M] () -- C:\Documents and Settings\aaa\Desktop\ComboFix.exe
[2010/10/16 12:12:04 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 12:09:40 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\aaa\Desktop\mbam-setup-1.46.exe
[2010/10/16 11:18:20 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2010/10/16 11:18:10 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Shortcut to iexplore.exe.lnk
[2010/10/16 10:30:02 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2010/10/16 09:25:04 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/10/16 09:25:01 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/15 09:33:11 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Windows Explorer.lnk
[2010/10/13 14:01:56 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/13 14:01:56 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/13 08:49:13 | 000,143,920 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Dk.bak
[2010/10/11 11:29:05 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image (2).bmp
[2010/10/11 11:22:28 | 000,001,745 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101011-143038.backup
[2010/10/11 11:19:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/11 11:16:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Spybot - Search & Destroy.lnk
[2010/10/11 11:13:16 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\aaa\Desktop\setup-spybotsd162.exe
[2010/10/11 11:01:15 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Glary Utilities.lnk
[2010/10/11 10:41:09 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image.bmp
[2010/10/10 23:56:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/10/08 17:19:37 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\commodities.lnk
[2010/10/03 22:31:46 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/03 21:54:51 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/03 21:54:49 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/10/03 21:49:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/03 21:49:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/02 17:25:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/09/08 14:48:44 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Director.lnk
[2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/08 01:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/08 00:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 07:33:47 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\SystemLook.exe
[2010/08/11 16:34:23 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\diskbackup.lnk
[2010/08/11 13:02:04 | 000,000,429 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\ReclaimLeakedRAM.lnk
[2010/08/09 09:42:56 | 011,962,447 | ---- | M] () -- C:\AVG7QT.DAT
[2010/08/08 23:50:19 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/08 23:37:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/08 23:36:18 | 000,110,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/08 23:27:59 | 000,233,632 | RHS- | M] () -- C:\ntldr
[2010/08/08 23:27:59 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/08 22:36:09 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2010/08/08 22:34:54 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/08 22:33:44 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/08 20:46:05 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Hldg Cost Base.lnk
[2010/08/08 17:28:08 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/08 09:36:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp956C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpCD4C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp906C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2C5C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp275C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp225C9.FOT
[2010/08/08 09:25:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2010/08/08 09:24:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\uneng.exe
[2010/08/08 09:24:34 | 000,053,072 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_2K.sys
[2010/08/08 09:24:34 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2010/08/08 09:24:34 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2010/08/08 09:24:34 | 000,022,201 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/08/08 09:24:27 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/08 09:14:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/08 09:14:19 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/07 23:28:47 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Gmail Email from Google.url
[2010/08/07 19:33:28 | 000,000,429 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.bat.lnk
[2010/08/07 01:50:31 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet.lnk
[2010/08/07 01:35:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/07 01:01:29 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/07 01:01:29 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/08/07 00:47:38 | 000,000,429 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.lnk
[2010/08/07 00:25:24 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEE6B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpA27B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp676B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp626B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3F5B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2B6B7.FOT
[2010/08/06 23:09:34 | 000,000,268 | ---- | M] () -- C:\WINDOWS\KCHESSW.INI
[2010/08/06 23:09:30 | 000,000,097 | ---- | M] () -- C:\WINDOWS\iridium.ini
[2010/08/06 23:08:57 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\IrfanView.lnk
[2010/08/06 22:26:59 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\Audacity.lnk
[2010/08/06 21:51:23 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/06 21:49:58 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/06 21:44:40 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/06 21:44:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/06 21:39:39 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/01 21:36:52 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\aaa\Desktop\MBRCheck.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 17:05:42 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\SecurityCheck.exe
[2010/10/17 16:57:08 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\JavaRa.zip
[2010/10/16 15:22:46 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 14:31:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/16 14:31:11 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2010/10/16 14:22:29 | 003,879,060 | R--- | C] () -- C:\Documents and Settings\aaa\Desktop\ComboFix.exe
[2010/10/16 12:12:04 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 11:18:20 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2010/10/16 11:18:10 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Shortcut to iexplore.exe.lnk
[2010/10/16 10:41:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/16 10:30:02 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2010/10/16 09:25:04 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/10/15 09:33:11 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Windows Explorer.lnk
[2010/10/13 13:46:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 13:46:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 13:46:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 13:46:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 13:46:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/11 14:30:38 | 000,001,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101011-143038.backup
[2010/10/11 11:28:49 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image (2).bmp
[2010/10/11 11:16:28 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Spybot - Search & Destroy.lnk
[2010/10/11 11:01:17 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/11 11:01:15 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Glary Utilities.lnk
[2010/10/11 10:40:54 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\New Bitmap Image.bmp
[2010/10/10 16:48:36 | 000,143,920 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Dk.bak
[2010/10/08 17:19:37 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\commodities.lnk
[2010/10/03 22:30:36 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/10/03 22:30:36 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/03 22:30:36 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/10/03 22:30:35 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/03 22:30:35 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/10/03 22:30:35 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/10/03 22:30:35 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/10/03 22:30:35 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/10/03 22:30:35 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/03 22:30:35 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/10/03 22:30:35 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/10/03 22:30:27 | 000,001,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\quotes
[2010/10/03 21:16:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/03 21:16:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/02 17:25:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/10/02 17:25:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/09/08 14:48:44 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Director.lnk
[2010/09/04 07:33:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\SystemLook.exe
[2010/08/11 16:34:23 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\diskbackup.lnk
[2010/08/11 13:02:04 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\ReclaimLeakedRAM.lnk
[2010/08/09 09:42:52 | 011,962,447 | ---- | C] () -- C:\AVG7QT.DAT
[2010/08/08 23:52:31 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/08/08 23:52:30 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1383384898-1957994488-1003.job
[2010/08/08 23:23:48 | 001,325,568 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2010/08/08 23:22:56 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2010/08/08 23:22:39 | 000,004,294 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010/08/08 23:22:20 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/08 23:21:51 | 000,842,268 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2010/08/08 23:21:46 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010/08/08 23:20:35 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/08/08 23:20:35 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/08/08 23:20:34 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/08/08 23:20:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/08/08 23:20:17 | 000,766,934 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2010/08/08 23:20:15 | 000,019,514 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/08/08 23:20:14 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2010/08/08 23:19:51 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/08/08 22:36:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2010/08/08 22:34:54 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/08 22:33:44 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/08 20:46:05 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Hldg Cost Base.lnk
[2010/08/08 17:28:08 | 000,005,630 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\HPCOM_48BitScanUpdate.log
[2010/08/08 17:28:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/08 09:36:54 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp956C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpCD4C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp906C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2C5C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp275C9.FOT
[2010/08/08 09:36:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp225C9.FOT
[2010/08/08 09:25:23 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2010/08/08 09:24:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2010/08/08 09:14:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/08 09:14:19 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/07 22:18:23 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/07 19:33:28 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.bat.lnk
[2010/08/07 18:34:07 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Gmail Email from Google.url
[2010/08/07 07:22:43 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/07 07:22:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/07 07:22:13 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/08/07 07:21:59 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/08/07 07:21:59 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/08/07 07:21:59 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/08/07 07:21:59 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/08/07 07:21:58 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/08/07 07:21:58 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/08/07 07:21:58 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/08/07 07:21:19 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/07 07:20:04 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/07 01:50:31 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet.lnk
[2010/08/07 01:02:16 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverTool.log
[2010/08/07 01:01:29 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/07 01:01:29 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/08/07 00:47:38 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\ReclaimLeakedRAM.lnk
[2010/08/07 00:22:22 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/07 00:21:36 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/08/07 00:21:16 | 000,049,617 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEE6B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpA27B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp676B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp626B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3F5B7.FOT
[2010/08/06 23:53:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2B6B7.FOT
[2010/08/06 23:09:34 | 000,000,268 | ---- | C] () -- C:\WINDOWS\KCHESSW.INI
[2010/08/06 23:09:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\iridium.ini
[2010/08/06 23:08:57 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\IrfanView.lnk
[2010/08/06 22:26:59 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\Audacity.lnk
[2010/08/06 21:55:22 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/06 21:55:08 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\aaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/06 21:51:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/06 21:49:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 21:47:49 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/08/06 21:47:28 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/08/06 21:47:09 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/08/06 21:47:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/08/06 21:44:48 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/06 21:44:43 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/08/06 21:44:40 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/06 21:42:08 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/08/06 21:41:15 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/08/06 21:41:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/08/06 21:41:12 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/08/06 21:41:05 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/08/06 21:39:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/06 21:38:23 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/08/06 21:38:23 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/08/06 21:38:19 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/08/06 21:38:02 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/08/01 21:36:52 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\aaa\Desktop\MBRCheck.exe
[2010/06/15 16:56:57 | 000,593,408 | ---- | C] () -- C:\WINDOWS\libmysql.dll
[2001/08/23 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/08 17:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\$CUERoot$
[2010/10/14 13:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\AVG7
[2010/08/19 23:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\GlarySoft
[2010/08/06 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\NCH Swift Sound
[2010/08/06 23:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaa\Application Data\Registry Booster
[2010/10/16 09:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/10/14 13:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
[2010/08/06 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/10/10 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/10/11 11:34:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/10/17 16:08:58 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< O2 - BHO: (no name) - {CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED} - No CLSID value found. >

< O4 - HKLM..\Run: [WMC_AutoUpdate] File not found >

< O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg >
Invalid Switch: wmv9VCM.CAB (Reg

< Error: Key error.) >

< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >

< [2010/08/07 00:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AVG7 >
Invalid Switch: 07 00:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aaa\Application Data\AVG7

< [2010/08/07 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 >
Invalid Switch: 07 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7

< [2010/08/09 09:42:56 | 011,962,447 | ---- | M] () -- C:\AVG7QT.DAT >
Invalid Switch: 09 09:42:56 | 011,962,447 | ---- | M] () -- C:\AVG7QT.DAT

< @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34 >

< >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34

< End of report >

Here is the Security Check log :

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 1
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
ESET Online Scanner v3
ZoneAlarm
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

ocean · 2010/10/17

broni,
Here is the ESETScan log :

C:\Qoobox\Quarantine\[4]-Submit_2010-10-14_13.42.34.zip multiple threats
C:\Qoobox\Quarantine\[4]-Submit_2010-10-16_10.28.39.zip multiple threats
C:\Qoobox\Quarantine\C\Documents and Settings\aaa\Application Data\Dk.sys.vir probably a variant of Win32/Genetik trojan
C:\Qoobox\Quarantine\C\Documents and Settings\aaa\Application Data\Dk.Tmp.vir probably a variant of Win32/Genetik trojan
C:\Qoobox\Quarantine\C\Documents and Settings\aaa\Start Menu\eBay.lnk.vir Win32/Adware.ADON application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Desktop\¸Ã„±Ã¤Ã„Ã£µÃ„Ã’»Ã‰Ãº.url.vir Win32/StartPage.NSJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Desktop\ÃŒÃ”±¦¹ºÃŽÃ¯A.url.vir Win32/StartPage.NUJ trojan
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\pci.sys.vir Win32/AntiAV.NFJ trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\20101013084838.dll.vir a variant of Win32/PSW.OnLineGames.PEA trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\imm32.dll.vir Win32/Agent.RYG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wininet.dll.vir Win32/Patched.GA trojan
C:\Qoobox\Quarantine\F\av1.zip a variant of Win32/AutoRun.Delf.HK worm
C:\Qoobox\Quarantine\F\av2.zip a variant of Win32/AutoRun.Delf.HK worm
D:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058717.exe a variant of Win32/AutoRun.Delf.HK worm
D:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058718.EXE probably a variant of Win32/Agent.NFZCMP trojan
E:\System Volume Information\_restore{6AEBBE71-8241-48CA-900F-3B60DD95C0B4}\RP1206\A0874409.exe a variant of Win32/Adware.RegistryEasy application
E:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058721.EXE probably a variant of Win32/Agent.NFZCMP trojan
E:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058722.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP66\A0049629.DLL probably a variant of Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051766.DLL probably a variant of Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051771.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051870.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051875.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051945.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051951.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051994.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051995.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051997.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0051998.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0053992.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0053993.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0053995.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0053996.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0055089.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0055092.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0055093.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP67\A0055095.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055201.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055202.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055205.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055206.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055317.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055318.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055320.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0055321.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0056453.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0056454.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0056455.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0056457.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP68\A0056458.DLL Win32/PSW.WOW.NSN trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058723.DLL Win32/PSW.OnLineGames.PEK trojan
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058724.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058725.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058726.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058727.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058728.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058729.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058730.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058731.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058732.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058733.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058734.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058735.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058736.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058737.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058738.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058739.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058740.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058741.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058742.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058743.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058744.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058745.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058746.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP71\A0058747.exe a variant of Win32/AutoRun.Delf.HK worm
F:\System Volume Information\_restore{32F2E97D-A842-4A4D-8181-C5DC84287FC2}\RP73\A0073361.exe a variant of Win32/AutoRun.Delf.HK worm

Thanks.

broni · 2010/10/17

You posted wrong OTL log.
Please, re-read my reply #28, run OTL fix and post a log from the fix.

Eset findings will be removed in our next, last step, which I'll post as soon, as I receive OTL fix log.

We'll have to remember to install SP3 on your computer.

ocean · 2010/10/17

broni,
Please accept my apology. I think I hit quick scan instead of fix. Here is the OTL log :

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WMC_AutoUpdate deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
C:\Documents and Settings\aaa\Application Data\AVG7 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\QUEUE\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\QUEUE\OUT folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\QUEUE\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\QUEUE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 folder moved successfully.
C:\AVG7QT.DAT moved successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: aaa
->Temp folder emptied: 3569 bytes
->Temporary Internet Files folder emptied: 196943 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Binh

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: yen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 51146 bytes
RecycleBin emptied: 220209 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: aaa
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Binh

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: yen

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10182010_104201

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\ZLT02c8e.TMP moved successfully.
C:\WINDOWS\temp\ZLT02c91.TMP moved successfully.

Registry entries deleted on Reboot...

broni · 2010/10/17

Good

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

ocean · 2010/10/17

broni,
Thanks. Should I try to see whether 'sefe mode', 'system restore' and use 'FreshGet' to download mp3 from www.abc.net.au works & without infected ?

broni · 2010/10/17

After completing all the above steps, go ahead.
That ABC site is listed in green on WOT, so I doubt it was the culprit.

ocean · 2010/10/17

broni,
I did up to step 7 FTC & downloaded Secunia Personal Software Inspector & FileHippo Update Checker so far. I did not do 'sefe mode', 'system restore' and 'FreshGet' yet.

Unfortunately, there is still one infection after MBAM quick scan, Please see log. I also notice for the 1st time that my 'recycle bin' disappear on desktop. I couldn't find it in win ex either. So I try to perform 'search' on win ex, it doesn't work. 'Seach' displays message "search companion + '!' in yellow triangular box + ok button ". I then hit ok then stop. Nothing happens ! Please advise, thanks.

Here is the OTL log :

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: aaa
->Temp folder emptied: 401 bytes
->Temporary Internet Files folder emptied: 180626 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Binh

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: yen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 51146 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: aaa
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Binh

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: yen

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.15.2 log created on 10182010_112155

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\ZLT037c1.TMP moved successfully.
C:\WINDOWS\temp\ZLT037c4.TMP moved successfully.

Registry entries deleted on Reboot...

Here is the MBAM log :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4855

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

18/10/2010 12:08:57 PM
mbam-log-2010-10-18 (12-08-57).txt

Scan type: Quick scan
Objects scanned: 179251
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\(default) (Hijack.HomePage) -> Bad: ( "c:\program files\internet explorer\iexplore.exe" http://www.9384.com/?100077) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/10/17

Missing recycle bin, see here: http://support.microsoft.com/kb/810869

ocean · 2010/10/17

broni,
Thanks. So PC still good & should I try 'sefe mode', 'system restore' and 'FreshGet' now ? What's the infection on MBAM scan anyway ? what about the 'search' problem ? Any idea ?

broni · 2010/10/17

I wouldn't worry about one MBAM finding.
You're suppose to run it once in a while anyway.

Did you get your recycle bin back?

You may also have some system files issues.

Go Start>Run ( "Start Search" in Vista/7), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).

Log in or Sign up

Solved ie redirects; hijack this not run; no safe mode or sys restore

ocean Inactive Thread Starter

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

ocean Inactive Thread Starter

ocean Inactive Thread Starter

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

ocean Inactive Thread Starter

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved ie redirects; hijack this not run; no safe mode or sys restore

ocean Inactive Thread Starter

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

ocean Inactive Thread Starter

ocean Inactive Thread Starter

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

ocean Inactive Thread Starter

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

ocean Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches