Virus: HTML:Iframe-inf (Engine-B)
Virus found while downloading Web content.
Address: www.google-analytics.com
Status: Access denied.
OTL Extras logfile created on: 4/1/2011 9:45:38 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Roslan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.04 Gb Total Space | 17.40 Gb Free Space | 46.98% Space Free | Partition Type: NTFS
Drive D: | 37.44 Gb Total Space | 10.16 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: ROSLAN-P4 | User Name: Roslan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Nexon\Counter-Strike Online\Bin\cstrike-online.exe" = C:\Program Files\Nexon\Counter-Strike Online\Bin\cstrike-online.exe:*:Enabled:Counter-Strike Online
"C:\Program Files\Nexon\Counter-Strike Online\Bin\NMService.exe" = C:\Program Files\Nexon\Counter-Strike Online\Bin\NMService.exe:*:Enabled:Nexon Messenger Core
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A003011-002C-446B-AF91-D6C13C0E08FE}" = Ad-Aware Total Security
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{101FD2B3-E03A-4944-8646-4D258E24156A}" = HP Printer Utility
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5783F2D7-8009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2010 - English
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA5710C5-184C-4294-8848-871431EA80FB}" = HP Web Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoCAD LT 2000 Uninstall" = AutoCAD LT 2000
"AutoCAD LT 2010 - English" = AutoCAD LT 2010 - English
"avast" = avast! Internet Security
"Canon LBP3010/LBP3018/LBP3050" = Canon LBP3010/LBP3018/LBP3050
"Converber" = Converber 1.3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Updater" = Google Updater
"HP Designjet T610 Printer Series" = HP Designjet T610 Printer Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 5.2.13
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"SmartSuite V97.0" = Lotus SmartSuite 97
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/5/2011 11:11:34 PM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 5.0.0.327, faulting module
acrobat.exe, version 5.0.0.327, fault address 0x000ad6b7.
Error - 1/20/2011 7:06:40 PM | Computer Name = ROSLAN-P4 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 1/27/2011 2:20:49 AM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application wordpro.exe, version 97.0.823.0, faulting module
wordpro.exe, version 97.0.823.0, fault address 0x00007f58.
Error - 2/16/2011 10:47:03 PM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application wordpro.exe, version 97.0.823.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001245f.
Error - 2/17/2011 2:01:41 AM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application wordpro.exe, version 97.0.823.0, faulting module
wordpro.exe, version 97.0.823.0, fault address 0x00007f58.
Error - 2/18/2011 9:32:24 PM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application wksss.exe, version 9.7.613.0, faulting module
wksssdb.dll, version 9.7.621.0, fault address 0x000e8ffe.
Error - 2/23/2011 9:38:20 PM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application wordpro.exe, version 97.0.823.0, faulting module
wordpro.exe, version 97.0.823.0, fault address 0x00007f58.
Error - 3/8/2011 2:49:23 AM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application wordpro.exe, version 97.0.823.0, faulting module
unknown, version 0.0.0.0, fault address 0x00ffe2e6.
Error - 3/10/2011 4:47:19 AM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
gcswf32.dll, version 10.2.154.18, fault address 0x0002f021.
Error - 3/29/2011 4:37:26 AM | Computer Name = ROSLAN-P4 | Source = Application Error | ID = 1000
Description = Faulting application au_.exe, version 1.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00a81067.
[ System Events ]
Error - 3/28/2011 7:42:32 PM | Computer Name = ROSLAN-P4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D4104D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 3/29/2011 7:29:04 PM | Computer Name = ROSLAN-P4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D4104D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 3/30/2011 4:04:37 AM | Computer Name = ROSLAN-P4 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 3/30/2011 4:04:37 AM | Computer Name = ROSLAN-P4 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 3/30/2011 4:04:37 AM | Computer Name = ROSLAN-P4 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 3/30/2011 7:28:46 PM | Computer Name = ROSLAN-P4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D4104D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 3/31/2011 2:15:27 AM | Computer Name = ROSLAN-P4 | Source = Service Control Manager | ID = 7000
Description = The avast! Asynchronous Virus Monitor service failed to start due
to the following error: %%2
Error - 3/31/2011 7:41:49 PM | Computer Name = ROSLAN-P4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D4104D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 3/31/2011 7:44:06 PM | Computer Name = ROSLAN-P4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ad-Aware Scheduler service
to connect.
Error - 3/31/2011 7:44:06 PM | Computer Name = ROSLAN-P4 | Source = Service Control Manager | ID = 7000
Description = The Ad-Aware Scheduler service failed to start due to the following
error: %%1053
< End of report >
OTL logfile created on: 4/1/2011 9:45:38 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Roslan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.04 Gb Total Space | 17.40 Gb Free Space | 46.98% Space Free | Partition Type: NTFS
Drive D: | 37.44 Gb Total Space | 10.16 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: ROSLAN-P4 | User Name: Roslan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Roslan\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\AutoCAD LT 2000\aclt.exe (Autodesk, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe (Lavasoft AB)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (Lavasoft AB)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (Lavasoft AB)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe (Lavasoft AB)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Roslan\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (AVKService) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe (Lavasoft AB)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (Lavasoft AB)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (Lavasoft AB)
SRV - (GDBackupSvc) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe (Lavasoft AB)
SRV - (GDTunerSvc) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe (Lavasoft AB)
SRV - (AVKWCtl) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe ()
SRV - (GDFwSvc) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe (Lavasoft AB)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
========== Driver Services (SafeList) ==========
DRV - (GRD) -- C:\WINDOWS\system32\drivers\GRD.sys (G Data Software)
DRV - (GDNdisIc) -- C:\WINDOWS\system32\drivers\GDNdisIc.sys (G Data Software AG)
DRV - (GDTdiInterceptor) -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\WINDOWS\system32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\WINDOWS\system32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\WINDOWS\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10131.699
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/11 17:26:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 16:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/31 14:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 16:48:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 16:46:54 | 000,000,000 | ---D | M]
[2011/03/29 16:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roslan\Application Data\Mozilla\Extensions
[2011/03/29 16:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roslan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/23 10:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roslan\Application Data\Mozilla\Extensions\[email protected]
[2011/04/01 08:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roslan\Application Data\Mozilla\Firefox\Profiles\pslasryu.default\extensions
[2011/03/30 07:36:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roslan\Application Data\Mozilla\Firefox\Profiles\pslasryu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/01 08:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/29 16:46:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/30 15:47:24 | 000,000,000 | ---D | M] (Ad-Aware WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/09/11 17:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/03/31 14:11:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/09/11 17:26:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/20 07:27:36 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/03/20 07:27:36 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/14 08:16:26 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/09/11 17:26:06 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/07/14 08:15:48 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/07/14 08:15:58 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2011/03/20 07:27:37 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/05/15 00:01:48 | 000,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/03 08:48:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/07/14 08:16:26 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2011/03/20 06:27:12 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/20 06:27:12 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/20 06:27:12 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/20 06:27:12 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/03/20 06:27:12 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/20 06:27:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/20 06:27:12 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: ([2003/07/17 04:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe (Lavasoft AB)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe (Lavasoft AB)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [PUStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RunPUTasktray] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Roslan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\Roslan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.23.239.24 208.67.222.222
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\lavasoft\ad-aware total security\avkkid\avkcks.exe) - c:\Program Files\Lavasoft\Ad-Aware Total Security\AVKKid\AvkCKS.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Roslan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roslan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/11 10:07:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16d7698d-9e97-11df-87fe-001320d4104d}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{16d7698d-9e97-11df-87fe-001320d4104d}\Shell\menu1\command - "" = F:\Install.exe
O33 - MountPoints2\{7efd2c90-9e7f-11de-8655-001320d4104d}\Shell\AutoRun\command - "" = F:\ph.exe
O33 - MountPoints2\{7efd2c90-9e7f-11de-8655-001320d4104d}\Shell\open\Command - "" = F:\ph.exe
O33 - MountPoints2\{af470597-b950-11df-882c-001320d4104d}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{af470597-b950-11df-882c-001320d4104d}\Shell\mobile\command - "" = F:\MobileLaunch.exe
O33 - MountPoints2\{c4673406-ac0d-11de-8679-001320d4104d}\Shell\AutoRun\command - "" = y8.exe
O33 - MountPoints2\{c4673406-ac0d-11de-8679-001320d4104d}\Shell\open\Command - "" = y8.exe
O33 - MountPoints2\{e01ab04c-9f33-11de-865b-001320d4104d}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
O33 - MountPoints2\{e01ab04c-9f33-11de-865b-001320d4104d}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
O33 - MountPoints2\{f70ad10a-af31-11df-881c-001320d4104d}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
O33 - MountPoints2\{f70ad10a-af31-11df-881c-001320d4104d}\Shell\explore\Command - "" = F:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
O33 - MountPoints2\{f70ad10a-af31-11df-881c-001320d4104d}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/31 14:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/03/31 14:13:00 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/31 14:13:00 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/31 14:12:58 | 000,101,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/03/31 14:12:35 | 000,192,728 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/03/31 14:12:34 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/31 14:12:34 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/31 14:12:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/31 14:12:33 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/31 14:12:33 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/31 14:12:32 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/31 14:11:20 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/03/31 14:11:19 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/31 14:11:06 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/31 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/31 14:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/30 16:05:18 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/03/30 15:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Total Security
[2011/03/30 15:47:05 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/03/30 15:47:04 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/03/30 15:46:57 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/03/30 15:46:57 | 000,038,600 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011/03/30 15:46:54 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/03/30 15:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/03/30 15:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/03/30 15:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/03/29 16:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/07 07:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonSG
[2011/03/07 07:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/03/07 07:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roslan\Local Settings\Application Data\CSO
[2011/03/07 07:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nexon
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/01 09:50:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/01 09:26:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004UA.job
[2011/04/01 09:26:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004Core.job
[2011/04/01 07:44:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/01 07:42:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/01 07:41:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 14:13:01 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/03/31 14:12:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/30 16:05:18 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/03/30 15:47:05 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/03/30 15:47:04 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/03/30 15:46:57 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/03/30 15:46:57 | 000,038,600 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011/03/30 15:46:54 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/03/30 15:41:59 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/30 12:37:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/30 08:11:51 | 000,251,904 | -HS- | M] () -- C:\radial.cdb
[2011/03/29 16:47:02 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Roslan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/29 16:47:02 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/28 07:31:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 12:27:28 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Roslan\Desktop\Google Chrome.lnk
[2011/03/25 12:27:28 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Roslan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/16 10:00:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 14:58:48 | 000,024,872 | ---- | M] () -- C:\Documents and Settings\Roslan\Desktop\leave application form.lwp
[2011/03/11 13:02:36 | 000,007,277 | ---- | M] () -- C:\Documents and Settings\Roslan\Desktop\My Places.kmz
[2011/03/09 11:29:11 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Roslan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 08:34:42 | 000,050,172 | ---- | M] () -- C:\Documents and Settings\Roslan\Desktop\petrol claim.lwp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/31 14:13:01 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/03/30 15:47:44 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/29 16:47:02 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Roslan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/29 16:47:02 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/11 13:02:36 | 000,007,277 | ---- | C] () -- C:\Documents and Settings\Roslan\Desktop\My Places.kmz
[2011/03/07 07:25:29 | 000,251,904 | -HS- | C] () -- C:\radial.cdb
[2011/02/17 10:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2010/07/07 16:52:51 | 000,207,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/04 11:29:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/06/04 11:29:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/05/13 18:26:57 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\Roslan\Application Data\wklnhst.dat
[2009/10/13 15:43:34 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/15 17:19:04 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Roslan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:39:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/11 17:38:22 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/11 16:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/11 11:42:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/09/11 11:33:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2009/09/11 11:33:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2009/09/11 11:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2009/09/11 11:22:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2009/09/11 10:28:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/09/11 10:12:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/11 10:05:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/17 04:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/17 04:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/17 04:41:25 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/17 04:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/17 04:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/17 04:41:21 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/17 04:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/17 04:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/17 04:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/17 04:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/17 04:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1996/02/22 09:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/19 09:23:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\lodbc09.dll
[1996/01/15 09:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 09:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 09:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini
========== LOP Check ==========
[2010/12/16 16:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/09/12 10:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/03/31 14:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/10/14 15:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2011/03/30 15:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/03/07 07:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/03/07 07:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonSG
[2010/12/22 11:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/13 15:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/03/30 12:41:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/22 11:05:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/09/12 10:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\Autodesk
[2010/06/04 11:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\InterTrust
[2011/04/01 10:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\LimeWire
[2009/09/16 12:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\OpenOffice.org
[2010/08/03 08:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\Sony
[2010/08/03 08:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\Sony Setup
[2010/05/13 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\Template
[2010/12/22 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roslan\Application Data\TuneUp Software
[2011/03/30 12:37:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/03/07 07:25:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Roslan\My Documents\?? ???) -- C:\Documents and Settings\Roslan\My Documents\넥슨 플러그
[2011/03/07 07:25:57 | 000,000,000 | ---D | C](C:\Documents and Settings\Roslan\My Documents\?? ???) -- C:\Documents and Settings\Roslan\My Documents\넥슨 플러그
< End of report >
Edited by Avenger7, 31 March 2011 - 08:57 PM.