[Solved] Bad image pop up, malware maybe?

oscar1987 · Dec 12, 2010

here is the rest of the

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.136.95.2 64.132.94.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\1400_1050 Think Americas Map.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/12 12:24:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/12 10:39:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Oscar\Recent
[2010/12/11 19:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/11 19:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/11 19:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/11 19:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/11 19:44:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/11 19:42:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/11 16:52:18 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/11 12:10:28 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/11 12:10:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/11 12:10:27 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/11 12:10:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/11 12:10:26 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/11 12:10:26 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/11 12:10:26 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/11 12:09:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/11 12:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/11 12:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/11 10:47:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/11 10:45:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/11 10:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 10:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Registry Mechanic
[2010/12/11 10:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/12/11 10:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/11/21 17:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\droid
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010/12/12 14:44:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/12 14:35:33 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Shortcut to ComboFix.lnk
[2010/12/12 13:47:24 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/12/12 13:47:16 | 000,008,888 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/12/12 13:47:14 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/12 13:47:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
[2010/12/12 13:46:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/12 13:46:32 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/12 13:18:14 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
[2010/12/11 16:52:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/11 14:50:20 | 104,857,600 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\SecureDrive.vol
[2010/12/11 12:10:28 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/11 11:16:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
[2010/12/11 10:47:21 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 09:42:41 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010/12/05 09:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/22 20:21:58 | 000,091,226 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\SC_PPT_2a_oscarnunez_3_3.pptx
[2010/11/22 19:04:36 | 000,043,364 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\SCPPT2a_Ear.emf
[2010/11/21 17:14:18 | 001,602,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/12/12 14:35:33 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Shortcut to ComboFix.lnk
[2010/12/12 12:24:40 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010/12/12 12:24:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/11 19:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/11 19:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/11 19:44:12 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/11 19:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/11 19:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/11 12:10:28 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/11 10:47:21 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 09:42:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/22 20:21:59 | 000,091,226 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\SC_PPT_2a_oscarnunez_3_3.pptx
[2010/11/22 19:04:35 | 000,043,364 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\SCPPT2a_Ear.emf
[2010/11/05 16:47:00 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/09/18 08:19:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Oscar\Application Data\AVSMediaPlayer.m3u
[2010/09/18 08:06:15 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/18 08:06:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/06 20:47:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/14 19:24:58 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/01/24 02:20:44 | 000,003,804 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/29 23:27:51 | 000,010,448 | ---- | C] () -- C:\WINDOWS\System32\sbnetkey.sys
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/09/11 10:53:44 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/09/11 10:50:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/09/11 10:50:15 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008/09/11 10:50:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Brwmark.ini
[2008/09/11 10:50:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2008/09/11 10:47:52 | 000,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008/09/11 10:47:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2008/09/11 10:47:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/09/11 10:47:52 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/03/07 17:14:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/02/21 19:02:13 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 20:18:14 | 000,002,887 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/13 22:27:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\fusioncache.dat
[2008/01/13 22:26:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2008/01/13 22:26:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2008/01/13 22:24:22 | 000,008,888 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2008/01/13 22:24:22 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2008/01/13 22:12:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/13 22:11:42 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/01/13 22:00:26 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2008/01/13 21:59:53 | 000,000,146 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/13 21:47:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008/01/13 21:46:12 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/01/13 21:46:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/02/02 19:37:10 | 000,004,676 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/17 18:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/09 14:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 13:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/06/24 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2008/01/13 22:26:57 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2010/12/12 13:18:14 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
[2008/01/13 22:06:46 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2008/01/13 22:12:58 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/08/09 13:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/12 14:46:01 | 000,015,670 | ---- | M] () -- C:\ComboFix.txt
[2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2008/01/13 22:00:50 | 000,002,418 | ---- | M] () -- C:\drivez.log
[2009/02/24 10:31:41 | 000,008,978 | ---- | M] () -- C:\EasyCD Ripper_log.txt
[2009/04/14 11:24:30 | 000,173,420 | ---- | M] () -- C:\EZ Dock_log.txt
[2010/12/12 13:46:32 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/17 13:49:15 | 000,175,349 | ---- | M] () -- C:\IbmEgath.XML
[2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/02/13 07:40:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/11 08:41:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/12 13:46:29 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2008/09/10 21:48:26 | 000,001,296 | ---- | M] () -- C:\Player Library_log.txt
[2008/09/12 13:19:59 | 000,028,424 | ---- | M] () -- C:\Player Loader_log.txt
[2010/08/25 14:00:20 | 000,006,216 | ---- | M] () -- C:\rr.log
[2010/09/18 08:34:48 | 000,042,232 | ---- | M] () -- C:\scramble.log
[2010/01/27 22:23:19 | 000,000,644 | ---- | M] () -- C:\SVKSettings.txt
[2008/01/13 21:58:24 | 000,001,559 | ---- | M] () -- C:\SYSLEVEL.IBM

< %systemroot%\Fonts\*.com >
[2006/04/18 17:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 16:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 17:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 16:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 13:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/12/13 02:01:00 | 000,027,836 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 17:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 13:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 13:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 13:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/11 08:51:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/01/13 22:27:32 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/09 14:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/18 08:02:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup-1.46.exe
[2009/03/16 23:11:33 | 000,476,696 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Oscar\Desktop\RealPlayer11GOLD.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/09/18 08:30:26 | 001,045,320 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Oscar\My Documents\DriverDetective.exe
[2010/10/09 18:23:22 | 005,541,680 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\mlbnexdefinstall.exe
[2010/10/10 09:05:56 | 014,302,896 | ---- | M] (Maxthon International ltd.) -- C:\Documents and Settings\Oscar\My Documents\mx3.0.17.1101.exe
[2010/09/18 12:05:07 | 000,907,848 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\Oscar\My Documents\oss608ww.exe
[2010/09/18 08:34:11 | 037,389,360 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\vlc-uber-setup.exe
[2010/09/18 08:22:28 | 007,858,598 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\XP-Codec-Pack_2.5.1.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/01/13 22:27:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Oscar\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/06/17 14:33:40 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Oscar\Cookies\desktop.ini
[2010/12/12 14:50:42 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Oscar\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 01:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 04:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 04:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 04:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 04:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

Broni · Dec 12, 2010

Good news

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) 
[2010/12/11 10:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Registry Mechanic
[2010/12/11 10:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

oscar1987 · Dec 12, 2010

All processes killed
========== OTL ==========
Service Trufos stopped successfully!
Service Trufos deleted successfully!
File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys not found.
Service Profos stopped successfully!
Service Profos deleted successfully!
File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\Oscar\Application Data\Registry Mechanic\log folder moved successfully.
C:\Documents and Settings\Oscar\Application Data\Registry Mechanic folder moved successfully.
C:\Program Files\Registry Mechanic\backup folder moved successfully.
C:\Program Files\Registry Mechanic folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Oscar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36854 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49306765 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1480 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1371 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Oscar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12122010_163702

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

oscar1987 · Dec 12, 2010

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java(TM) 6 Update 22
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Broni · Dec 12, 2010

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

oscar1987 · Dec 12, 2010

ESETScan

C:\Documents and Settings\Oscar\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application

oscar1987 · Dec 12, 2010

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 12 18:56:46 2010

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Oscar\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Oscar\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Oscar\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Oscar\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Oscar\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Oscar\Application Data\Sun\Java\jre1.6.0_21

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 12 18:57:28 2010

------------------------------------

Finished reporting.

oscar1987 · Dec 12, 2010

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

done

Broni · Dec 12, 2010

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\Oscar\My Documents\Downloads\registrybooster.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

oscar1987 · Dec 12, 2010

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Oscar\My Documents\Downloads\registrybooster.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Oscar
->Temp folder emptied: 652998 bytes
->Temporary Internet Files folder emptied: 38057 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83160334 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1021 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6918 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 39259 bytes

Total Files Cleaned = 80.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Oscar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12122010_193200

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

oscar1987 · Dec 12, 2010

pc is not great. it looks like its even responding faster (loading,browising, etc) thanks and yes i will make a donation on payday

Broni · Dec 12, 2010

pc is not great?

oscar1987 · Dec 12, 2010

lol my mistake. there should not be a "not". everything is great, thanks again

Broni · Dec 12, 2010

Yes!!
Good luck and stay safe

TechSpot

[Solved] Bad image pop up, malware maybe?

oscar1987 Newcomer, in training

Broni Malware Annihilator

oscar1987 Newcomer, in training

oscar1987 Newcomer, in training

Broni Malware Annihilator

oscar1987 Newcomer, in training

oscar1987 Newcomer, in training

oscar1987 Newcomer, in training

Broni Malware Annihilator

oscar1987 Newcomer, in training

oscar1987 Newcomer, in training

Broni Malware Annihilator

oscar1987 Newcomer, in training

Broni Malware Annihilator