I can't open task manager and regedit

When I press Ctrl + Alt + Delete it says "Task manager has been disabled by your administrator."
and when I tried open regedit by using Run.. in the Start menu, it says "Registry editing has been disabled by your administrator."
But I am the only who uses this computer so idk what happen o_o!


Also, I tried downloading Kaspersky Internet Security 2010. The installation all went well but when I tried open up KIS 2010, nothing happened. I also have problems going into forum.kaspersky.com to get help. The websites just never finish loading....

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Here iz the OTL.txt
OTL logfile created on: 1/23/2010 3:48:34 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 8.39 Gb Total Space | 2.59 Gb Free Space | 30.83% Space Free | Partition Type: FAT32
Drive D: | 19.53 Gb Total Space | 9.61 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
Drive E: | 689.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRINH-0B1BABF92
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/23 15:47:23 | 00,547,328 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010/01/19 22:48:54 | 03,204,528 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/01/12 06:57:44 | 00,259,368 | ---- | M] (TeamViewer GmbH) -- D:\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/12/22 09:41:30 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\FireFox\firefox.exe
PRC - [2009/11/10 15:39:26 | 05,317,944 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/15 01:51:52 | 00,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/09/13 17:45:40 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/05 20:56:28 | 00,358,603 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2004/02/10 11:51:30 | 00,192,512 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/08/28 14:01:22 | 00,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2010/01/23 15:47:23 | 00,547,328 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2009/11/06 23:04:36 | 00,109,072 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
MOD - [2009/11/06 23:04:24 | 00,017,936 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
MOD - [2009/03/26 07:35:40 | 00,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2007/08/01 07:33:12 | 00,069,632 | RH-- | M] () -- C:\Kas\KAS.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/12 06:57:44 | 00,259,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2003/08/28 14:01:22 | 00,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/07/28 04:28:22 | 00,162,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2009/11/09 09:12:42 | 00,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/14 20:18:34 | 00,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 00,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 00,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/14 05:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 15:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/10/30 01:25:56 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/10/30 01:25:54 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/10/30 01:25:54 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/04/09 12:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/02/10 12:17:06 | 00,681,469 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.vn/"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Documents and Settings\Administrator\Desktop\fhfghxfhghfd\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Documents and Settings\Administrator\Desktop\fhfghxfhghfd\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\FireFox\components [2010/01/23 15:30:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\FireFox\plugins [2010/01/22 18:56:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/23 11:26:50 | 00,000,000 | ---D | M]

[2009/10/31 01:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/10/31 01:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fluqszs7.default\extensions
[2009/11/15 00:32:06 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fluqszs7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/01/19 22:51:52 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\Kas\KAS.dll) - C:\Kas\KAS.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/31 00:52:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\AuTOPLay\cOmmaNd - "" = G:\feqc.pif -- File not found
O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\AutoRun\command - "" = G:\feqc.pif -- File not found
O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\exploRe\coMmaNd - "" = G:\feqc.pif -- File not found
O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\Open\comMAnd - "" = G:\feqc.pif -- File not found
O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\auToPlay\commaND - "" = H:\plvjil.cmd -- File not found
O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\AutoRun\command - "" = H:\plvjil.cmd -- File not found
O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\exploRe\CoMmAnD - "" = H:\plvjil.cmd -- File not found
O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\oPen\cOmmAnD - "" = H:\plvjil.cmd -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/23 11:26:09 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/01/23 11:26:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/01/23 11:25:45 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/23 03:36:17 | 00,102,400 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\xp_taskmgrenab.exe
[2010/01/23 03:27:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/23 02:25:16 | 00,000,000 | -H-D | C] -- C:\Kas
[2010/01/23 02:24:45 | 00,000,000 | ---D | C] -- C:\kav
[2010/01/22 17:24:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/01/22 17:24:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/01/22 17:23:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/01/22 17:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/01/22 17:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/01/22 16:38:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/01/20 13:31:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2010/01/19 22:53:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/01/19 22:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2010/01/19 22:47:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2010/01/19 22:47:04 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/01/19 22:46:53 | 00,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2010/01/19 16:45:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010/01/19 16:45:11 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/01/19 16:45:11 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/01/19 16:45:11 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/01/19 16:45:11 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/01/19 16:45:07 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010/01/19 16:45:07 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/01/19 16:45:07 | 00,287,744 | ---- | C] (Kristal StudioD
FileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2010/01/19 16:45:07 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010/01/19 16:45:06 | 00,391,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\I263_32.drv
[2010/01/19 16:45:06 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/01/19 16:45:06 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/01/19 16:45:06 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/01/19 16:45:05 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/01/19 16:45:05 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/01/19 16:45:03 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/01/19 16:45:02 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/01/19 16:44:57 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/01/19 16:44:57 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/01/18 22:22:04 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/01/18 19:36:21 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/01/18 19:36:21 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/01/18 19:36:21 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/01/18 19:36:21 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/01/18 19:36:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/01/18 19:36:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/01/18 19:36:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/01/18 19:36:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/01/18 19:36:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/01/18 19:36:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/01/18 19:36:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/01/18 19:36:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/01/16 20:31:22 | 00,356,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/01/16 20:31:00 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2010/01/04 17:01:37 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/01/04 17:01:33 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/01/04 17:01:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/01/04 17:01:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/01/04 17:01:31 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/01/04 17:01:29 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/01/04 17:01:26 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/01/04 17:01:23 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/01/04 17:01:20 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/01/04 17:01:15 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/01/04 17:01:15 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/01/04 17:01:15 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/01/04 17:01:15 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/01/04 17:01:13 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010/01/04 17:01:13 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/01/04 17:01:13 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/01/04 17:01:13 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/01/04 17:01:13 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/01/04 17:01:13 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/01/04 17:01:13 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/01/04 17:01:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/01/04 17:01:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/01/01 00:33:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FFSJ
[2009/12/31 21:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/12/31 18:34:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/12/30 22:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LINE98
[2009/10/30 23:51:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/30 23:51:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/30 23:36:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/30 23:36:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 14:51:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/23 14:51:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 14:30:38 | 02,359,296 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/23 14:30:28 | 04,289,214 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/23 13:28:50 | 00,049,911 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\punkskarf2.jpg
[2010/01/23 13:28:14 | 00,042,869 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cute-emo-boy1.jpg
[2010/01/23 13:26:36 | 00,026,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\boobscarf1.jpg
[2010/01/23 13:26:30 | 00,124,788 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\emo_dessert_scarf_black_white_300.jpg
[2010/01/23 13:12:04 | 00,010,663 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4333_cyb_black_full.jpg
[2010/01/23 13:11:16 | 00,032,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1057_ukiyo_cuffset_full.jpg
[2010/01/23 13:09:16 | 00,025,309 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UKIYOTIES_replace.jpg
[2010/01/23 11:50:32 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/23 11:27:32 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/01/23 11:27:32 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/23 11:25:46 | 00,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/23 11:24:46 | 00,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010/01/23 00:54:30 | 00,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 18:56:18 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2010/01/22 18:53:38 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 17:25:24 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/22 17:24:52 | 00,000,720 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/22 17:20:52 | 00,000,268 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/22 16:38:20 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/22 12:23:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 11:04:54 | 00,000,000 | ---- | M] () -- C:\CLEAN
[2010/01/19 22:51:38 | 00,457,886 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/19 22:51:38 | 00,393,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/19 22:51:38 | 00,058,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/19 15:31:18 | 00,000,503 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sanh Dieu.lnk
[2010/01/18 21:27:30 | 00,000,494 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/18 19:45:10 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/31 02:13:12 | 00,000,008 | ---- | M] () -- C:\WINDOWS\23119.tds
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 13:28:48 | 00,049,911 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\punkskarf2.jpg
[2010/01/23 13:28:13 | 00,042,869 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cute-emo-boy1.jpg
[2010/01/23 13:26:33 | 00,026,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\boobscarf1.jpg
[2010/01/23 13:26:27 | 00,124,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\emo_dessert_scarf_black_white_300.jpg
[2010/01/23 13:12:03 | 00,010,663 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\4333_cyb_black_full.jpg
[2010/01/23 13:11:14 | 00,032,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1057_ukiyo_cuffset_full.jpg
[2010/01/23 13:09:13 | 00,025,309 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UKIYOTIES_replace.jpg
[2010/01/23 11:27:31 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/01/23 11:27:31 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/23 11:24:45 | 00,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010/01/22 16:38:18 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/19 22:46:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/01/19 22:46:53 | 00,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2010/01/19 16:45:16 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2010/01/19 16:45:09 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/19 16:45:09 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/19 16:45:07 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/01/19 16:45:05 | 02,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/01/19 16:45:05 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/19 16:45:05 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/19 16:45:03 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/01/19 16:45:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/19 16:44:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/19 15:31:17 | 00,000,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sanh Dieu.lnk
[2010/01/18 21:27:29 | 00,000,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/31 21:25:25 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 02:13:10 | 00,000,008 | ---- | C] () -- C:\WINDOWS\23119.tds
[2009/12/02 01:35:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/16 21:51:58 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/31 00:52:33 | 00,001,072 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/09/13 17:49:22 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2008/04/14 05:00:00 | 01,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2003/01/07 07:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

Here iz the Extras.txt
OTL Extras logfile created on: 1/23/2010 3:48:34 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 8.39 Gb Total Space | 2.59 Gb Free Space | 30.83% Space Free | Partition Type: FAT32
Drive D: | 19.53 Gb Total Space | 9.61 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
Drive E: | 689.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRINH-0B1BABF92
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- D:\FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Administrator\Desktop\fhfghxfhghfd\Yahoo!\Messenger\YahooMessenger.exe" = C:\Documents and Settings\Administrator\Desktop\fhfghxfhghfd\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Documents and Settings\Administrator\Desktop\fhfghxfhghfd\Yahoo!M\Messenger\YahooMessenger.exe" = C:\Documents and Settings\Administrator\Desktop\fhfghxfhghfd\Yahoo!M\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- (Kaspersky Lab)
"D:\TeamViewer\Version5\TeamViewer.exe" = D:\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Unikey 4.0 Beta\Uk40BSetup.exe" = E:\Unikey 4.0 Beta\Uk40BSetup.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Analog Devices\SoundMAX\SpkrMonX.exe" = C:\Program Files\Analog Devices\SoundMAX\SpkrMonX.exe:*:Enabled:ipsec -- (Analog Devices, Inc.)
"C:\WINDOWS\system32\igfxtray.exe" = C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\Program Files\Internet Download Manager\IEMonitor.exe" = C:\Program Files\Internet Download Manager\IEMonitor.exe:*:Enabled:ipsec -- (Tonec Inc.)
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"D:\Sanh Dieu Online\BugRep.bin" = D:\Sanh Dieu Online\BugRep.bin:*:Enabled:ipsec -- ()
"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" = C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" = C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"D:\FireFox\firefox.exe" = D:\FireFox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"D:\TeamViewer\Version5\TeamViewer_Service.exe" = D:\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:ipsec -- (TeamViewer GmbH)
"C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:ipsec -- (Tonec Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\SRO_L4.5_Hotan_Full_Client_Downloader.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\SRO_L4.5_Hotan_Full_Client_Downloader.exe:*:Enabled:Full-Client Downloader -- File not found
"C:\Documents and Settings\Administrator\My Documents\SRO_L4.5_Hotan_Full_Client_Downloader.exe" = C:\Documents and Settings\Administrator\My Documents\SRO_L4.5_Hotan_Full_Client_Downloader.exe:*:Enabled:Full-Client Downloader -- File not found
"D:\Silkroad\Silkroad\srobot.exe" = D:\Silkroad\Silkroad\srobot.exe:*:Disabled:HookSrv -- File not found
"C:\Documents and Settings\Administrator\Desktop\srobot.exe" = C:\Documents and Settings\Administrator\Desktop\srobot.exe:*:Disabled:HookSrv -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Disabled:Veoh Web Player -- File not found
"C:\Documents and Settings\Default User\Worms 2\Frontend.exe" = C:\Documents and Settings\Default User\Worms 2\Frontend.exe:*:Disabled:Worms 2 Frontend -- File not found
"D:\Xfire\Xfire.exe" = D:\Xfire\Xfire.exe:*:Disabled:Xfire -- File not found
"C:\Program Files\VinaGame\Zing Chat 2\Bin\ZingChat2.exe" = C:\Program Files\VinaGame\Zing Chat 2\Bin\ZingChat2.exe:*:Disabled:Zing Chat 2 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 5" = TeamViewer 5
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2009 12:34:48 AM | Computer Name = TRINH-0B1BABF92 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 1/8/2010 9:24:24 PM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 1/8/2010 9:24:24 PM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 1/9/2010 8:35:56 AM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 1/9/2010 8:35:56 AM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 1/10/2010 8:44:51 AM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 1/10/2010 8:44:51 AM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 1/10/2010 9:11:01 AM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 1/10/2010 9:11:01 AM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 1/12/2010 10:10:59 PM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 1/12/2010 10:10:59 PM | Computer Name = TRINH-0B1BABF92 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126


< End of report >

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\AuTOPLay\cOmmaNd - "" = G:\feqc.pif -- File not found
  O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\AutoRun\command - "" = G:\feqc.pif -- File not found
  O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\exploRe\coMmaNd - "" = G:\feqc.pif -- File not found
  O33 - MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\Shell\Open\comMAnd - "" = G:\feqc.pif -- File not found
  O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\auToPlay\commaND - "" = H:\plvjil.cmd -- File not found
  O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\AutoRun\command - "" = H:\plvjil.cmd -- File not found
  O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\exploRe\CoMmAnD - "" = H:\plvjil.cmd -- File not found
  O33 - MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\Shell\oPen\cOmmAnD - "" = H:\plvjil.cmd -- File not found
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
File G:\feqc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
File G:\feqc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
File G:\feqc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0c-f696-11de-b18d-0030bd6de919}\ not found.
File G:\feqc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
File H:\plvjil.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
File H:\plvjil.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
File H:\plvjil.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c9cb0d-f696-11de-b18d-0030bd6de919}\ not found.
File H:\plvjil.cmd not found.

OTL by OldTimer - Version 3.1.26.0 log created on 01232010_160846

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Sorry for the late reply...
I've done as you say, but in the middle of scanning something pops up like this

I clicked "Continue" 2 times and these are the results...

Malwarebytes' Anti-Malware 1.44
Database version: 3622
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/23/2010 8:29:45 PM
mbam-log-2010-01-23 (20-29-45).txt

Scan type: Quick Scan
Objects scanned: 104570
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Does this mean that it is fixed?
because I still have the same problems...

Disabled Task Manager and regedit? if so, update and run a new MBAM scan.

The same thing pops up

I pressed "Continued" twice again and heres the log...


Malwarebytes' Anti-Malware 1.44
Database version: 3622
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/24/2010 6:04:53 PM
mbam-log-2010-01-24 (18-04-53).txt

Scan type: Quick Scan
Objects scanned: 105046
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Still having same problems?

Yes, I tried what you said a lot of times but it keep having the same problem :sad:

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I have an Internet Security 2010 virus and the first removal steps say to open up task manager. I am having the same problems as trinhho95. Can't CLT+ALT+DEL , CLT+SHIFT+ESC, and task manager is greyed out on the tool bar. Tried to get into regedit from the run prompt and it displays: Application cannot be executed the file is infected. Please activate your anti virus. The Anti virus it wants me to activate is of course the virus. What should I do

Herez the log ^^!


ComboFix 10-01-26.02 - Administrator 01/26/2010 16:28:05.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1592 [GMT -8:00]
Running from: D:\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-26 08:55 . 2010-01-26 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-26 08:55 . 2010-01-26 08:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2010-01-25 07:25 . 2010-01-25 07:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-25 07:24 . 2010-01-25 07:24 -------- d-----w- c:\program files\MSBuild
2010-01-25 07:24 . 2010-01-25 07:24 -------- d-----w- c:\program files\Reference Assemblies
2010-01-25 07:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-25 07:22 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-25 07:22 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-25 07:22 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-25 07:22 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-25 07:22 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-25 07:22 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-25 07:22 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-25 07:22 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-24 11:01 . 2010-01-24 11:01 -------- d-----w- c:\program files\MSXML 4.0
2010-01-24 07:36 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-01-24 07:01 . 2009-08-04 13:56 2189312 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-24 07:01 . 2009-08-04 13:54 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-24 07:01 . 2009-08-04 13:17 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-24 04:03 . 2010-01-24 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-24 04:03 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 04:02 . 2010-01-24 04:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 04:02 . 2010-01-24 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-24 04:02 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 11:27 . 2010-01-23 11:27 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-23 10:25 . 2008-03-14 19:47 -------- d-----w- C:\Kas
2010-01-23 10:24 . 2008-03-04 15:30 -------- d-----w- C:\kav
2010-01-23 01:24 . 2010-01-23 01:24 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-23 01:23 . 2010-01-23 01:23 -------- d-----w- c:\windows\SHELLNEW
2010-01-23 01:23 . 2010-01-23 01:23 -------- d-----w- c:\program files\Microsoft.NET
2010-01-23 00:38 . 2010-01-23 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2010-01-20 06:53 . 2010-01-20 06:53 -------- d-----w- c:\windows\system32\LogFiles
2010-01-20 06:47 . 2010-01-20 06:47 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-01-20 06:47 . 2010-01-20 06:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2010-01-20 06:47 . 2010-01-20 06:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2010-01-20 06:47 . 2010-01-20 06:47 -------- d-----w- c:\program files\Internet Download Manager
2010-01-20 06:46 . 2003-10-13 23:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-01-20 06:46 . 2003-09-26 06:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-01-20 00:44 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-20 00:44 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-20 00:44 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-19 06:22 . 2010-01-19 06:22 -------- d-----w- c:\program files\Pando Networks
2010-01-19 03:36 . 2001-08-17 23:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-19 03:36 . 2001-08-17 23:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-01-19 03:36 . 2001-08-17 23:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-01-19 03:36 . 2001-08-17 23:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-19 03:36 . 2001-08-17 15:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-01-19 03:36 . 2001-08-17 15:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-01-19 03:36 . 2001-08-17 15:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-01-19 03:36 . 2001-08-17 15:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-01-19 03:36 . 2001-08-17 15:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-01-19 03:36 . 2001-08-17 15:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-01-19 03:36 . 2008-04-14 06:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-19 03:36 . 2008-04-14 06:39 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-01-17 04:31 . 2007-10-05 02:16 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-17 04:31 . 2010-01-17 04:31 -------- d-----w- C:\NVIDIA
2010-01-01 08:33 . 2010-01-01 08:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\FFSJ
2010-01-01 05:31 . 2010-01-01 05:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 06:48 . 2009-10-31 09:06 19192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 00:45 . 2010-01-20 00:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-12-10 01:20 . 2009-12-10 01:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vinagame
2009-12-10 01:20 . 2009-12-10 01:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tencent
2009-12-10 01:19 . 2009-12-10 01:19 -------- d-----w- c:\program files\Common Files\Tencent
2009-12-07 04:00 . 2009-12-07 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-21 15:51 . 2008-04-14 13:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-11-16 08:32 . 2009-11-15 18:35 8032 ----a-w- c:\windows\diskpt.dat
2009-11-10 22:39 . 2009-11-15 08:30 685296 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-11-10 05:12 . 2009-11-10 05:12 81408 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Internet Download Manager\1000000600002i\svchost.exe
2009-11-10 04:33 . 2009-11-10 04:33 89600 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Internet Download Manager\4000004000002i\IEMonitor.exe
2009-11-09 17:12 . 2009-11-09 17:12 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2009-11-01 21:29 . 2009-11-01 21:29 4096 ----a-w- c:\windows\d3dx.dat
2009-11-01 10:04 . 2009-10-31 07:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-31 09:13 . 2009-10-31 09:13 0 ----a-w- c:\windows\nsreg.dat
2009-10-31 07:47 . 2009-10-31 07:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-09-14 . D2D2AACF1837F465D00CCD93C02816B9 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5317944]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-20 3204528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 358603]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 225280]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 192512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 117616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1013112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-09-14 128512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"d:\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SpkrMonX.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Sanh Dieu Online\\BugRep.bin"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\PROGRA~1\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\FireFox\\firefox.exe"=
"d:\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\VistaDrive\\VistaDrive.exe"=

R2 TeamViewer5;TeamViewer 5;d:\teamviewer\Version5\TeamViewer_Service.exe [1/12/2010 6:57 AM 259368]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\lpohki.sys --> c:\windows\system32\drivers\lpohki.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 9:12 AM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fluqszs7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - D:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 16:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1957994488-842925246-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,45,7f,93,37,e9,e5,45,9a,c0,97,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,45,7f,93,37,e9,e5,45,9a,c0,97,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,b5,49,5d,5e,df,71,4f,b5,30,4a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\kas\KAS.dll

- - - - - - - > 'lsass.exe'(748)
c:\kas\KAS.dll
.
Completion time: 2010-01-26 16:33:06
ComboFix-quarantined-files.txt 2010-01-27 00:33

Pre-Run: 1,650,630,656 bytes free
Post-Run: 1,783,513,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 14C72209857453BBC4D678D79851FFD5

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :reg
  [-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== REGISTRY ==========
Registry key HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system\ deleted successfully.

OTM by OldTimer - Version 3.1.6.0 log created on 01262010_175741

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Thx you so much, it works
xD!

Actually, I just noticed something.

I think we have hit a dead end, I can see a re-occuring malicious driver, that's why the policies kept coming back.

We may need to format the machine.

Oh... So we have to reformat the computer with a windows disc for it to stop?

I'm suprised Combofix was even able to run at all, the machine has a file infecter on it, called Sality.

Sality infects legit Windows files, so best idea would be drop everything you can, don't back up anything you can live without and format the machine.