Solved Generic Host Process for Win32 Services error, firefox crashes

ComboFix 11-05-01.04 - Ricky Jim 02/05/2011 16:45:37.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.305 [GMT 1:00]
Running from: c:\documents and settings\Ricky Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ricky Jim\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\docume~1\RICKYJ~1\LOCALS~1\Temp\oflpydin.sys "
"c:\windows\system32\drivers\agcrycjq.sys "
"c:\windows\system32\drivers\aqtjccv.sys "
"c:\windows\system32\drivers\ccrr.sys "
"c:\windows\system32\drivers\ctpey.sys "
"c:\windows\system32\drivers\egtetsh.sys "
"c:\windows\system32\drivers\faygj.sys "
"c:\windows\system32\drivers\fkpl.sys "
"c:\windows\system32\drivers\ftigh.sys "
"c:\windows\system32\drivers\gdxejg.sys "
"c:\windows\system32\drivers\hzmdu.sys "
"c:\windows\system32\drivers\iium.sys "
"c:\windows\system32\drivers\kewjof.sys "
"c:\windows\system32\drivers\lriyns.sys "
"c:\windows\system32\drivers\oebmwri.sys "
"c:\windows\system32\drivers\qalodmre.sys "
"c:\windows\system32\drivers\rpflizl.sys "
"c:\windows\system32\drivers\vjyiw.sys "
"c:\windows\system32\drivers\vwwi.sys "
"c:\windows\system32\drivers\vybpmfou.sys "
"c:\windows\system32\drivers\wwrznmi.sys "
"c:\windows\system32\drivers\xjzwgfmd.sys "
"c:\windows\system32\drivers\xngemuqg.sys "
"c:\windows\system32\drivers\yszwdr.sys "
"c:\windows\system32\drivers\ziykcuxh.sys "
"c:\windows\system32\drivers\ztgwts.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\fA31002HeOiD31002
c:\documents and settings\All Users\Application Data\fA31002HeOiD31002\fA31002HeOiD31002
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BHSISU
-------\Legacy_CZIQSAU
-------\Legacy_DVPIU
-------\Legacy_HEQRX
-------\Legacy_IPRIP
-------\Legacy_KECMQIQNIASAJAU
-------\Legacy_KSGJIYGX
-------\Legacy_LGWPWUOW
-------\Legacy_LJBC
-------\Legacy_MVDDVOI
-------\Legacy_NEJED
-------\Legacy_OENQQTJR
-------\Legacy_OFDDXK
-------\Legacy_OHCTUO
-------\Legacy_OWOZ
-------\Legacy_PLVOAMQ
-------\Legacy_QRIIP
-------\Legacy_RGOCF
-------\Legacy_RXPELLS
-------\Legacy_SMBAVC
-------\Legacy_UWGTBC
-------\Legacy_UXZPBL
-------\Legacy_WQKVQL
-------\Legacy_XCHEQP
-------\Service_agcrycjq
-------\Service_bhsIsu
-------\Service_cziqsau
-------\Service_dvpiu
-------\Service_heqrx
-------\Service_Iprip
-------\Service_kecmqiqniasajau
-------\Service_ksgjiygx
-------\Service_lgwpwuow
-------\Service_ljbc
-------\Service_mvddvoi
-------\Service_nejed
-------\Service_oenqqtjr
-------\Service_ofddxk
-------\Service_oflpydin
-------\Service_ohctuo
-------\Service_owoz
-------\Service_plvoamq
-------\Service_qrIip
-------\Service_rgocf
-------\Service_rxpells
-------\Service_smbavc
-------\Service_uwgtbc
-------\Service_uxzpbl
-------\Service_wqkvql
-------\Service_xcheqp
-------\Service_ydgoxr
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-01 19:43 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-01 19:43 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-01 19:43 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-01 19:43 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-01 19:43 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-01 19:42 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-01 19:42 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-01 19:42 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-01 19:42 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-01 19:42 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files\AVAST Software
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-01 13:03 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-01 00:14 . 2011-05-01 00:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-18 20:23 . 2011-04-18 20:23 -------- d-----w- c:\documents and settings\Ricky Jim\Application Data\DDMSettings
2011-04-18 20:20 . 2011-04-22 01:17 -------- d-----w- c:\documents and settings\Ricky Jim\Application Data\DivX
2011-04-18 20:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-04-18 20:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-04-18 20:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-04-18 20:19 . 2011-04-18 20:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-18 20:11 . 2011-04-18 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 00:40 . 2011-03-20 15:42 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-20 15:44 . 2011-03-20 15:44 11264 ----a-w- c:\windows\DCEBoot.exe
2011-03-07 05:33 . 2006-02-27 13:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2002-08-29 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2008-05-24 21:52 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 2006-06-23 11:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2002-08-29 11:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2008-05-24 21:52 369664 ------w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-04-15 11:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2002-08-29 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-08-29 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-03-14 16:53 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-28 335872]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=c:\windows\pss\autorun.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Go!Zilla.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup=c:\windows\pss\Go!Zilla.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^igfxtray.exe]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\igfxtray.exe
backup=c:\windows\pss\igfxtray.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 380416 ------w- c:\windows\system32\irprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDUpgrade]
2008-04-14 00:12 17920 ----a-w- c:\windows\system32\dvdupgrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2005-10-07 19:32 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
2007-02-22 15:17 475136 ----a-w- c:\program files\PokerOffice\POEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
2003-02-13 17:25 493024 ----a-w- c:\progra~1\CA\ETRUST~1\Realmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rundll32.exe]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2006-05-19 17:11 18577448 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-12-19 17:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-30 22:43 1217808 ----a-w- c:\valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-11 12:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-16 21:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 09:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-03-07 01:08 3558136 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
2010-06-23 12:51 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KService "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\FlashGet\\flashget.exe "=
"c:\\Program Files\\PokerOffice\\bin\\javaw.exe "=
"c:\\Valve\\Steam\\SteamApps\\invasion823\\counter-strike\\hl.exe "=
"c:\\Program Files\\Qianhong\\Qianhong.exe "=
"c:\\Program Files\\PokerOffice5\\bin\\javaw.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2009 21:13 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/05/2011 20:43 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/05/2011 20:43 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2011 20:43 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/04/2010 10:50 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 09:50]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 09:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ricky Jim\Application Data\Mozilla\Firefox\Profiles\ocg0jziu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C6CB8156-7B49-4F04-BD02-DAEF119084AE} - c:\documents and settings\Ricky Jim\Local Settings\Application Data\{C6CB8156-7B49-4F04-BD02-DAEF119084AE}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 17:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C97A7F5-2BB6-2929-880C-8425296A1769}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbgcahefcobkgdckmanlkaklgcpnecblhoefgdgj "=hex:6b,61,61,62,6a,6e,69,61,63,6e,
6b,6a,6a,62,63,6c,6c,6e,64,6f,6f,62,00,7c
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\DefaultIcon]
@=expand: "%APPDATA%\\Microsoft\\Installer\\{64C3D5BE-47B3-4085-B6D5-585D2677145A}\\_294823.exe,0 "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell]
@= "open "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell\open]
@= "??(&O) "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell\open\command]
@= "\ "c:\\Program Files\\Overture 4.0\\Overture.exe\" \ "%1\" "
"command "=multi: "6{kHH=g^g8k`.!F03tyD>?%)duR)D9Xu~OSIW`PT- \ "%1\ "\00\00 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\CA\eTrust Antivirus\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-02 17:11:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 16:11
ComboFix2.txt 2011-05-02 13:00
ComboFix3.txt 2011-05-02 00:24
.
Pre-Run: 36,039,303,168 bytes free
Post-Run: 36,071,735,296 bytes free
.
- - End Of File - - A72A92A14CD394F00D8B3116C80103BF

 

OTL logfile created on: 02/05/2011 17:24:36 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ricky Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.62 Gb Free Space | 22.56% Space Free | Partition Type: NTFS

Computer Name: RICKY | User Name: Ricky Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 17:23:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\OTL.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/23 20:38:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/16 22:54:12 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/02/13 18:24:30 | 000,234,976 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoTask.exe
PRC - [2003/02/13 18:24:04 | 000,230,880 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoRT.exe
PRC - [2003/02/13 18:24:00 | 000,144,864 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoRpc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 17:23:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\OTL.exe
MOD - [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (KService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2003/02/13 18:24:30 | 000,234,976 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\eTrust Antivirus\InoTask.exe -- (InoTask)
SRV - [2003/02/13 18:24:04 | 000,230,880 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\eTrust Antivirus\InoRT.exe -- (InoRT)
SRV - [2003/02/13 18:24:00 | 000,144,864 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\eTrust Antivirus\InoRpc.exe -- (InoRPC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/11 19:13:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/21 04:25:02 | 000,460,928 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2006/05/01 13:50:40 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26obex.sys -- (SE26obex)
DRV - [2006/05/01 13:49:50 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mgmt.sys -- (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)
DRV - [2006/05/01 13:49:00 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mdm.sys -- (SE26mdm)
DRV - [2006/05/01 13:48:56 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mdfl.sys -- (SE26mdfl)
DRV - [2006/05/01 13:48:04 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26bus.sys -- (SE26bus) Sony Ericsson Device 038 Driver driver (WDM)
DRV - [2006/05/01 13:47:24 | 000,090,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26unic.sys -- (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)
DRV - [2006/05/01 12:47:30 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26nd5.sys -- (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)
DRV - [2004/01/28 06:56:58 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/31 12:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/12/19 21:07:50 | 000,541,548 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 00:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/04 20:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/04/23 05:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/04 00:12:52 | 000,113,728 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2003/01/03 22:08:14 | 000,019,776 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2002/08/29 12:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2002/04/11 21:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2002/01/02 19:06:02 | 000,591,520 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002/01/02 19:04:02 | 000,428,431 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2002/01/02 19:03:34 | 000,124,701 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2002/01/02 19:02:46 | 000,212,491 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2002/01/02 19:01:56 | 000,059,663 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2002/01/02 19:01:34 | 000,303,171 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2002/01/02 18:59:16 | 000,084,786 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2002/01/02 18:58:56 | 000,062,422 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2002/01/02 18:58:40 | 000,541,981 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.evesham.com/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.evesham.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {C6CB8156-7B49-4F04-BD02-DAEF119084AE}:1.9.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101


FF - HKLM\software\mozilla\Firefox\Extensions\\{C6CB8156-7B49-4F04-BD02-DAEF119084AE}: C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\{C6CB8156-7B49-4F04-BD02-DAEF119084AE} [2010/03/11 18:07:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/18 21:20:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/18 21:20:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/01 20:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 01:10:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 01:10:24 | 000,000,000 | ---D | M]

[2010/09/03 14:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky Jim\Application Data\Mozilla\Extensions
[2010/09/03 14:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky Jim\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/02 02:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky Jim\Application Data\Mozilla\Firefox\Profiles\ocg0jziu.default\extensions
[2010/06/24 12:27:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ricky Jim\Application Data\Mozilla\Firefox\Profiles\ocg0jziu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/02 02:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/11 18:07:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RICKY JIM\LOCAL SETTINGS\APPLICATION DATA\{C6CB8156-7B49-4F04-BD02-DAEF119084AE}
[2011/05/01 20:42:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/08/11 13:38:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/30 20:15:27 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/30 20:15:27 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/30 20:15:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/30 20:15:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/02 17:01:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - File not found
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1196260216203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/14 17:56:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.atrac3 - C:\WINDOWS\System32\atrac3.acm (Sony Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 17:23:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\OTL.exe
[2011/05/02 02:17:09 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Ricky Jim\Desktop\remover.exe
[2011/05/02 02:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky Jim\Desktop\bootkit_remover
[2011/05/02 00:05:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/02 00:05:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/02 00:05:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/02 00:05:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/02 00:05:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 20:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/01 20:43:04 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/01 20:43:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/01 20:43:01 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/01 20:43:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/01 20:43:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/01 20:42:58 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/01 20:42:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/01 20:42:58 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/01 20:42:36 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/01 20:42:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/01 20:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/01 20:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/01 19:30:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\TFC.exe
[2011/05/01 19:10:38 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ricky Jim\Desktop\t.exe
[2011/05/01 14:03:26 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/18 21:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky Jim\Application Data\DDMSettings
[2011/04/18 21:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky Jim\Application Data\DivX
[2011/04/18 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/04/18 21:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/04/18 21:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

========== Files - Modified Within 30 Days ==========

[2011/05/02 17:23:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\OTL.exe
[2011/05/02 17:01:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 17:01:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/02 17:00:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 17:00:52 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 16:39:57 | 004,335,166 | R--- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\ComboFix.exe
[2011/05/02 15:47:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 14:19:28 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/05/02 02:50:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 02:43:18 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/05/01 23:47:35 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\tdsskiller.zip
[2011/05/01 20:43:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/01 20:42:59 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/01 20:40:58 | 056,189,640 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\setup_av_free.exe
[2011/05/01 20:15:38 | 000,005,154 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\Attach.zip
[2011/05/01 20:12:48 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\dds.scr
[2011/05/01 20:11:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\MBRCheck.exe
[2011/05/01 19:39:53 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\e0k35nyu.exe
[2011/05/01 19:33:54 | 000,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 19:30:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\TFC.exe
[2011/05/01 19:10:36 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ricky Jim\Desktop\t.exe
[2011/05/01 02:39:02 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 02:22:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 01:40:59 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/04/25 20:48:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 18:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 18:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/16 12:34:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/16 03:21:06 | 000,443,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 03:21:06 | 000,072,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/02 00:05:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/02 00:05:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/02 00:05:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/02 00:05:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/02 00:05:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 23:59:15 | 004,335,166 | R--- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\ComboFix.exe
[2011/05/01 23:47:36 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\tdsskiller.zip
[2011/05/01 20:43:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/01 20:39:56 | 056,189,640 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\setup_av_free.exe
[2011/05/01 20:15:38 | 000,005,154 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\Attach.zip
[2011/05/01 20:12:47 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\dds.scr
[2011/05/01 20:11:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\MBRCheck.exe
[2011/05/01 19:39:54 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Desktop\e0k35nyu.exe
[2011/05/01 17:20:26 | 535,351,296 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/10 21:02:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/20 16:44:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/03/20 16:42:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/03/20 14:32:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\housecall.guid.cache
[2010/04/22 23:59:40 | 000,001,220 | -HS- | C] () -- C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\bt033571830
[2010/04/22 23:59:40 | 000,001,220 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bt033571830
[2010/03/11 18:07:05 | 000,022,509 | ---- | C] () -- C:\WINDOWS\Wpugacegalajunaz.dat
[2010/03/11 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Plupubetogumamum.bin
[2010/03/11 18:02:30 | 000,013,496 | -HS- | C] () -- C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\4Y3omemx77
[2009/11/12 01:32:40 | 000,000,843 | ---- | C] () -- C:\WINDOWS\System32\ssrqrqrqom.dll
[2009/11/11 01:31:49 | 000,000,785 | ---- | C] () -- C:\WINDOWS\System32\ljgdccbaax.dll
[2009/11/10 01:31:18 | 000,000,844 | ---- | C] () -- C:\WINDOWS\System32\dddbyyaaax.dll
[2009/11/09 01:30:46 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\pmkjjjhfgd.dll
[2009/11/08 01:30:39 | 000,000,958 | ---- | C] () -- C:\WINDOWS\System32\geeecbbywt.dll
[2009/11/07 01:29:53 | 000,000,811 | ---- | C] () -- C:\WINDOWS\System32\yabbbabcby.dll
[2009/11/06 01:29:04 | 000,000,776 | ---- | C] () -- C:\WINDOWS\System32\hgffffgfec.dll
[2009/11/05 01:28:38 | 000,000,815 | ---- | C] () -- C:\WINDOWS\System32\xxxyxwtttq.dll
[2009/11/04 01:28:06 | 000,000,851 | ---- | C] () -- C:\WINDOWS\System32\khebbaxvus.dll
[2009/11/03 01:27:48 | 000,000,837 | ---- | C] () -- C:\WINDOWS\System32\vttrqnljki.dll
[2009/11/02 01:26:53 | 000,000,902 | ---- | C] () -- C:\WINDOWS\System32\byvttsrqpm.dll
[2009/10/30 23:17:22 | 000,000,910 | ---- | C] () -- C:\WINDOWS\System32\xxxwwvstus.dll
[2009/10/29 23:16:43 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\awuvvvvwtr.dll
[2009/10/27 12:43:38 | 000,000,918 | ---- | C] () -- C:\WINDOWS\System32\tutssrolig.dll
[2009/10/26 12:42:31 | 000,000,809 | ---- | C] () -- C:\WINDOWS\System32\khighgddaw.dll
[2009/10/25 10:27:49 | 000,000,880 | ---- | C] () -- C:\WINDOWS\System32\iiiijhhifc.dll
[2009/10/25 09:54:29 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\nnommnkhfc.dll
[2009/10/22 19:49:57 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\wvtrqollki.dll
[2009/10/21 14:21:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\System32\efddecaxyv.dll
[2009/10/20 00:37:01 | 000,000,813 | ---- | C] () -- C:\WINDOWS\System32\fccbcbxvsq.dll
[2009/10/19 00:36:56 | 000,000,812 | ---- | C] () -- C:\WINDOWS\System32\pmlihghecy.dll
[2009/10/18 00:36:40 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\ddbawtsstq.dll
[2009/10/17 00:36:34 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\mlmkhgdbaw.dll
[2009/10/16 00:36:18 | 000,000,802 | ---- | C] () -- C:\WINDOWS\System32\awwurrpnli.dll
[2009/10/15 00:36:01 | 000,000,821 | ---- | C] () -- C:\WINDOWS\System32\nnkklljihe.dll
[2009/10/14 00:35:11 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\tusrsqnomk.dll
[2009/10/13 00:34:20 | 000,000,969 | ---- | C] () -- C:\WINDOWS\System32\byywttttqn.dll
[2009/10/12 00:33:36 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\xxxwtuuspm.dll
[2009/10/11 00:33:02 | 000,000,853 | ---- | C] () -- C:\WINDOWS\System32\nnonnkjijg.dll
[2009/10/10 00:32:18 | 000,000,883 | ---- | C] () -- C:\WINDOWS\System32\xxyaaawxyw.dll
[2009/10/09 00:31:38 | 000,000,951 | ---- | C] () -- C:\WINDOWS\System32\gebxxvvwus.dll
[2009/10/08 00:31:19 | 000,000,818 | ---- | C] () -- C:\WINDOWS\System32\khigddawwu.dll
[2009/10/07 00:30:30 | 000,000,815 | ---- | C] () -- C:\WINDOWS\System32\xxyawuvwxu.dll
[2009/10/05 23:20:48 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\awutturppm.dll
[2009/10/03 23:19:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cbxvspnnlj.dll
[2009/09/16 01:06:31 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\nnkjkihedb.dll
[2009/09/09 03:07:18 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/08 21:29:01 | 000,045,908 | ---- | C] () -- C:\WINDOWS\System32\edl.dat
[2008/06/30 14:49:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/24 22:53:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/12/04 22:20:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/02/22 16:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pn.ini
[2007/02/22 16:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\pr.ini
[2007/01/24 16:21:10 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/24 16:21:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/24 16:21:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/24 16:21:08 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/11/02 01:59:16 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/09/28 21:26:32 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/13 18:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/30 00:58:49 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/12/30 00:06:12 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/12/27 23:09:25 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/04 17:10:17 | 000,000,565 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2005/10/08 20:10:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/10/08 20:07:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/16 21:09:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/16 10:48:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2005/08/01 13:41:00 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/01 13:32:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2005/07/16 23:59:16 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/23 14:38:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/14 16:21:03 | 000,001,061 | ---- | C] () -- C:\WINDOWS\tlknw19.ini
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/10/01 15:47:37 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL
[2004/10/01 15:47:32 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2004/08/29 20:23:31 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/08/28 22:48:26 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/28 22:12:00 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2004/08/28 14:26:05 | 000,000,625 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2004/08/28 11:12:03 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/08/19 17:42:29 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2004/08/19 17:42:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\RmvDir.exe
[2004/08/19 17:40:51 | 000,121,056 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2004/08/19 08:55:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/15 09:38:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/03/15 09:38:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/03/15 09:32:10 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/03/14 18:00:31 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/14 17:58:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/03/14 17:54:49 | 000,023,680 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/14 16:43:51 | 000,091,440 | ---- | C] () -- C:\WINDOWS\SETUPBTCLICK.EXE
[2004/03/14 16:43:51 | 000,000,131 | ---- | C] () -- C:\WINDOWS\smcfg.ini
[2004/03/14 16:36:59 | 000,001,852 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/14 16:36:29 | 000,443,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/03/14 16:36:29 | 000,072,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/03/14 16:36:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/14 09:48:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/14 09:47:59 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/28 06:55:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 06:54:58 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/09/26 09:56:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/26 09:55:50 | 000,004,674 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2004/03/15 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/06/28 12:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Winds2
[2011/05/01 20:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/06/04 02:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/11/11 21:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/07/30 02:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2009/08/26 22:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2006/05/15 21:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2004/03/15 11:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/18 21:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2004/03/15 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2004/03/15 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\People\Application Data\InterVideo
[2009/09/06 15:32:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\People\Application Data\lowsec
[2005/10/04 12:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\People\Application Data\Template
[2009/01/10 15:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\BitTorrent
[2006/04/30 23:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Canon
[2009/11/11 21:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\DAEMON Tools Lite
[2011/04/18 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\DDMSettings
[2007/02/12 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Dustworld
[2007/10/16 21:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Geniesoft
[2004/03/15 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\InterVideo
[2009/02/05 13:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Leadertech
[2010/10/13 18:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Ohso
[2007/03/17 20:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Screenshot Sender
[2009/07/18 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\SystemRequirementsLab
[2004/08/28 11:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Template
[2009/04/01 15:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\uTorrent
[2010/10/30 08:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky Jim\Application Data\Ziynuw

========== Purity Check ==========

 

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/11 21:45:58 | 000,316,643 | ---- | M] () -- C:\AnalysisLog.sr0
[2009/01/14 20:35:41 | 000,004,523 | ---- | M] () -- C:\aoesync.txt
[2004/03/14 17:56:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/11/04 17:10:43 | 054,617,684 | ---- | M] () -- C:\back_up.reg
[2009/09/19 17:57:58 | 000,000,771 | ---- | M] () -- C:\BcBtRmv.log
[2011/03/20 18:59:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/02 02:43:18 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/05/02 17:12:01 | 000,023,466 | ---- | M] () -- C:\ComboFix.txt
[2004/03/14 17:56:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/02/24 17:44:44 | 000,000,130 | ---- | M] () -- C:\debugInstaller.txt
[2011/05/02 17:00:52 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/30 00:58:54 | 000,001,495 | ---- | M] () -- C:\INSTALL.LOG
[2004/03/14 17:56:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/02 15:18:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/03/14 17:56:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/05/24 23:16:13 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/04 23:46:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/02 17:00:51 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2010/05/20 12:42:16 | 000,000,102 | ---- | M] () -- C:\Platform.ini
[2004/08/19 08:55:02 | 000,001,134 | ---- | M] () -- C:\QClog.txt
[2007/12/01 12:07:36 | 000,001,599 | ---- | M] () -- C:\Remote Assistance.lnk
[2009/04/07 20:32:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/17 14:58:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/20 18:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/20 22:52:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/26 13:02:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/27 15:49:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/27 19:45:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/31 13:12:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/31 18:18:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/01 23:37:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/07 16:36:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/07 17:22:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/09 13:06:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/10 12:58:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/14 15:58:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/06/16 15:05:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/06/16 15:23:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/18 15:04:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/10 22:40:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/11 21:56:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/07 20:32:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/17 14:58:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/20 18:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/20 22:52:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/26 13:02:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/27 15:49:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/27 19:45:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/31 13:12:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/31 18:18:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/01 23:37:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/07 16:36:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/07 17:22:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/09 13:06:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/10 12:58:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/14 15:58:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/06/16 15:05:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/06/16 15:23:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/06/18 15:04:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/10 22:40:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/11 21:56:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/05/01 19:12:48 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_19.12.46_log.txt
[2011/05/01 19:13:25 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_19.13.21_log.txt
[2011/05/01 20:31:22 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_20.31.19_log.txt
[2011/05/01 20:31:51 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_20.31.49_log.txt
[2011/05/01 22:05:40 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_22.05.38_log.txt
[2011/05/01 23:48:38 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_23.48.33_log.txt
[2011/05/01 23:50:15 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_23.49.52_log.txt
[2011/05/01 23:51:55 | 000,002,012 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_23.51.02_log.txt
[2011/05/02 03:02:46 | 000,044,466 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.05.2011_02.59.55_log.txt
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/12/01 12:06:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/09/05 05:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDyd.DLL
[2003/09/05 05:00:00 | 000,048,128 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPyd.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/12/01 12:00:16 | 000,278,528 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/01 11:54:48 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/12/01 12:00:16 | 022,020,096 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/01 12:00:16 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/04 23:56:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/11/05 00:18:26 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Ricky Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/27 12:27:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/05/02 16:39:57 | 004,335,166 | R--- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\ComboFix.exe
[2011/05/01 19:39:53 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\e0k35nyu.exe
[2011/03/20 14:32:04 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ricky Jim\Desktop\HousecallLauncher.exe
[2011/05/01 20:11:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\MBRCheck.exe
[2011/05/02 17:23:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\OTL.exe
[2004/12/01 15:38:37 | 008,511,488 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\PES4.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Ricky Jim\Desktop\remover.exe
[2011/05/01 20:40:58 | 056,189,640 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Desktop\setup_av_free.exe
[2011/05/01 19:10:36 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ricky Jim\Desktop\t.exe
[2011/05/01 19:30:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky Jim\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/11/05 00:18:26 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ricky Jim\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/05/02 17:12:51 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Ricky Jim\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 10:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 10:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 10:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 10:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/21 00:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 10:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 10:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 10:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2005/08/01 14:33:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2002/12/17 10:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 19:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2007/10/16 21:36:25 | 000,000,000 | ---D | M](C:\Program Files\Overture 4.0 ?????) -- C:\Program Files\Overture 4.0 繁體中文版
[2007/10/16 21:36:25 | 000,000,000 | ---D | M](C:\Program Files\Overture 4.0 ?????) -- C:\Program Files\Overture 4.0 繁體中文版
(C:\Program Files\Overture 4.0 ?????) -- C:\Program Files\Overture 4.0 繁體中文版
(C:\Documents and Settings\Ricky Jim\Start Menu\Programs\Overture 4.0 ?????) -- C:\Documents and Settings\Ricky Jim\Start Menu\Programs\Overture 4.0 繁體中文版

< End of report >

 

OTL Extras logfile created on: 02/05/2011 17:24:36 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ricky Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.62 Gb Free Space | 22.56% Space Free | Partition Type: NTFS

Computer Name: RICKY | User Name: Ricky Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\PokerOffice\bin\javaw.exe" = C:\Program Files\PokerOffice\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Valve\Steam\SteamApps\invasion823\counter-strike\hl.exe" = C:\Valve\Steam\SteamApps\invasion823\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Qianhong\Qianhong.exe" = C:\Program Files\Qianhong\Qianhong.exe:*:Enabled:Qianhong Application -- (jcraner.com)
"C:\Program Files\PokerOffice5\bin\javaw.exe" = C:\Program Files\PokerOffice5\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC3
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4669544E-20E4-4E56-8B44-2E6E1200051F}" = Canon MP Toolbox 4.1.1.0.mp10
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C3D5BE-47B3-4085-B6D5-585D2677145A}" = Overture 4.0 繁體中文版
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66}" = Pro Evolution Soccer 4
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AC76BA86-7AD7-5670-0000-7E8A45000001}" = Adobe Reader Korean Fonts
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}" = VP6 Decoder
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE4A88C8-A551-4657-8756-E113E3FAEE1D}" = Four Winds Mah Jong 2.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_9305141C" = CNXT V92 Data Fax Voice
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"DivX Setup.divx.com" = DivX Setup
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"eTrust Antivirus" = CA eTrust Antivirus
"FlashGet" = FlashGet 1.9.6.1073
"Gunbound_is1" = Gunbound
"HLSW_is1" = HLSW v1.1.0
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66}" = Pro Evolution Soccer 4
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.64
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"MSN Toolbar" = MSN Toolbar
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NJStar Communicator" = NJStar Communicator
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PokerOffice" = PokerOffice (remove only)
"PokerStars" = PokerStars
"Qianhong" = Qianhong 3.5.1
"RealPlayer 6.0" = RealPlayer
"rzes_cs_helper" = RzE's CS Helper
"Shockwave" = Shockwave
"Skype_is1" = Skype 2.0
"Steam" = Steam
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.1
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MXpie Patch" = MXpie Patch for WinMX/WPNP
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2011 15:16:56 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f64.

Error - 01/05/2011 15:31:40 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application t.exe, version 2.4.21.0, faulting module t.exe,
version 2.4.21.0, fault address 0x00056ec9.

Error - 01/05/2011 15:31:54 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application t.exe, version 2.4.21.0, faulting module t.exe,
version 2.4.21.0, fault address 0x00056ec9.

Error - 01/05/2011 16:13:57 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001b6f64.

Error - 01/05/2011 17:07:05 | Computer Name = RICKY | Source = Application Hang | ID = 1002
Description = Hanging application t.exe, version 2.4.21.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/05/2011 17:13:39 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001b6f64.

Error - 01/05/2011 18:49:19 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application TDSSKiller.exe, version 2.4.21.0, faulting module
TDSSKiller.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 01/05/2011 18:51:46 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application 123.com, version 2.4.21.0, faulting module 123.com,
version 2.4.21.0, fault address 0x00056ec9.

Error - 01/05/2011 19:54:13 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001b6f64.

Error - 01/05/2011 20:21:42 | Computer Name = RICKY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001b6f64.

[ System Events ]
Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The xcheqp service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The heqrx service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The rxpells service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The owoz service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The lgwpwuow service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The rgocf service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The dvpiu service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The uwgtbc service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The nejed service failed to start due to the following error: %%2

Error - 02/05/2011 08:21:01 | Computer Name = RICKY | Source = Service Control Manager | ID = 7000
Description = The ohctuo service failed to start due to the following error: %%2


< End of report >

 

And yes my computer is doing a lot better now thanks. All the original problems I posted have gone

 

Ok I uninstalled Avast.

I got an error message saying "jusched.exe has encountered a problem and needs to close" after your instructions regarding Java and the reboot from the OTL scan.

Here's the log from OTL, I'll post the rest when I'm done:

All processes killed
========== OTL ==========
Service KService stopped successfully!
Service KService deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {B1826A9F-4AA0-4510-BA77-9013E74E4B9B}
C:\WINDOWS\Downloaded Program Files\SpyMD.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\bt033571830 moved successfully.
C:\Documents and Settings\All Users\Application Data\bt033571830 moved successfully.
C:\WINDOWS\Wpugacegalajunaz.dat moved successfully.
C:\WINDOWS\Plupubetogumamum.bin moved successfully.
C:\Documents and Settings\Ricky Jim\Local Settings\Application Data\4Y3omemx77 moved successfully.
C:\WINDOWS\system32\ssrqrqrqom.dll moved successfully.
C:\WINDOWS\system32\ljgdccbaax.dll moved successfully.
C:\WINDOWS\system32\dddbyyaaax.dll moved successfully.
C:\WINDOWS\system32\pmkjjjhfgd.dll moved successfully.
C:\WINDOWS\system32\geeecbbywt.dll moved successfully.
C:\WINDOWS\system32\yabbbabcby.dll moved successfully.
C:\WINDOWS\system32\hgffffgfec.dll moved successfully.
C:\WINDOWS\system32\xxxyxwtttq.dll moved successfully.
C:\WINDOWS\system32\khebbaxvus.dll moved successfully.
C:\WINDOWS\system32\vttrqnljki.dll moved successfully.
C:\WINDOWS\system32\byvttsrqpm.dll moved successfully.
C:\WINDOWS\system32\xxxwwvstus.dll moved successfully.
C:\WINDOWS\system32\awuvvvvwtr.dll moved successfully.
C:\WINDOWS\system32\tutssrolig.dll moved successfully.
C:\WINDOWS\system32\khighgddaw.dll moved successfully.
C:\WINDOWS\system32\iiiijhhifc.dll moved successfully.
C:\WINDOWS\system32\nnommnkhfc.dll moved successfully.
C:\WINDOWS\system32\wvtrqollki.dll moved successfully.
C:\WINDOWS\system32\efddecaxyv.dll moved successfully.
C:\WINDOWS\system32\fccbcbxvsq.dll moved successfully.
C:\WINDOWS\system32\pmlihghecy.dll moved successfully.
C:\WINDOWS\system32\ddbawtsstq.dll moved successfully.
C:\WINDOWS\system32\mlmkhgdbaw.dll moved successfully.
C:\WINDOWS\system32\awwurrpnli.dll moved successfully.
C:\WINDOWS\system32\nnkklljihe.dll moved successfully.
C:\WINDOWS\system32\tusrsqnomk.dll moved successfully.
C:\WINDOWS\system32\byywttttqn.dll moved successfully.
C:\WINDOWS\system32\xxxwtuuspm.dll moved successfully.
C:\WINDOWS\system32\nnonnkjijg.dll moved successfully.
C:\WINDOWS\system32\xxyaaawxyw.dll moved successfully.
C:\WINDOWS\system32\gebxxvvwus.dll moved successfully.
C:\WINDOWS\system32\khigddawwu.dll moved successfully.
C:\WINDOWS\system32\xxyawuvwxu.dll moved successfully.
C:\WINDOWS\system32\awutturppm.dll moved successfully.
C:\WINDOWS\system32\cbxvspnnlj.dll moved successfully.
C:\WINDOWS\system32\nnkjkihedb.dll moved successfully.
C:\Documents and Settings\Ricky Jim\Application Data\Ziynuw folder moved successfully.
C:\WINDOWS\inf\COM196.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: People
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ricky Jim
->Temp folder emptied: 10278077 bytes
->Temporary Internet Files folder emptied: 134568 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 22074458 bytes
->Flash cache emptied: 1713 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 364 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1365518 bytes

Total Files Cleaned = 32.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: Owner

User: People
->Flash cache emptied: 0 bytes

User: Ricky Jim
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05022011_181032

Files\Folders moved on Reboot...
C:\Documents and Settings\Ricky Jim\Local Settings\Temp\~DFB8D9.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT07998.TMP not found!

Registry entries deleted on Reboot...

 

Here's the Security Check log, the ESET log will come shortly.

nb. The "jusched.exe" error message came again after the reboot like I said in the previous post. I also get an error message with: "GoogleToolbarNotifier.exe - Unable to Locate Component. This application has failed to start because MSVCRT40.dll was not found. Re-installing the application may fix this problem. "


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
CA eTrust Antivirus
ESET Online Scanner v3
ZoneAlarm
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 7.1.0
Adobe Reader 7.0.5 Language Support
Adobe Reader Korean Fonts
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16)
````````````````````````````````
Process Check:
objlist.exe by Laurent
CA eTrust Antivirus InoRpc.exe
CA eTrust Antivirus InoRT.exe
CA eTrust Antivirus InoTask.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

 

Ok just read your message on jusched.exe, thanks

 

Here's the ESETScan:

C:\System Volume Information\_restore{FC72BC81-7C2F-4BDC-9449-884043EBD431}\RP511\A0300152.dll probably a variant of Win32/Agent.IKJBTDC trojan

 

Here's the OTL log, I'll let you know how my computer is doing after completing all the above things. Thanks a lot for your help!

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: People
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ricky Jim
->Temp folder emptied: 122195 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13419387 bytes
->Flash cache emptied: 645 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 638889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: Owner

User: People
->Flash cache emptied: 0 bytes

User: Ricky Jim
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05022011_222011

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

For some reason I keep getting these error messages in the format of "xxx.exe - Unable to Locate Component. This application has failed to start because MSVCRT40.dll was not found. Re-installing the application may fix this problem "

Where "xxx.exe" is something I try to open, eg. If it's my clock it's "rundll32.exe ", or if it's MSN it's "CRTCMediaController: msnmsgr.exe ". They seem to run fine but the errors always come up.