Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Generic20.clel


  • This topic is locked This topic is locked
12 replies to this topic

#1 deluxster

deluxster

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 12 February 2011 - 10:06 PM

Hey,

My computer has a Trojan Horse Generic20.clel ... I have installed AVG, Malwarebytes, SuperAntispyware,Vipre (Trojan comes up as Trojan.Win32.Generic!BT all see it try to remove but then it reappears again... I think last resort is ComboFix but I don't want to screw up my boot loader or anything else for that matter... Please provide advice....

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 12 February 2011 - 10:48 PM

Hello. I am moving this from XP to the Am I Infected forum.
Looks like a FakeAlert infection

Aliases of your infection

So please run FakeAlert Stinger.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 12 February 2011 - 11:13 PM

Unfortunately, I had cleaned it with Malwarebytes earlier so I ran Vipre. This is what it showed:

Cleaner::Clean: Starting clean
ThreatEngineUtils::LoadProcessHelperLibs: Platform type enum=2
Cleaner::Clean: ThreatID=4150696 RequestedAction=-1 DefaultAction=3 ThreatAction=3
Vipre: [1772][02/12 19:21:34.602571]:[vipre:vipreEventGetDefVersion] UpdateInfo:Version = 8358
FileTrace::Quarantine: Attempting to quarantine file C:\Documents and Settings\NetworkService\Application Data\IKD52ZH.exe
[CLEANING] Item: C:\Documents and Settings\NetworkService\Application Data\IKD52ZH.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
FileFix::EncryptDecryptQFile: Encrypting<true> DeleteSrc<false> srcFile<C:\Documents and Settings\NetworkService\Application Data\IKD52ZH.exe> destFile<C:\Documents and Settings\<User>\Desktop\Vipre2\Quarantine\{869F9533-4E1D-435A-997C-928BF2270324}>
EncDecUtils::OpenSrcDestFiles: destFilePath=C:\Documents and Settings\<User>\Desktop\Vipre2\Quarantine\{869F9533-4E1D-435A-997C-928BF2270324}
Quarantine {20B9F2F6-FE24-4BA5-8EDD-5778582E2368} completed.
Cleaner::Clean: ThreatID=4150696 RequestedAction=-1 DefaultAction=3 ThreatAction=3
Vipre: [1772][02/12 19:21:36.176761]:[vipre:vipreEventGetDefVersion] UpdateInfo:Version = 8358
FileTrace::Quarantine: Attempting to quarantine file C:\Documents and Settings\NetworkService\Application Data\wJX7q7.exe
[CLEANING] Item: C:\Documents and Settings\NetworkService\Application Data\wJX7q7.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
FileFix::EncryptDecryptQFile: Encrypting<true> DeleteSrc<false> srcFile<C:\Documents and Settings\NetworkService\Application Data\wJX7q7.exe> destFile<C:\Documents and Settings\<User>\Desktop\Vipre2\Quarantine\{FB5A6F0D-0A39-4FCA-813E-548C24BA1850}>
EncDecUtils::OpenSrcDestFiles: destFilePath=C:\Documents and Settings\<User>\Desktop\Vipre2\Quarantine\{FB5A6F0D-0A39-4FCA-813E-548C24BA1850}
Quarantine {AD9190CA-5B70-4A12-832C-B08DE4ED7CE0} completed.
Cleaner::Clean: ThreatID=4150696 RequestedAction=-1 DefaultAction=3 ThreatAction=3
Vipre: [1772][02/12 19:21:36.420828]:[vipre:vipreEventGetDefVersion] UpdateInfo:Version = 8358
FileTrace::Quarantine: Attempting to quarantine file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1TOMK97N\sd[1].exe
[CLEANING] Item: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1TOMK97N\sd[1].exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
FileFix::EncryptDecryptQFile: Encrypting<true> DeleteSrc<false> srcFile<C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1TOMK97N\sd[1].exe> destFile<C:\Documents and Settings\<User>\Desktop\Vipre2\Quarantine\{E10C7327-FA33-45A2-81CD-0C78A1270170}>
EncDecUtils::OpenSrcDestFiles: destFilePath=C:\Documents and Settings\<User>\Desktop\Vipre2\Quarantine\{E10C7327-FA33-45A2-81CD-0C78A1270170}
Quarantine {EE47F726-FF5D-4C6C-8A7E-1116FE9A95A9} completed.
Cleaner::Clean: Clean complete; result = Success
Clean completed.
Clean time: 00:00:02

#4 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 12 February 2011 - 11:16 PM

Hijack This Report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:16 PM, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support



EDIT: Removed log.

Edited by boopme, 12 February 2011 - 11:25 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 12 February 2011 - 11:28 PM

Hello, What issue are you having here ? The Vipre log shows it removed those and that log was clean.. We are not allowed HJT logs in this section.
This infectiion will be back now??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 12 February 2011 - 11:36 PM

I am really sorry to have posted HJT Logs.

Well, when I startup my system... about 15 minutes in AVG says this: Trojan horse generic 20.CLEL ... It spawns somewhere but the files with weird names shows up in Network Service\Application Data ....

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 12 February 2011 - 11:41 PM

Ok,that;s OK, we'll run a maybe long Deep scan. Then we can check that log. If still no joy I show what logs we need and where to post.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 February 2011 - 08:00 PM

So far it has found this...

Cleaner.exe;C:\Documents and Settings\<User>\My Documents\DVDVideoSoft;Trojan.MulDrop1.53851;Deleted.;

I don't know if the VIRUS or TROJAN is gone.... Trojan Horse Generic20.CLEL

#9 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 February 2011 - 08:42 PM

Well I thought things were OK and then ... AVG found it again... not even 15 minutes.... It's getting really frustrating with this one... never had one like this before...

#10 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 February 2011 - 09:34 PM

I was reading another tread... Shannon was helping a user with exact same symptoms as mine...

OTL Report:

OTL logfile created on: 2/13/2011 9:21:32 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4605 9210 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 42.35 Gb Free Space | 9.09% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2011/01/27 00:40:24 | 023,361,424 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/01/13 10:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/18 12:32:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/18 12:32:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/15 23:11:08 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\AsusAudioCenter.exe
PRC - [2009/11/19 21:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/01/12 21:35:39 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\MXmon.exe
PRC - [2009/01/11 12:40:44 | 000,355,840 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008/12/15 20:46:16 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/11 02:04:22 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system\HsMgr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/14 17:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/07/13 15:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 15:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 17:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/12/15 19:42:10 | 000,217,088 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2005/12/15 19:42:10 | 000,135,168 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2005/12/15 19:42:10 | 000,106,496 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2005/12/15 19:28:52 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/23 02:26:20 | 000,217,088 | R--- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\HsSrv.dll
MOD - [2008/04/14 05:41:54 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/01/11 12:40:44 | 000,355,840 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2007/02/20 14:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/07/13 15:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 15:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 17:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/12/15 19:42:10 | 000,217,088 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2005/12/15 19:42:10 | 000,135,168 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2005/12/15 19:42:10 | 000,106,496 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2005/12/15 19:28:52 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX«) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/25 23:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/23 04:53:25 | 001,494,528 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/19 16:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/10 13:43:40 | 000,367,744 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/14 12:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/14 08:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/07/11 19:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 19:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/04/21 03:42:04 | 000,265,600 | R--- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2005/12/15 19:42:12 | 000,023,424 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2005/12/15 19:42:12 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2005/12/15 19:42:12 | 000,021,888 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2005/12/15 19:42:12 | 000,015,616 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2005/12/15 19:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005/12/15 19:42:10 | 000,094,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2005/12/15 19:28:54 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2005/12/06 10:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 10:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 10:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKU\S-1-5-21-776561741-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/02 10:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/12 12:54:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 22:52:59 | 000,000,000 | ---D | M]

[2009/05/30 10:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/05/30 10:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\MediaCoder
[2011/02/12 21:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions
[2010/04/27 17:44:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/30 14:40:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/10/25 19:32:03 | 000,000,000 | ---D | M] ("PandoraTV Toolbar") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\toolbar@ask.com
[2011/02/12 21:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 16:42:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/12 12:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2003/06/20 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-776561741-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\WINDOWS\system\HsMgr.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-776561741-790525478-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-776561741-790525478-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191641975203 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 21:33:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 20:52:47 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/02/13 20:29:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/02/12 23:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\DoctorWeb
[2011/02/12 17:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Vipre2
[2011/02/12 17:07:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/12 12:27:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/12 12:27:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/12 12:27:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/12 09:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/12 09:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2011/02/12 09:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/12 09:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/10 22:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/10 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/02/09 23:19:55 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/09 23:19:55 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/02/09 23:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Vipre
[2011/02/09 20:07:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/09 20:07:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/09 20:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/02 21:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Chittappa_1
[2011/02/01 20:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Edited_Pics
[2011/01/31 18:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\OZ_Flash_Drive
[2011/01/29 19:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Chittappa_1
[2011/01/29 18:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\Dropbox
[2011/01/29 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dropbox
[2011/01/29 18:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Dropbox
[2011/01/29 18:35:41 | 012,510,375 | ---- | C] (Wondershare) -- C:\Documents and Settings\User\My Documents\Copy of Chittappa_Memories_1.exe
[2011/01/29 10:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\HP
[2011/01/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/01/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\HP
[2011/01/29 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/01/29 10:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/01/29 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/29 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/01/29 10:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/01/29 10:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/01/29 08:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Wondershare Photo Story
[2011/01/29 08:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Wondershare DVD Slideshow Builder
[2011/01/29 08:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2011/01/28 23:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2011/01/28 23:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Flash Gallery Factory 5
[2011/01/28 23:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/01/28 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Desktop_Home
[2011/01/28 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/01/28 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/01/27 23:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2011/01/27 23:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MAGIX
[2011/01/27 23:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\MAGIX downloads
[2011/01/27 23:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\MAGIX
[2011/01/27 23:00:34 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\MXRestore.exe
[2011/01/27 23:00:34 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTIC32.dll
[2011/01/27 23:00:33 | 000,644,384 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2011/01/27 23:00:33 | 000,202,016 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2011/01/27 23:00:33 | 000,173,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2011/01/27 23:00:33 | 000,161,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2011/01/27 23:00:33 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDA32.dll
[2011/01/27 23:00:33 | 000,111,904 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2011/01/27 23:00:33 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPTL32.dll
[2011/01/27 23:00:33 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDF32.dll
[2011/01/27 23:00:33 | 000,058,656 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2011/01/27 23:00:33 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLTPO32.dll
[2011/01/27 23:00:33 | 000,054,560 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2011/01/27 23:00:33 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRJ32.dll
[2011/01/27 23:00:33 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIMG32.dll
[2011/01/27 23:00:33 | 000,042,272 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2011/01/27 23:00:33 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRD32.dll
[2011/01/27 23:00:33 | 000,038,176 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLMSC32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLISO32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDIR32.dll
[2011/01/27 23:00:33 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTI32.dll
[2011/01/27 23:00:33 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIX.dll
[2011/01/27 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\MAGIX_Xtreme_PhotoStory_on_CD_DVD_7_dlx_Download_version
[2011/01/27 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/01/27 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011/01/27 22:59:06 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2011/01/27 22:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2011/01/24 20:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Unity
[2011/01/24 20:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Unity
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2008/11/20 23:53:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/13 21:20:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/13 21:18:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/13 21:18:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 21:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/02/13 20:37:16 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/02/13 20:08:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\prvlcl.dat
[2011/02/13 19:58:24 | 106,067,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/13 19:45:05 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\User\My Documents\DrWeb.csv
[2011/02/13 00:07:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dr_Web_Instructions.doc
[2011/02/12 23:51:11 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Dr_Web_Instructions.doc
[2011/02/12 23:21:14 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 17:06:23 | 004,263,406 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/02/12 16:37:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/02/12 15:37:06 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/02/12 12:37:09 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/02/12 10:55:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/12 09:39:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/12 09:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/02/11 21:44:17 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 21:37:03 | 000,015,203 | ---- | M] () -- C:\Documents and Settings\User\Application Data\BXrzVzG.js
[2011/02/11 21:37:03 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/02/10 22:37:03 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/02/09 23:12:21 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Appappamama_Book.doc
[2011/02/09 20:07:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/09 19:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/02/09 18:37:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/02/09 17:37:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/02/09 17:02:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/06 14:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/02/03 23:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/01/31 18:28:14 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/01/31 18:28:14 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/30 00:17:24 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Chittappa_Book.doc
[2011/01/29 18:58:32 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dropbox.lnk
[2011/01/29 18:57:03 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/29 18:28:28 | 011,764,375 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Temporary_Slide_Show.swf
[2011/01/29 18:28:28 | 000,002,892 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Temporary_Slide_Show.html
[2011/01/29 18:27:09 | 012,510,375 | ---- | M] (Wondershare) -- C:\Documents and Settings\User\My Documents\Copy of Chittappa_Memories_1.exe
[2011/01/29 18:27:09 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\User\My Documents\autorun.inf
[2011/01/29 13:39:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/29 10:43:28 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/01/29 10:42:34 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/29 08:21:04 | 000,001,039 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
[2011/01/28 23:46:26 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory.lnk
[2011/01/28 23:44:36 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory Deluxe.lnk
[2011/01/28 18:23:13 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/01/27 23:10:57 | 000,006,642 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2011/01/27 23:04:51 | 000,001,105 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version.lnk
[2011/01/26 16:59:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/24 21:42:45 | 000,199,704 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Amma_Car_Soul_Cruze_Scion_Equinox.jpg
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/19 14:14:58 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\User\My Documents\AppappaMama.doc
[2011/01/17 22:20:36 | 001,539,584 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Baby Phat Ladies_Mens_24_Hour_Deal.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/13 20:37:14 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\W4bkBN.js
[2011/02/13 19:45:05 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\User\My Documents\DrWeb.csv
[2011/02/12 23:51:22 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Dr_Web_Instructions.doc
[2011/02/12 23:50:59 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Dr_Web_Instructions.doc
[2011/02/12 17:06:12 | 004,263,406 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/02/12 16:37:05 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\s69fYBeD.js
[2011/02/12 15:37:05 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\LU3kw.js
[2011/02/12 09:39:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/11 21:37:03 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\User\Application Data\BXrzVzG.js
[2011/02/09 21:48:49 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Appappamama_Book.doc
[2011/02/09 20:07:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/29 22:29:39 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Chittappa_Book.doc
[2011/01/29 18:58:32 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Dropbox.lnk
[2011/01/29 18:57:03 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/29 18:28:28 | 011,764,375 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Temporary_Slide_Show.swf
[2011/01/29 18:28:28 | 000,002,892 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Temporary_Slide_Show.html
[2011/01/29 18:27:09 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\User\My Documents\autorun.inf
[2011/01/29 10:43:28 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/29 10:42:53 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/01/29 10:42:34 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/29 10:35:05 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2011/01/29 08:21:04 | 000,001,039 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
[2011/01/28 23:46:26 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory.lnk
[2011/01/28 23:44:36 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory Deluxe.lnk
[2011/01/28 18:23:13 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/01/27 23:04:51 | 000,001,105 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version.lnk
[2011/01/27 23:00:33 | 000,014,182 | ---- | C] () -- C:\WINDOWS\System32\DLLAV32.lib
[2011/01/27 22:59:39 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011/01/27 22:59:06 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/01/25 21:37:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/01/25 21:37:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/01/24 21:42:09 | 000,199,704 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Amma_Car_Soul_Cruze_Scion_Equinox.jpg
[2011/01/18 23:27:14 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\User\My Documents\AppappaMama.doc
[2011/01/17 22:20:36 | 001,539,584 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Baby Phat Ladies_Mens_24_Hour_Deal.doc
[2010/12/31 18:57:46 | 000,000,098 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfl
[2010/12/31 18:57:25 | 000,002,766 | R--- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg
[2010/12/31 18:56:59 | 000,000,558 | R--- | C] () -- C:\WINDOWS\cmudaxp.ini
[2010/12/16 22:38:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/12/02 22:15:35 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\User\Application Data\AutoGK.ini
[2010/10/06 22:07:04 | 000,758,011 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-790525478-839522115-1003-0.dat
[2010/10/06 22:07:03 | 000,244,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/26 16:09:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/08/25 20:49:17 | 000,425,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/16 15:32:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\prvlcl.dat
[2009/12/14 16:47:54 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2009/03/06 21:15:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/05 21:58:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/01/30 00:55:50 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/29 21:05:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/20 23:53:41 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.log
[2008/11/20 23:53:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2008/11/20 23:53:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2008/11/20 23:53:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2007/10/05 22:23:07 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/05 22:23:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/10/05 22:23:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/10/05 22:22:52 | 000,002,296 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/10/05 22:20:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/10/05 17:21:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/21 14:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

OTL Extras logfile created on: 2/13/2011 9:21:32 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4605 9210 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 42.35 Gb Free Space | 9.09% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÁTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\User\Local Settings\Temp\522.tmp\KMService.exe" = C:\Documents and Settings\User\Local Settings\Temp\522.tmp\KMService.exe:*:Enabled:KMService
"C:\Documents and Settings\User\Local Settings\Temp\526.tmp\KMService.exe" = C:\Documents and Settings\User\Local Settings\Temp\526.tmp\KMService.exe:*:Enabled:KMService
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\User\Local Settings\Temp\1EA.tmp\KMService.exe" = C:\Documents and Settings\User\Local Settings\Temp\1EA.tmp\KMService.exe:*:Enabled:KMService


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0242ACA1-7607-4E61-BC34-3FAEB6344F8E}" = Pour l'amour du franšais Module 10
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}" = HP Scanjet G4000 Series
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11D0F890-CDC5-4C76-A026-D5A47415C928}" = Pour l'amour du franšais Module 7
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2612CB8A-C2F2-185B-5957-1B9121781D03}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23
"{2814D1CB-7038-4EE4-8421-9C18FD571014}" = hpg4000
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C029A87-10AD-4438-A087-2654430AFEF7}" = Pour l'amour du franšais Module 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45691DD2-563A-4C75-AFAA-C676DBB00CAB}" = Pour l'amour du franšais Module 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5DBF77-DAB8-A559-9F0F-F9440169FF50}" = Catalyst Control Center Graphics Previews Common
"{60B2C032-0BE3-49B8-BA28-58ABCECB2154}" = Pour l'amour du franšais Module 2
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6CE81783-FE36-447A-80A9-EC2B25806E5A}" = Pour l'amour du franšais Module 6
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{767658C9-1102-4AF0-8D19-9F627D5460C0}" = Pour l'amour du franšais Module 9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DF35521-755C-4056-9993-0FB78E53583C}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8800 smartphone
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C160FC0-F6D4-A50C-612D-E92003A40D3A}" = ccc-core-static
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98D1A713-438C-4A23-8AB6-41B37C4A2D47}" = VMware Workstation
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9EB9E56D-644B-2019-838F-A2B804B5229F}" = Catalyst Control Center InstallProxy
"{A0DB1D99-23F1-4406-8B72-5A3B46CF748E}" = Pour l'amour du franšais Module 1
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B6B45398-B8E9-4BA2-ACD8-65D61C65B8AE}" = MyVirtualHome
"{BD24A421-6983-E62B-495E-956544B28326}" = ATI Catalyst Install Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C7C5B767-9BA4-4296-82AA-1A3BFFA76CD1}" = ArcSoft ShowBiz DVD 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E630E780-1CD2-45E3-93DE-3F354B002FE0}" = Pour l'amour du franšais Module 3
"{EC02FA84-C4EC-40D6-A2D4-00D705717D08}" = Pour l'amour du franšais Module 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F7E5E140-F8BC-33F5-020C-F06398B2D67D}" = CCC Help English
"{F8A4D95F-4D74-41C3-B19E-124C54AE9792}" = Pour l'amour du franšais Module 4
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ADS Tech Master Installer V3.8" = ADS Tech Master Installer V3.8
"ADS Tech V3.8 DVD Xpress DX2 CapWiz" = ADS Tech V3.8 DVD Xpress DX2 CapWiz
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.5
"AVG" = AVG 2011
"Belarc Advisor" = Belarc Advisor 8.1
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CachemanXP 1.8.0.14" = CachemanXP 1.8.0.14
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"C-Media Oxygen HD Sound" = ASUS Xonar DG Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.1.7 Beta (29/09/2010)
"FairUse Wizard 2" = FairUse Wizard 2
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.11
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version US" = MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version 7.0.3.0 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4399
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyFreeCodec" = MyFreeCodec
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"OpenAL" = OpenAL
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Provincial Reference Manual (Ontario Edition)v1.0" = Provincial Reference Manual
"Real Estate Encyclopedia (Canadian Edition)v1.1" = Real Estate Encyclopedia 2006
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = ÁTorrent
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wondershare DVD Slideshow Builder Deluxe_is1" = Wondershare DVD Slideshow Builder Deluxe(Build 5.0.4.2)
"Wondershare Flash Gallery Factory Deluxe_is1" = Wondershare Flash Gallery Factory Deluxe 5.0.2
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
"uTorrent" = ÁTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2011 12:05:18 PM | Computer Name = UserBLKDSKTOP2 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 2/12/2011 1:21:15 PM | Computer Name = UserBLKDSKTOP2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2/13/2011 9:54:41 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 9:54:43 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 9:54:49 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 9:54:51 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 10:01:48 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 10:01:52 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 10:01:58 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 10:02:00 PM | Computer Name = UserBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

[ System Events ]
Error - 2/13/2011 1:11:05 AM | Computer Name = UserBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/13/2011 1:11:05 AM | Computer Name = UserBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The Forceware Web Interface service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/13/2011 1:11:05 AM | Computer Name = UserBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/13/2011 1:11:05 AM | Computer Name = UserBLKDSKTOP2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix BANTExt Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss
SASDIFSV
SASKUTIL
SCDEmu
Tcpip

Error - 2/13/2011 11:39:11 AM | Computer Name = UserBLKDSKTOP2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/13/2011 12:07:10 PM | Computer Name = UserBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/13/2011 12:07:16 PM | Computer Name = UserBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/13/2011 12:12:56 PM | Computer Name = UserBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/13/2011 8:46:02 PM | Computer Name = UserBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/13/2011 9:56:37 PM | Computer Name = UserBLKDSKTOP2 | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 13 February 2011 - 10:03 PM

Ok, yes it's not cleaning. I was going to have you post the OTL with a DDS log. So know we noeed a DDS log. But they both need to be posted in that other forum. You should not follow another person fix from that forum,as certain differences in pC structure can cause a serious issue.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the OTL log you posted earlier.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 February 2011 - 10:34 PM

I am now in the process of doing the DDS and GMER... ONce I post it into the New Thread will you be the one still helping me ? You are very knowledgeable and patient... I hope you will be.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 14 February 2011 - 11:36 AM

Thank you.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users