Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse Generic20.CLEL


  • This topic is locked This topic is locked
8 replies to this topic

#1 deluxster

deluxster

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 14 February 2011 - 07:04 AM

Mod EDIT: AII topic herehttp://www.bleepingcomputer.com/forums/topic379196.html/page__p__2132088#entry2132088

Log File for OTL.txt, Extra.txt and DDS.txt.

OTL logfile created on: 2/13/2011 10:48:59 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Lucky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 4605 9210 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 41.89 Gb Free Space | 8.99% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LUCKYBLKDSKTOP2 | User Name: Lucky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
PRC - [2011/01/27 00:40:24 | 023,361,424 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/01/13 10:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/18 12:32:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\gmer.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/15 23:11:08 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\AsusAudioCenter.exe
PRC - [2009/11/19 21:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/01/12 21:35:39 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\MXmon.exe
PRC - [2009/01/11 12:40:44 | 000,355,840 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008/12/15 20:46:16 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/11 02:04:22 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system\HsMgr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/14 17:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/07/13 15:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 15:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 17:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/12/15 19:42:10 | 000,217,088 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2005/12/15 19:42:10 | 000,135,168 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2005/12/15 19:42:10 | 000,106,496 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2005/12/15 19:28:52 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/23 02:26:20 | 000,217,088 | R--- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\HsSrv.dll
MOD - [2008/04/14 05:41:54 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/01/11 12:40:44 | 000,355,840 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2007/02/20 14:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/07/13 15:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 15:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 17:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/12/15 19:42:10 | 000,217,088 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2005/12/15 19:42:10 | 000,135,168 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2005/12/15 19:42:10 | 000,106,496 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2005/12/15 19:28:52 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/25 23:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/23 04:53:25 | 001,494,528 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/19 16:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/10 13:43:40 | 000,367,744 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/14 12:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/14 08:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/07/11 19:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 19:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/04/21 03:42:04 | 000,265,600 | R--- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2005/12/15 19:42:12 | 000,023,424 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2005/12/15 19:42:12 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2005/12/15 19:42:12 | 000,021,888 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2005/12/15 19:42:12 | 000,015,616 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2005/12/15 19:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005/12/15 19:42:10 | 000,094,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2005/12/15 19:28:54 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2005/12/06 10:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 10:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 10:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKU\S-1-5-21-776561741-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/02 10:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/12 12:54:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/13 21:56:41 | 000,000,000 | ---D | M]

[2009/05/30 10:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Extensions
[2009/05/30 10:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Extensions\MediaCoder
[2011/02/13 22:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions
[2010/04/27 17:44:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/30 14:40:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/10/25 19:32:03 | 000,000,000 | ---D | M] ("PandoraTV Toolbar") -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\toolbar@ask.com
[2011/02/13 22:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 16:42:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/13 21:53:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2003/06/20 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-776561741-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\WINDOWS\system\HsMgr.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-776561741-790525478-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-776561741-790525478-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Lucky\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Lucky\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191641975203 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 21:33:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 21:57:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucky\Recent
[2011/02/13 21:57:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/13 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/13 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/13 21:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/13 21:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/02/13 20:52:47 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
[2011/02/12 23:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\DoctorWeb
[2011/02/12 17:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Vipre2
[2011/02/12 12:27:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/12 12:27:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/12 12:27:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/12 09:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\SUPERAntiSpyware.com
[2011/02/12 09:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/09 23:19:55 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/09 23:19:55 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/02/09 23:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Vipre
[2011/02/09 20:07:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/09 20:07:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/09 20:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/02 21:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Chittappa_1
[2011/02/01 20:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Edited_Pics
[2011/01/31 18:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\OZ_Flash_Drive
[2011/01/29 19:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\Chittappa_1
[2011/01/29 18:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lucky\My Documents\Dropbox
[2011/01/29 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Start Menu\Programs\Dropbox
[2011/01/29 18:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\Dropbox
[2011/01/29 18:35:41 | 012,510,375 | ---- | C] (Wondershare) -- C:\Documents and Settings\Lucky\My Documents\Copy of Chittappa_Memories_1.exe
[2011/01/29 10:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Local Settings\Application Data\HP
[2011/01/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/01/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\HP
[2011/01/29 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/01/29 10:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/01/29 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/29 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/01/29 10:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/01/29 10:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/01/29 08:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\Wondershare Photo Story
[2011/01/29 08:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\Wondershare DVD Slideshow Builder
[2011/01/29 08:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2011/01/28 23:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2011/01/28 23:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Flash Gallery Factory 5
[2011/01/28 23:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/01/28 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Desktop_Home
[2011/01/28 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/01/28 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/01/27 23:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2011/01/27 23:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MAGIX
[2011/01/27 23:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\MAGIX downloads
[2011/01/27 23:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\MAGIX
[2011/01/27 23:00:34 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\MXRestore.exe
[2011/01/27 23:00:34 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTIC32.dll
[2011/01/27 23:00:33 | 000,644,384 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2011/01/27 23:00:33 | 000,202,016 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2011/01/27 23:00:33 | 000,173,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2011/01/27 23:00:33 | 000,161,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2011/01/27 23:00:33 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDA32.dll
[2011/01/27 23:00:33 | 000,111,904 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2011/01/27 23:00:33 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPTL32.dll
[2011/01/27 23:00:33 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDF32.dll
[2011/01/27 23:00:33 | 000,058,656 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2011/01/27 23:00:33 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLTPO32.dll
[2011/01/27 23:00:33 | 000,054,560 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2011/01/27 23:00:33 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRJ32.dll
[2011/01/27 23:00:33 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIMG32.dll
[2011/01/27 23:00:33 | 000,042,272 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2011/01/27 23:00:33 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRD32.dll
[2011/01/27 23:00:33 | 000,038,176 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLMSC32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLISO32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDIR32.dll
[2011/01/27 23:00:33 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTI32.dll
[2011/01/27 23:00:33 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIX.dll
[2011/01/27 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\MAGIX_Xtreme_PhotoStory_on_CD_DVD_7_dlx_Download_version
[2011/01/27 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/01/27 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011/01/27 22:59:06 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2011/01/27 22:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2011/01/24 20:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\Unity
[2011/01/24 20:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Local Settings\Application Data\Unity
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2008/11/20 23:53:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Lucky\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Lucky\Desktop\*.tmp files -> C:\Documents and Settings\Lucky\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/13 22:37:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/02/13 22:28:45 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\gmer.zip
[2011/02/13 22:23:57 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\dds.scr
[2011/02/13 22:18:08 | 000,933,376 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Dr_Web_Instructions.doc
[2011/02/13 22:17:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lucky\defogger_reenable
[2011/02/13 22:03:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Lucky\Desktop\~$_Web_Instructions.doc
[2011/02/13 22:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/13 22:00:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/13 21:58:45 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/13 21:58:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 21:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
[2011/02/13 20:37:16 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/02/13 20:08:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\prvlcl.dat
[2011/02/13 19:58:24 | 106,067,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/13 19:45:05 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\DrWeb.csv
[2011/02/12 23:51:11 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Dr_Web_Instructions.doc
[2011/02/12 23:21:14 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 17:06:23 | 004,263,406 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\ComboFix.exe
[2011/02/12 16:37:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/02/12 15:37:06 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/02/12 12:37:09 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/02/12 10:55:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/12 09:39:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/12 09:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/02/11 21:44:17 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 23:12:21 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Appappamama_Book.doc
[2011/02/09 20:07:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/09 19:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/02/09 18:37:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/02/09 17:37:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/02/09 17:02:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/06 14:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/02/03 23:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/01/31 18:28:14 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/01/31 18:28:14 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/30 00:17:24 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Chittappa_Book.doc
[2011/01/29 18:58:32 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Dropbox.lnk
[2011/01/29 18:57:03 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/29 18:28:28 | 011,764,375 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.swf
[2011/01/29 18:28:28 | 000,002,892 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.html
[2011/01/29 18:27:09 | 012,510,375 | ---- | M] (Wondershare) -- C:\Documents and Settings\Lucky\My Documents\Copy of Chittappa_Memories_1.exe
[2011/01/29 18:27:09 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\autorun.inf
[2011/01/29 13:39:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/29 10:43:28 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/01/29 10:42:34 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/29 08:21:04 | 000,001,039 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
[2011/01/28 23:46:26 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory.lnk
[2011/01/28 23:44:36 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory Deluxe.lnk
[2011/01/28 18:23:13 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/01/27 23:10:57 | 000,006,642 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2011/01/27 23:04:51 | 000,001,105 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version.lnk
[2011/01/26 16:59:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/24 21:42:45 | 000,199,704 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Amma_Car_Soul_Cruze_Scion_Equinox.jpg
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/19 14:14:58 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\AppappaMama.doc
[2011/01/17 22:20:36 | 001,539,584 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Baby Phat Ladies_Mens_24_Hour_Deal.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Lucky\Desktop\*.tmp files -> C:\Documents and Settings\Lucky\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/13 22:37:13 | 000,227,840 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\TlOVKy.exe
[2011/02/13 22:37:03 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\RCp67Z4D9.js
[2011/02/13 22:29:57 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\gmer.exe
[2011/02/13 22:29:00 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\gmer.zip
[2011/02/13 22:24:29 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\dds.scr
[2011/02/13 22:17:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lucky\defogger_reenable
[2011/02/13 22:03:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Lucky\Desktop\~$_Web_Instructions.doc
[2011/02/13 19:45:05 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\DrWeb.csv
[2011/02/12 23:51:22 | 000,933,376 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Dr_Web_Instructions.doc
[2011/02/12 23:50:59 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Dr_Web_Instructions.doc
[2011/02/12 17:06:12 | 004,263,406 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\ComboFix.exe
[2011/02/12 09:39:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/09 21:48:49 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Appappamama_Book.doc
[2011/02/09 20:07:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/29 22:29:39 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Chittappa_Book.doc
[2011/01/29 18:58:32 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Dropbox.lnk
[2011/01/29 18:57:03 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/29 18:28:28 | 011,764,375 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.swf
[2011/01/29 18:28:28 | 000,002,892 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.html
[2011/01/29 18:27:09 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\autorun.inf
[2011/01/29 10:43:28 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/29 10:42:53 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/01/29 10:42:34 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/29 10:35:05 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2011/01/29 08:21:04 | 000,001,039 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
[2011/01/28 23:46:26 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory.lnk
[2011/01/28 23:44:36 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory Deluxe.lnk
[2011/01/28 18:23:13 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/01/27 23:04:51 | 000,001,105 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version.lnk
[2011/01/27 23:00:33 | 000,014,182 | ---- | C] () -- C:\WINDOWS\System32\DLLAV32.lib
[2011/01/27 22:59:39 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011/01/27 22:59:06 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/01/25 21:37:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/01/25 21:37:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/01/24 21:42:09 | 000,199,704 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Amma_Car_Soul_Cruze_Scion_Equinox.jpg
[2011/01/18 23:27:14 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\AppappaMama.doc
[2011/01/17 22:20:36 | 001,539,584 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Baby Phat Ladies_Mens_24_Hour_Deal.doc
[2010/12/31 18:57:46 | 000,000,098 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfl
[2010/12/31 18:57:25 | 000,002,766 | R--- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg
[2010/12/31 18:56:59 | 000,000,558 | R--- | C] () -- C:\WINDOWS\cmudaxp.ini
[2010/12/16 22:38:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/12/02 22:15:35 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\AutoGK.ini
[2010/10/06 22:07:04 | 000,758,011 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-790525478-839522115-1003-0.dat
[2010/10/06 22:07:03 | 000,244,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/26 16:09:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/08/25 20:49:17 | 000,425,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/16 15:32:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\prvlcl.dat
[2009/12/14 16:47:54 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2009/03/06 21:15:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/05 21:58:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/01/30 00:55:50 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/29 21:05:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/20 23:53:41 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\pcouffin.log
[2008/11/20 23:53:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\inst.exe
[2008/11/20 23:53:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\pcouffin.cat
[2008/11/20 23:53:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\pcouffin.inf
[2007/10/05 22:23:07 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/05 22:23:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/10/05 22:23:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/10/05 22:22:52 | 000,002,296 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/10/05 22:20:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/10/05 17:21:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/21 14:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

OTL Extras logfile created on: 2/13/2011 10:48:59 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Lucky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 4605 9210 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 41.89 Gb Free Space | 8.99% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LUCKYBLKDSKTOP2 | User Name: Lucky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Lucky\Local Settings\Temp\522.tmp\KMService.exe" = C:\Documents and Settings\Lucky\Local Settings\Temp\522.tmp\KMService.exe:*:Enabled:KMService
"C:\Documents and Settings\Lucky\Local Settings\Temp\526.tmp\KMService.exe" = C:\Documents and Settings\Lucky\Local Settings\Temp\526.tmp\KMService.exe:*:Enabled:KMService
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Lucky\Local Settings\Temp\1EA.tmp\KMService.exe" = C:\Documents and Settings\Lucky\Local Settings\Temp\1EA.tmp\KMService.exe:*:Enabled:KMService


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0242ACA1-7607-4E61-BC34-3FAEB6344F8E}" = Pour l'amour du français Module 10
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}" = HP Scanjet G4000 Series
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11D0F890-CDC5-4C76-A026-D5A47415C928}" = Pour l'amour du français Module 7
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2612CB8A-C2F2-185B-5957-1B9121781D03}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23
"{2814D1CB-7038-4EE4-8421-9C18FD571014}" = hpg4000
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C029A87-10AD-4438-A087-2654430AFEF7}" = Pour l'amour du français Module 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45691DD2-563A-4C75-AFAA-C676DBB00CAB}" = Pour l'amour du français Module 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5DBF77-DAB8-A559-9F0F-F9440169FF50}" = Catalyst Control Center Graphics Previews Common
"{60B2C032-0BE3-49B8-BA28-58ABCECB2154}" = Pour l'amour du français Module 2
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6CE81783-FE36-447A-80A9-EC2B25806E5A}" = Pour l'amour du français Module 6
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{767658C9-1102-4AF0-8D19-9F627D5460C0}" = Pour l'amour du français Module 9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DF35521-755C-4056-9993-0FB78E53583C}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8800 smartphone
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C160FC0-F6D4-A50C-612D-E92003A40D3A}" = ccc-core-static
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98D1A713-438C-4A23-8AB6-41B37C4A2D47}" = VMware Workstation
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9EB9E56D-644B-2019-838F-A2B804B5229F}" = Catalyst Control Center InstallProxy
"{A0DB1D99-23F1-4406-8B72-5A3B46CF748E}" = Pour l'amour du français Module 1
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B6B45398-B8E9-4BA2-ACD8-65D61C65B8AE}" = MyVirtualHome
"{BD24A421-6983-E62B-495E-956544B28326}" = ATI Catalyst Install Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C7C5B767-9BA4-4296-82AA-1A3BFFA76CD1}" = ArcSoft ShowBiz DVD 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E630E780-1CD2-45E3-93DE-3F354B002FE0}" = Pour l'amour du français Module 3
"{EC02FA84-C4EC-40D6-A2D4-00D705717D08}" = Pour l'amour du français Module 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F7E5E140-F8BC-33F5-020C-F06398B2D67D}" = CCC Help English
"{F8A4D95F-4D74-41C3-B19E-124C54AE9792}" = Pour l'amour du français Module 4
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ADS Tech Master Installer V3.8" = ADS Tech Master Installer V3.8
"ADS Tech V3.8 DVD Xpress DX2 CapWiz" = ADS Tech V3.8 DVD Xpress DX2 CapWiz
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.5
"AVG" = AVG 2011
"Belarc Advisor" = Belarc Advisor 8.1
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CachemanXP 1.8.0.14" = CachemanXP 1.8.0.14
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"C-Media Oxygen HD Sound" = ASUS Xonar DG Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.1.7 Beta (29/09/2010)
"FairUse Wizard 2" = FairUse Wizard 2
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.11
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version US" = MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version 7.0.3.0 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4399
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyFreeCodec" = MyFreeCodec
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"OpenAL" = OpenAL
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Provincial Reference Manual (Ontario Edition)v1.0" = Provincial Reference Manual
"Real Estate Encyclopedia (Canadian Edition)v1.1" = Real Estate Encyclopedia 2006
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wondershare DVD Slideshow Builder Deluxe_is1" = Wondershare DVD Slideshow Builder Deluxe(Build 5.0.4.2)
"Wondershare Flash Gallery Factory Deluxe_is1" = Wondershare Flash Gallery Factory Deluxe 5.0.2
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2011 12:05:18 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 2/12/2011 1:21:15 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2/13/2011 9:54:41 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 9:54:43 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 9:54:49 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 9:54:51 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 10:01:48 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 10:01:52 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 10:01:58 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 10:02:00 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

[ System Events ]
Error - 2/13/2011 10:51:44 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The Forceware Web Interface service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix BANTExt Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss
SASDIFSV
SASKUTIL
SCDEmu
Tcpip

Error - 2/13/2011 10:52:44 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/13/2011 10:53:02 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2/13/2011 10:53:03 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >


DDS (Ver_10-12-12.02) - NTFSx86
Run by Lucky at 22:27:23.59 on Sun 02/13/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2162 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *Disabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system\HsMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\Program\ASUSAUDIOCENTER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\Program\MXMon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Lucky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.ca
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\lucky\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\lucky\application data\dropbox\bin\Dropbox.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Free YouTube Download - c:\documents and settings\lucky\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\lucky\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191641975203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lucky\applic~1\mozilla\firefox\profiles\dv3tvoqk.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\lucky\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\lucky\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-23 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-2-9 98392]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2009-2-24 355840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-12-31 1494528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2011-1-27 1527900]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2007-10-5 815104]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-5-10 367744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-14 02:57:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-02-14 02:57:08 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-02-13 04:57:10 -------- d-----w- c:\documents and settings\lucky\DoctorWeb
2011-02-12 14:39:53 -------- d-----w- c:\docume~1\lucky\applic~1\SUPERAntiSpyware.com
2011-02-12 14:39:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-10 04:19:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-10 04:19:55 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-02-10 01:07:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 01:07:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 01:07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-29 23:56:40 -------- d-----w- c:\docume~1\lucky\applic~1\Dropbox
2011-01-29 15:46:52 -------- d-----w- c:\docume~1\lucky\locals~1\applic~1\HP
2011-01-29 15:45:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2011-01-29 15:42:06 -------- d-----w- c:\program files\common files\HP
2011-01-29 15:42:06 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-01-29 15:41:58 -------- d-----w- c:\program files\HP
2011-01-29 13:23:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Wondershare
2011-01-29 04:40:19 -------- d-----w- c:\program files\Wondershare
2011-01-28 23:23:10 -------- d-----w- c:\program files\Seagate
2011-01-28 04:10:18 -------- d-----w- c:\program files\common files\MAGIX Shared
2011-01-28 04:01:08 -------- d-----w- c:\docume~1\lucky\applic~1\MAGIX
2011-01-28 03:59:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MAGIX
2011-01-28 03:59:39 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2011-01-28 03:59:39 -------- d-----w- c:\program files\MAGIX
2011-01-28 03:59:06 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2011-01-28 03:59:06 -------- d-----w- c:\windows\system32\MAGIX
2011-01-25 01:57:12 -------- d-----w- c:\docume~1\lucky\applic~1\Unity
2011-01-25 01:44:42 -------- d-----w- c:\docume~1\lucky\locals~1\applic~1\Unity
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 23:57:26 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-31 23:57:25 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-17 01:59:52 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-12 21:09:16 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-05 16:55:05 87608 ----a-w- c:\docume~1\lucky\applic~1\inst.exe
2010-12-05 16:55:05 47360 ----a-w- c:\docume~1\lucky\applic~1\pcouffin.sys
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-26 03:57:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23:36 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:23:36 471040 ----a-w- c:\windows\system32\atiok3x2(2).dll
2010-11-26 03:12:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07:34 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07:24 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06:14 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55:42 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54:36 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:54:36 302080 ----a-w- c:\windows\system32\ati2dvag(2).dll
2010-11-26 02:48:02 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:48:02 3984864 ----a-w- c:\windows\system32\ati3duag(2).dll
2010-11-26 02:34:50 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34:50 212992 ----a-w- c:\windows\system32\atipdlxx(2).dll
2010-11-26 02:34:38 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34:28 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34:22 43520 ----a-w- c:\windows\system32\ati2edxx(2).dll
2010-11-26 02:34:10 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:34:10 159744 ----a-w- c:\windows\system32\ati2evxx(2).dll
2010-11-26 02:32:42 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32:42 614400 ----a-w- c:\windows\system32\ati2evxx(2).exe
2010-11-26 02:32:24 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:32:24 2669696 ----a-w- c:\windows\system32\ativvaxx(2).dll
2010-11-26 02:31:16 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26:38 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:26:38 651264 ----a-w- c:\windows\system32\atikvmag(2).dll
2010-11-26 02:24:46 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24:46 196608 ----a-w- c:\windows\system32\atiadlxx(2).dll
2010-11-26 02:24:22 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18:16 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:18:16 765952 ----a-w- c:\windows\system32\ati2cqag(2).dll
2010-11-26 02:16:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-25 01:18:06 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-11-25 01:18:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-25 01:18:01 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 22:28:06.25 ===============

Attached Files


Edited by boopme, 14 February 2011 - 07:28 PM.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:39 AM

Posted 18 February 2011 - 04:09 PM

Hi,

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

It has been a few days so please get a new OTL scan.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report


Once you have the above log, click on the Add Reply button below, copy in the contents of the OTL log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:39 AM

Posted 18 February 2011 - 04:47 PM

I see you downloaded ComboFix on 2/12. Please copy the contents of C:\ComboFix.txt into your reply. You should never download and run ComboFix unless instructed to do so. Hopefully, you have not damaged your system.
Shannon

#4 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 February 2011 - 08:29 PM

Hey Shannon... Sorry for the late response... I did download combofix that day but I never ran anything. I am going to post the latest OTL results.

#5 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 February 2011 - 08:32 PM

OTL logfile created on: 2/20/2011 8:29:03 PM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Lucky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4605 9210 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 33.73 Gb Free Space | 7.24% Space Free | Partition Type: NTFS

Computer Name: LUCKYBLKDSKTOP2 | User Name: Lucky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
PRC - [2011/01/27 00:40:24 | 023,361,424 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/01/13 10:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/18 12:32:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/15 23:11:08 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\AsusAudioCenter.exe
PRC - [2009/01/12 21:35:39 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\MXmon.exe
PRC - [2009/01/11 12:40:44 | 000,355,840 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008/12/15 20:46:16 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/11 02:04:22 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system\HsMgr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/14 17:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/07/13 15:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 15:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 17:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/12/15 19:42:10 | 000,217,088 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2005/12/15 19:42:10 | 000,135,168 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2005/12/15 19:42:10 | 000,106,496 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2005/12/15 19:28:52 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/23 02:26:20 | 000,217,088 | R--- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\HsSrv.dll
MOD - [2008/04/14 05:41:54 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/01/11 12:40:44 | 000,355,840 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2007/02/20 14:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/07/13 15:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 15:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 17:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/12/15 19:42:10 | 000,217,088 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2005/12/15 19:42:10 | 000,135,168 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2005/12/15 19:42:10 | 000,106,496 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2005/12/15 19:28:52 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX«) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/25 23:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/23 04:53:25 | 001,494,528 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/19 16:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/10 13:43:40 | 000,367,744 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/14 12:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/14 08:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/07/11 19:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 19:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/04/21 03:42:04 | 000,265,600 | R--- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2005/12/15 19:42:12 | 000,023,424 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2005/12/15 19:42:12 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2005/12/15 19:42:12 | 000,021,888 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2005/12/15 19:42:12 | 000,015,616 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2005/12/15 19:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005/12/15 19:42:10 | 000,094,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2005/12/15 19:28:54 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2005/12/06 10:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 10:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 10:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKU\S-1-5-21-776561741-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/02 10:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/12 12:54:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/13 21:56:41 | 000,000,000 | ---D | M]

[2009/05/30 10:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Extensions
[2009/05/30 10:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Extensions\MediaCoder
[2011/02/16 22:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions
[2010/04/27 17:44:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/30 14:40:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/10/25 19:32:03 | 000,000,000 | ---D | M] ("PandoraTV Toolbar") -- C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\dv3tvoqk.default\extensions\toolbar@ask.com
[2011/02/16 22:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 16:42:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/15 21:41:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/15 21:41:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2003/06/20 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-776561741-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\WINDOWS\system\HsMgr.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-776561741-790525478-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-776561741-790525478-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Lucky\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Lucky\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191641975203 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 21:33:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/17 01:41:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucky\Recent
[2011/02/15 21:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Comp268
[2011/02/15 21:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/02/15 21:41:22 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/15 21:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Start Menu\Programs\Notepad++
[2011/02/15 21:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/02/15 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/02/15 21:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\Notepad++
[2011/02/14 23:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/02/13 21:57:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/13 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/13 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/13 21:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/13 21:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/02/13 20:52:47 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
[2011/02/12 23:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\DoctorWeb
[2011/02/12 17:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Vipre2
[2011/02/12 12:27:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/12 12:27:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/12 12:27:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/12 09:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\SUPERAntiSpyware.com
[2011/02/12 09:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/09 23:19:55 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/09 23:19:55 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/02/09 23:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Vipre
[2011/02/09 20:07:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/09 20:07:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/09 20:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/02 21:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Chittappa_1
[2011/02/01 20:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Edited_Pics
[2011/01/31 18:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\OZ_Flash_Drive
[2011/01/29 19:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\Chittappa_1
[2011/01/29 18:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lucky\My Documents\Dropbox
[2011/01/29 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Start Menu\Programs\Dropbox
[2011/01/29 18:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\Dropbox
[2011/01/29 18:35:41 | 012,510,375 | ---- | C] (Wondershare) -- C:\Documents and Settings\Lucky\My Documents\Copy of Chittappa_Memories_1.exe
[2011/01/29 10:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Local Settings\Application Data\HP
[2011/01/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/01/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\HP
[2011/01/29 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/01/29 10:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/01/29 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/29 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/01/29 10:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/01/29 10:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/01/29 08:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\Wondershare Photo Story
[2011/01/29 08:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\Wondershare DVD Slideshow Builder
[2011/01/29 08:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2011/01/28 23:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2011/01/28 23:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Flash Gallery Factory 5
[2011/01/28 23:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/01/28 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Desktop\Desktop_Home
[2011/01/28 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/01/28 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/01/27 23:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2011/01/27 23:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MAGIX
[2011/01/27 23:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\MAGIX downloads
[2011/01/27 23:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\MAGIX
[2011/01/27 23:00:34 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\MXRestore.exe
[2011/01/27 23:00:34 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTIC32.dll
[2011/01/27 23:00:33 | 000,644,384 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2011/01/27 23:00:33 | 000,202,016 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2011/01/27 23:00:33 | 000,173,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2011/01/27 23:00:33 | 000,161,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2011/01/27 23:00:33 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDA32.dll
[2011/01/27 23:00:33 | 000,111,904 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2011/01/27 23:00:33 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPTL32.dll
[2011/01/27 23:00:33 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDF32.dll
[2011/01/27 23:00:33 | 000,058,656 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2011/01/27 23:00:33 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLTPO32.dll
[2011/01/27 23:00:33 | 000,054,560 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2011/01/27 23:00:33 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRJ32.dll
[2011/01/27 23:00:33 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIMG32.dll
[2011/01/27 23:00:33 | 000,042,272 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2011/01/27 23:00:33 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRD32.dll
[2011/01/27 23:00:33 | 000,038,176 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLMSC32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLISO32.dll
[2011/01/27 23:00:33 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDIR32.dll
[2011/01/27 23:00:33 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTI32.dll
[2011/01/27 23:00:33 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIX.dll
[2011/01/27 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\My Documents\MAGIX_Xtreme_PhotoStory_on_CD_DVD_7_dlx_Download_version
[2011/01/27 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/01/27 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011/01/27 22:59:06 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2011/01/27 22:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2011/01/24 20:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Application Data\Unity
[2011/01/24 20:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucky\Local Settings\Application Data\Unity
[2008/11/20 23:53:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Lucky\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/20 20:27:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Lucky\Desktop\~$_Web_Instructions.doc
[2011/02/20 20:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/20 19:37:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/02/20 19:35:37 | 106,652,153 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/20 19:32:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/20 19:31:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/20 19:31:27 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/02/20 19:31:27 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/02/20 19:31:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/17 23:22:35 | 000,261,244 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Security_2.pdf
[2011/02/17 23:20:17 | 000,005,348 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\330-23_e.pdf
[2011/02/17 22:38:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\prvlcl.dat
[2011/02/17 22:28:44 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/02/17 22:16:28 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/02/17 00:42:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/16 10:53:25 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/02/15 21:41:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/15 21:41:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/15 21:41:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/15 21:41:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/15 21:41:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/15 21:40:36 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Notepad++.lnk
[2011/02/15 21:09:31 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/02/15 21:09:31 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/02/15 21:09:31 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/02/14 23:39:31 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Employment History_Detailed_Months.doc
[2011/02/14 23:14:19 | 000,460,257 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Security_1.pdf
[2011/02/14 23:12:21 | 000,005,350 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\330-60-eng.pdf
[2011/02/14 23:04:41 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Employment History_Address_10_Years.doc
[2011/02/14 23:00:16 | 000,005,350 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\SECURITY_CLEARANCE_FORM.pdf
[2011/02/14 18:47:04 | 000,938,496 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Dr_Web_Instructions.doc
[2011/02/14 17:16:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/02/14 17:16:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/02/14 17:16:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/02/14 17:16:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/02/14 17:16:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/02/13 22:28:45 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\gmer.zip
[2011/02/13 22:23:57 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\dds.scr
[2011/02/13 22:17:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lucky\defogger_reenable
[2011/02/13 20:52:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucky\Desktop\OTL.exe
[2011/02/13 19:45:05 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\DrWeb.csv
[2011/02/12 23:51:11 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Dr_Web_Instructions.doc
[2011/02/12 23:21:14 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 17:06:23 | 004,263,406 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\ComboFix.exe
[2011/02/12 16:37:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/02/12 15:37:06 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/02/12 12:37:09 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/02/12 10:55:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/12 09:39:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/12 09:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/02/11 21:44:17 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 23:12:21 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Appappamama_Book.doc
[2011/02/09 20:07:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/09 17:02:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/06 14:37:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/01/31 18:28:14 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/01/31 18:28:14 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/30 00:17:24 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Chittappa_Book.doc
[2011/01/29 18:58:32 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Dropbox.lnk
[2011/01/29 18:57:03 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/29 18:28:28 | 011,764,375 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.swf
[2011/01/29 18:28:28 | 000,002,892 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.html
[2011/01/29 18:27:09 | 012,510,375 | ---- | M] (Wondershare) -- C:\Documents and Settings\Lucky\My Documents\Copy of Chittappa_Memories_1.exe
[2011/01/29 18:27:09 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\Lucky\My Documents\autorun.inf
[2011/01/29 10:43:28 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/01/29 10:43:07 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/01/29 10:42:34 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/29 08:21:04 | 000,001,039 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
[2011/01/28 23:46:26 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory.lnk
[2011/01/28 23:44:36 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory Deluxe.lnk
[2011/01/28 18:23:13 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/01/27 23:10:57 | 000,006,642 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2011/01/27 23:04:51 | 000,001,105 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version.lnk
[2011/01/26 16:59:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/24 21:42:45 | 000,199,704 | ---- | M] () -- C:\Documents and Settings\Lucky\Desktop\Amma_Car_Soul_Cruze_Scion_Equinox.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/20 20:27:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Lucky\Desktop\~$_Web_Instructions.doc
[2011/02/17 23:21:44 | 000,261,244 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Security_2.pdf
[2011/02/17 23:20:16 | 000,005,348 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\330-23_e.pdf
[2011/02/17 22:28:51 | 000,001,105 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\Rim.Desktop.HttpServerSetup.log
[2011/02/17 22:28:44 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/02/15 21:40:36 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Notepad++.lnk
[2011/02/14 23:27:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Employment History_Detailed_Months.doc
[2011/02/14 23:13:08 | 000,460,257 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Security_1.pdf
[2011/02/14 23:01:41 | 000,005,350 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\330-60-eng.pdf
[2011/02/14 23:00:14 | 000,005,350 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\SECURITY_CLEARANCE_FORM.pdf
[2011/02/14 01:37:36 | 000,227,840 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cyeuBQ1lA.exe
[2011/02/14 01:37:17 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\TXMWKo.js
[2011/02/13 23:37:20 | 000,227,840 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\HIs4R6ffVY.exe
[2011/02/13 23:37:03 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\tcUY9Hll2s.js
[2011/02/13 22:37:13 | 000,227,840 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\TlOVKy.exe
[2011/02/13 22:37:03 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\RCp67Z4D9.js
[2011/02/13 22:29:57 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\gmer.exe
[2011/02/13 22:29:00 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\gmer.zip
[2011/02/13 22:24:29 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\dds.scr
[2011/02/13 22:17:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lucky\defogger_reenable
[2011/02/13 19:45:05 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\DrWeb.csv
[2011/02/12 23:51:22 | 000,938,496 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Dr_Web_Instructions.doc
[2011/02/12 23:50:59 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Dr_Web_Instructions.doc
[2011/02/12 17:06:12 | 004,263,406 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\ComboFix.exe
[2011/02/12 09:39:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/09 21:48:49 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Appappamama_Book.doc
[2011/02/09 20:07:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/29 22:29:39 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Chittappa_Book.doc
[2011/01/29 18:58:32 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Dropbox.lnk
[2011/01/29 18:57:03 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/29 18:28:28 | 011,764,375 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.swf
[2011/01/29 18:28:28 | 000,002,892 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\Temporary_Slide_Show.html
[2011/01/29 18:27:09 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Lucky\My Documents\autorun.inf
[2011/01/29 10:43:28 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2011/01/29 10:42:53 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/01/29 10:42:34 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/29 10:35:05 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2011/01/29 08:21:04 | 000,001,039 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
[2011/01/28 23:46:26 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory.lnk
[2011/01/28 23:44:36 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare Flash Gallery Factory Deluxe.lnk
[2011/01/28 18:23:13 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/01/27 23:04:51 | 000,001,105 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version.lnk
[2011/01/27 23:00:33 | 000,014,182 | ---- | C] () -- C:\WINDOWS\System32\DLLAV32.lib
[2011/01/27 22:59:39 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011/01/27 22:59:06 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/01/25 21:37:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/01/25 21:37:46 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/01/25 21:37:45 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/01/25 21:37:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/01/25 21:37:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/01/25 21:37:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/01/24 21:42:09 | 000,199,704 | ---- | C] () -- C:\Documents and Settings\Lucky\Desktop\Amma_Car_Soul_Cruze_Scion_Equinox.jpg
[2010/12/31 18:57:46 | 000,000,098 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfl
[2010/12/31 18:57:25 | 000,002,766 | R--- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg
[2010/12/31 18:56:59 | 000,000,558 | R--- | C] () -- C:\WINDOWS\cmudaxp.ini
[2010/12/16 22:38:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/12/02 22:15:35 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\AutoGK.ini
[2010/10/06 22:07:04 | 000,758,011 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-790525478-839522115-1003-0.dat
[2010/10/06 22:07:03 | 000,244,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/26 16:09:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/08/25 20:49:17 | 000,425,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/16 15:32:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\prvlcl.dat
[2009/12/14 16:47:54 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2009/03/06 21:15:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/05 21:58:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/01/30 00:55:50 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Lucky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/29 21:05:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/20 23:53:41 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\pcouffin.log
[2008/11/20 23:53:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\inst.exe
[2008/11/20 23:53:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\pcouffin.cat
[2008/11/20 23:53:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Lucky\Application Data\pcouffin.inf
[2007/10/05 22:23:07 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/05 22:23:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/10/05 22:23:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/10/05 22:22:52 | 000,002,296 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/10/05 22:20:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/10/05 17:21:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/21 14:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

OTL Extras logfile created on: 2/20/2011 8:29:03 PM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Lucky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4605 9210 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 33.73 Gb Free Space | 7.24% Space Free | Partition Type: NTFS

Computer Name: LUCKYBLKDSKTOP2 | User Name: Lucky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÁTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Lucky\Local Settings\Temp\522.tmp\KMService.exe" = C:\Documents and Settings\Lucky\Local Settings\Temp\522.tmp\KMService.exe:*:Enabled:KMService
"C:\Documents and Settings\Lucky\Local Settings\Temp\526.tmp\KMService.exe" = C:\Documents and Settings\Lucky\Local Settings\Temp\526.tmp\KMService.exe:*:Enabled:KMService
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Lucky\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Lucky\Local Settings\Temp\1EA.tmp\KMService.exe" = C:\Documents and Settings\Lucky\Local Settings\Temp\1EA.tmp\KMService.exe:*:Enabled:KMService
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0242ACA1-7607-4E61-BC34-3FAEB6344F8E}" = Pour l'amour du franšais Module 10
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}" = HP Scanjet G4000 Series
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11D0F890-CDC5-4C76-A026-D5A47415C928}" = Pour l'amour du franšais Module 7
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2612CB8A-C2F2-185B-5957-1B9121781D03}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2814D1CB-7038-4EE4-8421-9C18FD571014}" = hpg4000
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C029A87-10AD-4438-A087-2654430AFEF7}" = Pour l'amour du franšais Module 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45691DD2-563A-4C75-AFAA-C676DBB00CAB}" = Pour l'amour du franšais Module 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5DBF77-DAB8-A559-9F0F-F9440169FF50}" = Catalyst Control Center Graphics Previews Common
"{60B2C032-0BE3-49B8-BA28-58ABCECB2154}" = Pour l'amour du franšais Module 2
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6CE81783-FE36-447A-80A9-EC2B25806E5A}" = Pour l'amour du franšais Module 6
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{767658C9-1102-4AF0-8D19-9F627D5460C0}" = Pour l'amour du franšais Module 9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DF35521-755C-4056-9993-0FB78E53583C}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8800 smartphone
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C160FC0-F6D4-A50C-612D-E92003A40D3A}" = ccc-core-static
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98D1A713-438C-4A23-8AB6-41B37C4A2D47}" = VMware Workstation
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9EB9E56D-644B-2019-838F-A2B804B5229F}" = Catalyst Control Center InstallProxy
"{A0DB1D99-23F1-4406-8B72-5A3B46CF748E}" = Pour l'amour du franšais Module 1
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B6B45398-B8E9-4BA2-ACD8-65D61C65B8AE}" = MyVirtualHome
"{BD24A421-6983-E62B-495E-956544B28326}" = ATI Catalyst Install Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C7C5B767-9BA4-4296-82AA-1A3BFFA76CD1}" = ArcSoft ShowBiz DVD 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E630E780-1CD2-45E3-93DE-3F354B002FE0}" = Pour l'amour du franšais Module 3
"{EC02FA84-C4EC-40D6-A2D4-00D705717D08}" = Pour l'amour du franšais Module 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F7E5E140-F8BC-33F5-020C-F06398B2D67D}" = CCC Help English
"{F8A4D95F-4D74-41C3-B19E-124C54AE9792}" = Pour l'amour du franšais Module 4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ADS Tech Master Installer V3.8" = ADS Tech Master Installer V3.8
"ADS Tech V3.8 DVD Xpress DX2 CapWiz" = ADS Tech V3.8 DVD Xpress DX2 CapWiz
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.5
"AVG" = AVG 2011
"Belarc Advisor" = Belarc Advisor 8.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CachemanXP 1.8.0.14" = CachemanXP 1.8.0.14
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"C-Media Oxygen HD Sound" = ASUS Xonar DG Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.1.7 Beta (29/09/2010)
"FairUse Wizard 2" = FairUse Wizard 2
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.11
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version US" = MAGIX Xtreme PhotoStory on CD & DVD 7 deluxe Download version 7.0.3.0 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4399
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyFreeCodec" = MyFreeCodec
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Provincial Reference Manual (Ontario Edition)v1.0" = Provincial Reference Manual
"Real Estate Encyclopedia (Canadian Edition)v1.1" = Real Estate Encyclopedia 2006
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = ÁTorrent
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wondershare DVD Slideshow Builder Deluxe_is1" = Wondershare DVD Slideshow Builder Deluxe(Build 5.0.4.2)
"Wondershare Flash Gallery Factory Deluxe_is1" = Wondershare Flash Gallery Factory Deluxe 5.0.2
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
"uTorrent" = ÁTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2011 12:05:18 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 2/12/2011 1:21:15 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2/13/2011 9:54:41 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 9:54:43 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 9:54:49 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 9:54:51 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 10:01:48 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 10:01:52 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

Error - 2/13/2011 10:01:58 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 10:02:00 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 735639368.

[ System Events ]
Error - 2/13/2011 10:51:44 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The Forceware Web Interface service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/13/2011 10:52:38 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix BANTExt Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss
SASDIFSV
SASKUTIL
SCDEmu
Tcpip

Error - 2/13/2011 10:52:44 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/13/2011 10:53:02 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2/13/2011 10:53:03 PM | Computer Name = LUCKYBLKDSKTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:39 AM

Posted 21 February 2011 - 09:27 AM

Hi-

What problems are you currently experiencing with your computer?
Shannon

#7 deluxster

deluxster
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 February 2011 - 09:01 PM

Nothing crazy just a pop up with AVG saying that I have the Trojan Horse Generic20.CLEL ... also, I can't go back into any of my restore points as I think it is corrupted by the Trojan.

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:39 AM

Posted 24 February 2011 - 11:30 AM

Hi-

Thank you for the logs and the current status.

Delete ComboFix.exe from your desktop. We need to use a fresh copy.

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, please copy in the ComboFix log.
Shannon

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:39 AM

Posted 04 March 2011 - 09:16 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users