[Helger]

hi, i have a problem. Almost everytime, when i start computer, my pc starts freezing for 1 sec, then unfreez again and then freez and so on for few hours. If i do restart, then problem is gone. Also, if the freez is over,i can be on for 1 h and then again, freeze time.

[Advertisements]

Hi, welcome to Geeks to Go !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:

• Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
• I recommend reading my instructions at least once before carrying them out, this will make sure you understand them before you start.
• Try to reply every one-two days, I'll try to do the same. At some point your computer will run better (hopefully ), but this doesn't mean all malware is removed!
  Therefore it's very important to keep following my instructions. I'll tell you when we are done.
• Please don't run any other malware removal tools/programs or instructions that I didn't asked for.
• It's important follow all instructions as told. If you have any questions, don't hesitate to ask!

Let's get to work now

Please follow these steps:

============ Step one ============

Please download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Make sure the Output is set on Standard Output at the top
• Select Scan all users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scans/Fixes box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your next post

============ Step two ============

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Aaron]

Hi, welcome to Geeks to Go !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:

• Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
• I recommend reading my instructions at least once before carrying them out, this will make sure you understand them before you start.
• Try to reply every one-two days, I'll try to do the same. At some point your computer will run better (hopefully ), but this doesn't mean all malware is removed!
  Therefore it's very important to keep following my instructions. I'll tell you when we are done.
• Please don't run any other malware removal tools/programs or instructions that I didn't asked for.
• It's important follow all instructions as told. If you have any questions, don't hesitate to ask!

Let's get to work now

Please follow these steps:

============ Step one ============

Please download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Make sure the Output is set on Standard Output at the top
• Select Scan all users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scans/Fixes box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your next post

============ Step two ============

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Helger]

OTL logfile created on: 3.10.2010 20:53:37 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Dowloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy

511,00 Mb Total Physical Memory | 57,00 Mb Available Physical Memory | 11,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,00 Gb Total Space | 0,64 Gb Free Space | 6,39% Space Free | Partition Type: NTFS
Drive D: | 66,68 Gb Total Space | 18,43 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KODUNE-579A7A74
Current User Name: Kasutaja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.10.03 19:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Dowloads\OTL.exe
PRC - [2010.09.29 18:39:08 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.09.20 14:43:37 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.09.20 14:41:08 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010.09.17 21:50:06 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.17 21:50:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.08.27 16:01:24 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.08.27 15:59:38 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.08.09 13:57:42 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.08.09 13:57:34 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.07.15 10:00:06 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.07.15 09:59:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.15 09:53:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.07.15 09:53:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.07.15 09:52:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.11.16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009.09.16 16:27:52 | 000,196,608 | ---- | M] () -- C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.10.03 19:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Dowloads\OTL.exe
MOD - [2008.04.14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe -- (MyWebSearchService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.09.20 14:41:08 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010.09.14 21:06:44 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.27 15:59:38 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 15:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.08.09 13:57:34 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.07.15 09:59:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.06.30 14:23:12 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.11.16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.10.26 02:06:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.07.11 03:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 03:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008.07.11 03:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Kasutaja\LOCALS~1\Temp\vtayn.sys -- (vtayn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.08.09 13:59:52 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010.08.09 13:58:01 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010.08.09 13:57:56 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010.08.09 13:57:50 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010.08.09 13:56:41 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.08.09 13:56:41 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010.07.15 10:00:17 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.15 10:00:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.07.15 09:53:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.07.15 09:53:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.04.28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010.04.12 11:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010.02.25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.02.21 18:04:01 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010.02.11 15:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.12.01 00:09:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.07 20:38:55 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009.02.26 01:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.04.14 03:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.01.23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.01.23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.01.23 15:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.01.23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.09.24 16:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2001.08.23 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996.04.03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = et
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 60 F0 C9 E6 E3 CA 01 [binary data]
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll ()
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.neti.ee/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect...inampab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.09.20 14:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.08.09 13:59:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 23:22:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 22:41:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.09.20 16:37:50 | 000,000,000 | ---D | M]

[2009.07.06 15:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Extensions
[2010.10.03 19:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\extensions
[2010.04.27 20:26:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.15 09:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\extensions\[email protected]
[2010.07.14 22:05:49 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\searchplugins\bing.xml
[2009.11.13 15:32:37 | 000,001,248 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\searchplugins\fl4sh-music-search.xml
[2009.11.23 16:37:25 | 000,001,201 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\searchplugins\winamp-search.xml
[2010.10.03 19:09:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.24 21:47:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 09:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.09.16 16:27:52 | 000,057,344 | ---- | M] (blinkx) -- C:\Program Files\Mozilla Firefox\plugins\np_blinkx_plugin.dll
[2010.09.17 22:41:39 | 000,001,132 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\blinkxtoolbar.xml
[2010.03.12 17:45:19 | 000,001,159 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eki-ee.xml
[2010.03.12 17:45:19 | 000,001,960 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\neti-ee.xml
[2010.03.12 17:45:20 | 000,000,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\osta-ee.xml
[2010.03.12 17:45:20 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-et.xml

O1 HOSTS File: ([2010.07.29 16:52:35 | 000,001,380 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 15 more lines...
O2 - BHO: (The blinkx Toolbar) - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_bho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll ()
O3 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\downloads\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003..\Run: [blinkx_toolbar] C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe ()
O4 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003..\Run: [DAEMON Tools Lite] D:\downloads\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rundll.exe = "rundll.exe "
O9 - Extra Button: Lisa ajaveebi - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Lisa see ajaveebi rakenduse Windows Live Writer kaudu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (SDLoader.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kasutaja\My Documents\My Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kasutaja\My Documents\My Pictures\untitled.bmp
O28 - HKLM ShellExecuteHooks: {68101905-D80F-4788-96F6-98618116178A} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.06 13:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\System32\sshnas21.dll File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - Reg Error: Value error. File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Reg Error: Value error.
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {H5K80SSF-L6S8-L42S-76Y4-30IQV151633U} -
ActiveX: {L17VSL2L-WD2S-DW7D-3O30-B267UDHUP01J} -
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 90 Days ==========

[2010.09.26 13:47:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kasutaja\Recent
[2010.09.22 19:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010.09.20 16:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.09.20 16:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.09.17 22:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\blinkx Remote Toolbar
[2010.09.17 17:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010.09.17 17:36:50 | 000,081,408 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\devcon_x64.exe
[2010.09.14 21:06:46 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.09.14 20:57:26 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.09.14 20:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Application Data\TuneUp Software
[2010.09.14 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010.09.14 20:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.09.14 20:55:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.09.02 19:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\My Documents\Messenger Plus! logifailid
[2010.08.27 23:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\My Documents\Downloads
[2010.08.26 21:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010.08.11 14:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\My Documents\My Games
[2010.08.11 14:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.08.09 13:59:52 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.09 13:56:41 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.09 13:56:38 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.03 09:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.07.29 16:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.07.29 16:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.07.22 10:17:55 | 000,120,832 | ---- | C] (Infinitus Systems) -- C:\Documents and Settings\Kasutaja\Application Data\notepad.exe
[2010.07.17 14:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Application Data\AVG9
[2010.07.15 10:00:04 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.14 22:21:22 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.14 22:21:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.07.14 22:21:15 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.07.14 22:21:13 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.07.14 22:20:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.07.14 22:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.07.14 21:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010.07.14 20:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.10.03 20:46:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1303643608-1606980848-1003UA.job
[2010.10.03 20:35:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\prvlcl.dat
[2010.10.03 20:28:01 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.03 20:22:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.03 20:19:07 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.03 20:18:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.03 20:18:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.03 19:46:11 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1303643608-1606980848-1003Core.job
[2010.10.03 19:03:04 | 065,597,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.10.02 23:27:06 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\NTUSER.DAT
[2010.10.02 23:27:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kasutaja\ntuser.ini
[2010.10.02 18:22:55 | 009,614,426 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\IconCache.db
[2010.10.02 18:07:47 | 000,623,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.10.01 22:22:53 | 000,500,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.01 22:22:53 | 000,092,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 22:22:52 | 000,584,748 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.24 22:38:13 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Singleplayer.lnk
[2010.09.24 22:38:13 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Multiplayer.lnk
[2010.09.24 22:37:56 | 000,000,253 | ---- | M] () -- C:\WINDOWS\game.ini
[2010.09.24 22:04:39 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010.09.23 21:49:34 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010.09.23 21:49:33 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\Google Chrome.lnk
[2010.09.23 21:33:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\~$Arvuti.doc
[2010.09.19 22:01:07 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.09.14 23:01:07 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.14 23:00:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.27 16:02:10 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.08.27 15:56:30 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.08.12 11:42:43 | 003,668,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 14:18:57 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Heroes of Might and Magic V - Tribes of the East.lnk
[2010.08.09 15:51:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.09 13:59:52 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.09 13:56:41 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.09 13:56:41 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.08 19:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.03 15:06:43 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\Frhed.lnk
[2010.07.24 17:23:46 | 000,044,320 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.22 10:17:55 | 000,120,832 | ---- | M] (Infinitus Systems) -- C:\Documents and Settings\Kasutaja\Application Data\notepad.exe
[2010.07.22 02:42:27 | 000,053,735 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\cglogs.dat
[2010.07.15 10:00:17 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.15 10:00:04 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.15 10:00:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.07.15 09:53:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.07.15 09:53:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.07.14 22:32:10 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.07.14 22:21:24 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010.07.14 22:21:13 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.07.14 22:20:57 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.07.14 22:20:57 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.07.12 22:51:01 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\MTA San Andreas.lnk
[2010.07.11 12:52:08 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.24 22:38:13 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Singleplayer.lnk
[2010.09.24 22:38:13 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Multiplayer.lnk
[2010.09.24 22:37:55 | 000,000,253 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.09.24 22:04:39 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010.09.23 21:33:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kasutaja\Desktop\~$Arvuti.doc
[2010.09.14 22:51:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.08.11 14:18:57 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Heroes of Might and Magic V - Tribes of the East.lnk
[2010.08.09 15:51:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.09 13:59:50 | 000,623,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.08.03 15:06:43 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Desktop\Frhed.lnk
[2010.07.26 01:16:54 | 000,157,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.07.22 23:14:00 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\pagefile.sys
[2010.07.14 22:21:24 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010.07.14 22:21:13 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.07.14 22:20:57 | 065,597,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.07.14 22:20:57 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.07.14 22:20:57 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.07.14 22:20:56 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.06.16 14:33:40 | 000,001,318 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010.06.04 15:43:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2010.06.04 15:43:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2010.05.15 16:19:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010.03.28 12:45:02 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Application Data\drivers.log
[2010.03.22 10:55:12 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Application Data\koxp 1815.exe
[2009.11.09 19:20:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\prvlcl.dat
[2009.10.13 18:52:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.14 18:30:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.09.07 20:38:55 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009.08.31 20:22:50 | 000,000,815 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009.08.01 21:34:53 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.01 21:15:06 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.07.06 20:02:42 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.06 15:20:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.06 14:44:00 | 000,001,631 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2005.07.05 21:54:43 | 000,053,735 | -H-- | C] () -- C:\Documents and Settings\Kasutaja\Application Data\cglogs.dat
[2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996.04.03 22:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.08.09 13:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010.08.10 16:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010.01.18 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
[2009.12.01 00:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.08.01 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010.09.20 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.05.02 12:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010.05.12 23:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010.09.17 17:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009.11.19 21:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010.04.24 22:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2009.11.19 21:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.09.14 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.11.28 12:16:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{39E254E2-D716-411B-B7FA-662E655F99F0}
[2010.05.31 15:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009.09.16 23:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.12.01 18:35:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9B942F8A-65B4-447E-8E88-B9AEA3526FD4}
[2010.05.31 15:38:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010.09.14 20:55:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 21:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Atari
[2010.07.17 14:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\AVG9
[2010.09.24 21:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\BitTorrent
[2010.06.03 23:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\BSplayer
[2009.07.21 23:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\BSplayer Pro
[2010.01.18 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Common Toolkit Suite
[2009.12.03 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\DAEMON Tools Lite
[2009.08.01 21:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\DAEMON Tools Pro
[2010.01.06 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\DMCache
[2009.11.28 11:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Fighters
[2010.02.11 14:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kasutaja\Application Data\IFViewer
[2010.05.02 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\IObit
[2009.12.10 23:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Leadertech
[2009.09.06 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Microgaming
[2009.11.23 16:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\MSNInstaller
[2009.10.15 22:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\My Battle for Middle-earth Files
[2010.04.03 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\My Battle for Middle-earth II Files
[2010.08.26 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\TeamViewer
[2009.10.21 13:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Thinstall
[2010.09.14 20:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\TuneUp Software
[2010.05.31 15:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Uniblue
[2010.05.05 13:19:52 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2010.09.19 22:01:07 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009.07.06 13:01:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.07.06 12:56:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009.07.06 13:01:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009.07.06 13:01:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.07.06 13:01:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.10.03 20:18:40 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.07.06 13:01:17 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.07.06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007.04.09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 13:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010.04.17 01:18:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009.09.11 17:35:41 | 000,001,714 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009.07.06 15:49:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.06 15:49:20 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.06 15:49:20 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009.07.06 13:01:50 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009.07.06 13:08:35 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009.07.06 13:08:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009.07.06 13:08:35 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kasutaja\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010.10.03 20:53:23 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Kasutaja\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007.06.26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2004.02.17 10:51:56 | 001,458,176 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\SmWizard.exe

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >
[2004.02.17 10:51:56 | 001,458,176 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\SmWizard.exe

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010.10.02 23:27:06 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-01 19:26:17

========== Files - Unicode (All) ==========
[2010.09.22 20:22:25 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ø) -- C:\WINDOWS\System32\稰Ø
[2010.09.22 20:22:25 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ø) -- C:\WINDOWS\System32\稰Ø
[2010.08.16 17:39:36 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㔠ô
[2010.08.16 17:39:36 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㔠ô

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >
It only opend 1 notepad??

[Aaron]

Hi

You are using ESET and AVG.
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

Please follow these steps:
============ Step one ============

Run OTL again

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS)
  SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe -- (MyWebSearchService)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Kasutaja\LOCALS~1\Temp\vtayn.sys -- (vtayn)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany)
  IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
  IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll ()
  IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
  FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
  [2009.09.16 16:27:52 | 000,057,344 | ---- | M] (blinkx) -- C:\Program Files\Mozilla Firefox\plugins\np_blinkx_plugin.dll
  [2010.09.17 22:41:39 | 000,001,132 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\blinkxtoolbar.xml
  O2 - BHO: (The blinkx Toolbar) - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_bho.dll ()
  O3 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O4 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003..\Run: [blinkx_toolbar] C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe ()
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
  O7 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
  O7 - HKU\S-1-5-21-1417001333-1303643608-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rundll.exe = "rundll.exe "
  O20 - AppInit_DLLs: (SDLoader.dll) - File not found
  O28 - HKLM ShellExecuteHooks: {68101905-D80F-4788-96F6-98618116178A} - Reg Error: Key error. File not found
  NetSvcs: SSHNAS - C:\WINDOWS\System32\sshnas21.dll File not found
  ActiveX: {H5K80SSF-L6S8-L42S-76Y4-30IQV151633U} -
  ActiveX: {L17VSL2L-WD2S-DW7D-3O30-B267UDHUP01J} - 
  [2010.09.17 22:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\blinkx Remote Toolbar
  [2010.07.22 10:17:55 | 000,120,832 | ---- | C] (Infinitus Systems) -- C:\Documents and Settings\Kasutaja\Application Data\notepad.exe
  [2010.10.03 20:35:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\prvlcl.dat
  [2010.07.22 10:17:55 | 000,120,832 | ---- | M] (Infinitus Systems) -- C:\Documents and Settings\Kasutaja\Application Data\notepad.exe
  [2010.07.22 02:42:27 | 000,053,735 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\cglogs.dat
  [2010.07.22 23:14:00 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\pagefile.sys
  [2010.03.28 12:45:02 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Application Data\drivers.log
  [2010.03.22 10:55:12 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Application Data\koxp 1815.exe
  [2009.11.09 19:20:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\prvlcl.dat
  [2005.07.05 21:54:43 | 000,053,735 | -H-- | C] () -- C:\Documents and Settings\Kasutaja\Application Data\cglogs.dat
  [2010.09.22 20:22:25 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ø) -- C:\WINDOWS\System32\稰Ø
  [2010.09.22 20:22:25 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ø) -- C:\WINDOWS\System32\稰Ø
  [2010.08.16 17:39:36 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㔠ô
  [2010.08.16 17:39:36 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㔠ô
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done and save the log it produces.
• Open OTL again and click the Quick Scan button. Now post the log it produces together with the log you saved from running the fix. Post both logs in your next reply please.

============ Step two ============

Run OTL again:

• Click the None button.
• Set Extra Registry to Use Safelist.
• Then click the Run Scan button at the top
• Let the program run unhindered and post the Extras.txt log it produces in your next reply.

============ Step three ============

Run GMER:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Helger]

OTL logfile created on: 6.10.2010 18:43:49 - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Dowloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy

511,00 Mb Total Physical Memory | 98,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,00 Gb Total Space | 0,67 Gb Free Space | 6,67% Space Free | Partition Type: NTFS
Drive D: | 66,68 Gb Total Space | 18,35 Gb Free Space | 27,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KODUNE-579A7A74
Current User Name: Kasutaja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.10.03 19:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Dowloads\OTL.exe
PRC - [2010.09.29 18:39:08 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.09.20 14:43:37 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.09.20 14:41:08 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010.09.17 21:50:06 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.17 21:50:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.08.09 13:57:42 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.08.09 13:57:34 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.07.15 10:00:06 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.07.15 09:59:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.15 09:53:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.07.15 09:53:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.07.15 09:52:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.04.12 11:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- D:\downloads\PowerISO\PWRISOVM.EXE
PRC - [2010.04.01 12:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\downloads\DAEMON Tools Lite\DTLite.exe
PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.11.16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.10.03 19:29:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Dowloads\OTL.exe
MOD - [2008.04.14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.09.20 14:41:08 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010.08.09 13:57:34 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.07.15 09:59:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.06.30 14:23:12 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.11.16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.10.26 02:06:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.07.11 03:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 03:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008.07.11 03:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.08.09 13:59:52 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010.08.09 13:58:01 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010.08.09 13:57:56 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010.08.09 13:57:50 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010.08.09 13:56:41 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.08.09 13:56:41 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010.07.15 10:00:17 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.15 10:00:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.07.15 09:53:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.07.15 09:53:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.04.28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010.04.12 11:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010.02.21 18:04:01 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010.02.11 15:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.12.01 00:09:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.07 20:38:55 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009.02.26 01:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.04.14 03:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.01.23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.01.23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.01.23 15:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.01.23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.09.24 16:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2001.08.23 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996.04.03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = et
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 60 F0 C9 E6 E3 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.neti.ee/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.09.20 14:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.10.04 18:48:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 23:22:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 22:41:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.09.20 16:37:50 | 000,000,000 | ---D | M]

[2009.07.06 15:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Extensions
[2010.10.04 19:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\extensions
[2010.04.27 20:26:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.15 09:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\extensions\[email protected]
[2010.07.14 22:05:49 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\searchplugins\bing.xml
[2009.11.13 15:32:37 | 000,001,248 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\searchplugins\fl4sh-music-search.xml
[2009.11.23 16:37:25 | 000,001,201 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Mozilla\Firefox\Profiles\hklj20a0.default\searchplugins\winamp-search.xml
[2010.10.06 18:41:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.24 21:47:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 09:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.12 17:45:19 | 000,001,159 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eki-ee.xml
[2010.03.12 17:45:19 | 000,001,960 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\neti-ee.xml
[2010.03.12 17:45:20 | 000,000,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\osta-ee.xml
[2010.03.12 17:45:20 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-et.xml

O1 HOSTS File: ([2010.10.06 17:48:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\downloads\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\downloads\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Lisa ajaveebi - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Lisa see ajaveebi rakenduse Windows Live Writer kaudu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kasutaja\My Documents\My Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kasutaja\My Documents\My Pictures\untitled.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.06 13:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.10.06 17:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Application Data\.minecraft server
[2010.10.06 17:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Application Data\.minecraft
[2010.10.04 16:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\ESET
[2010.09.26 13:47:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kasutaja\Recent
[2010.09.22 19:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010.09.20 16:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.09.20 16:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.09.17 17:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010.09.17 17:36:50 | 000,081,408 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\devcon_x64.exe
[2010.09.14 20:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Application Data\TuneUp Software
[2010.09.14 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010.09.14 20:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.09.14 20:55:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.09.02 19:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\My Documents\Messenger Plus! logifailid
[2010.08.27 23:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\My Documents\Downloads
[2010.08.26 21:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010.08.11 14:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\My Documents\My Games
[2010.08.11 14:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.08.09 13:59:52 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.09 13:56:41 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.09 13:56:38 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.03 09:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.07.29 16:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.07.29 16:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.07.17 14:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasutaja\Application Data\AVG9
[2010.07.15 10:00:04 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.14 22:21:22 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.14 22:21:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.07.14 22:21:15 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.07.14 22:21:13 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.07.14 22:20:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.07.14 22:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.07.14 21:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010.07.14 20:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

========== Files - Modified Within 90 Days ==========

[2010.10.06 18:46:04 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1303643608-1606980848-1003UA.job
[2010.10.06 18:28:01 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.06 17:59:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.06 17:59:48 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.06 17:54:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.06 17:54:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.06 17:52:36 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\NTUSER.DAT
[2010.10.06 17:52:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kasutaja\ntuser.ini
[2010.10.06 17:48:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.10.06 16:13:28 | 065,672,583 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.10.05 19:46:16 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1303643608-1606980848-1003Core.job
[2010.10.04 21:59:02 | 009,614,956 | -H-- | M] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\IconCache.db
[2010.10.03 22:30:24 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.10.02 18:07:47 | 000,623,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.10.01 22:22:53 | 000,500,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.01 22:22:53 | 000,092,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 22:22:52 | 000,584,748 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.24 22:38:13 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Singleplayer.lnk
[2010.09.24 22:38:13 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Multiplayer.lnk
[2010.09.24 22:37:56 | 000,000,253 | ---- | M] () -- C:\WINDOWS\game.ini
[2010.09.24 22:04:39 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010.09.23 21:49:34 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010.09.23 21:49:33 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\Google Chrome.lnk
[2010.09.20 05:54:59 | 000,232,504 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\Minecraft.exe
[2010.09.14 23:01:07 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.14 23:00:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.12 11:42:43 | 003,668,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 14:18:57 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Heroes of Might and Magic V - Tribes of the East.lnk
[2010.08.09 15:51:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.09 13:59:52 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.09 13:56:41 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.09 13:56:41 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.08 19:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.03 15:06:43 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\Frhed.lnk
[2010.07.29 16:52:35 | 000,001,380 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010.07.24 17:23:46 | 000,044,320 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.15 10:00:17 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.15 10:00:04 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.15 10:00:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.07.15 09:53:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.07.15 09:53:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.07.14 22:32:10 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.07.14 22:21:24 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010.07.14 22:21:13 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.07.14 22:20:57 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.07.14 22:20:57 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.07.12 22:51:01 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Kasutaja\Desktop\MTA San Andreas.lnk
[2010.07.11 12:52:08 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010.10.06 17:11:07 | 000,232,504 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Desktop\Minecraft.exe
[2010.09.24 22:38:13 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Singleplayer.lnk
[2010.09.24 22:38:13 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 2 Multiplayer.lnk
[2010.09.24 22:37:55 | 000,000,253 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.09.24 22:04:39 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010.09.14 22:51:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.08.11 14:18:57 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Heroes of Might and Magic V - Tribes of the East.lnk
[2010.08.09 15:51:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.09 13:59:50 | 000,623,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.08.03 15:06:43 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Desktop\Frhed.lnk
[2010.07.26 01:16:54 | 000,157,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.07.14 22:21:24 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010.07.14 22:21:13 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.07.14 22:20:57 | 065,672,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.07.14 22:20:57 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.07.14 22:20:57 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.07.14 22:20:56 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.06.16 14:33:40 | 000,001,318 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010.06.04 15:43:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2010.06.04 15:43:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2010.05.15 16:19:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.10.13 18:52:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.14 18:30:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.09.07 20:38:55 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009.08.31 20:22:50 | 000,000,815 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009.08.01 21:34:53 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.01 21:15:06 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.07.06 20:02:42 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Kasutaja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.06 15:20:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.06 14:44:00 | 000,001,631 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996.04.03 22:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.08.09 13:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010.08.10 16:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010.01.18 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
[2009.12.01 00:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.08.01 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010.09.20 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.05.02 12:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010.05.12 23:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010.09.17 17:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009.11.19 21:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010.04.24 22:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2009.11.19 21:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.09.14 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.11.28 12:16:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{39E254E2-D716-411B-B7FA-662E655F99F0}
[2010.05.31 15:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009.09.16 23:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.12.01 18:35:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9B942F8A-65B4-447E-8E88-B9AEA3526FD4}
[2010.05.31 15:38:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010.09.14 20:55:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.10.06 17:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\.minecraft
[2010.10.06 17:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\.minecraft server
[2010.06.29 21:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Atari
[2010.07.17 14:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\AVG9
[2010.10.06 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\BitTorrent
[2010.06.03 23:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\BSplayer
[2009.07.21 23:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\BSplayer Pro
[2010.01.18 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Common Toolkit Suite
[2009.12.03 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\DAEMON Tools Lite
[2009.08.01 21:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\DAEMON Tools Pro
[2010.01.06 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\DMCache
[2009.11.28 11:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Fighters
[2010.02.11 14:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kasutaja\Application Data\IFViewer
[2010.05.02 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\IObit
[2009.12.10 23:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Leadertech
[2009.09.06 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Microgaming
[2009.11.23 16:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\MSNInstaller
[2009.10.15 22:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\My Battle for Middle-earth Files
[2010.04.03 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\My Battle for Middle-earth II Files
[2010.08.26 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\TeamViewer
[2009.10.21 13:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Thinstall
[2010.09.14 20:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\TuneUp Software
[2010.05.31 15:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasutaja\Application Data\Uniblue
[2010.05.05 13:19:52 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2010.10.03 22:30:24 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >

[Aaron]

Could you please post all the required logs?

[Aaron]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.