Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer keeps crashing

Started by Cindy Pryt , Oct 21 2011 05:42 AM

This topic is locked

#1
Cindy Pryt

Posted 21 October 2011 - 05:42 AM

Member

Member
106 posts

im not sure whats causing it . it just freezes blue screen restarts . goes to fast to see what the blue screen says it just started today , ive scanned but nothing it even crashes in safe mode . did a hijack scan hope this info is what i post

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:39:54 PM, on 21/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Jackpot City Online Casino - 8â0|ãè ã¸—ã `ãpWã@Nã8Aâ`…ã - C:\Microgaming\Casino\JackpotCity\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Royal Vegas Online Casino - {624FB825-D7B1-4CFF-B8D8-AAB0CBB1F81C} - C:\Microgaming\Casino\RoyalVegas\casinogame.exe (HKCU)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaser...diaControl5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 10703 bytes

#2
Essexboy

Posted 21 October 2011 - 02:23 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there Hijackthis is no longer a sensible programme to use for malware analysis as it is so far out of date... So lets have a proper look

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
Cindy Pryt

Posted 22 October 2011 - 12:40 AM

Member

Topic Starter
Member
106 posts

OTL logfile created on: 22/10/2011 2:06:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.72% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 248.95 Gb Total Space | 140.88 Gb Free Space | 56.59% Space Free | Partition Type: NTFS
Drive F: | 216.81 Gb Total Space | 182.68 Gb Free Space | 84.26% Space Free | Partition Type: NTFS

Computer Name: CINDY-47EEDED7D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 14:02:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/09/16 19:42:37 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/08/17 14:50:37 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/01 13:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/22 15:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/11/25 10:59:31 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/25 10:59:31 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/24 17:42:23 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/24 17:42:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/24 17:42:20 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/24 17:42:19 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/24 17:42:18 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/09/24 17:42:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/24 17:42:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/24 17:42:15 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/06 15:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/01/22 15:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/09/24 17:35:32 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/09/24 17:35:32 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\libxml2.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SSHNAS)
SRV - File not found [On_Demand | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/01 13:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/11/25 10:59:31 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/24 17:42:20 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/09/24 17:42:18 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/24 17:42:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/06 15:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2011/09/16 19:42:37 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 20:28:06 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/04/27 14:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/04/01 13:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 13:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/01/22 15:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 15:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 15:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 15:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/09/24 17:42:19 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/09/24 17:42:19 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/09/24 17:42:19 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/09/24 17:42:19 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/09/24 17:42:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/24 17:42:15 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/24 17:35:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/09/24 17:35:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/09/06 15:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/20 18:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 18:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 18:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/01/19 18:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/17 12:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/11/26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/25 01:15:32 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://search.avg.co...u&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@umediaserver.net/UMediaPlayer: C:\Program Files\UnrealMediaPlayer5Plugin\npUMediaPlayer5.dll (C Systems - Creative Software Solutions since 1996)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/11 18:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/17 14:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 13:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/22 13:56:11 | 000,000,000 | ---D | M]

[2010/09/22 21:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/07 12:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions
[2010/11/28 15:49:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 14:04:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/14 19:52:12 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2011/09/06 10:54:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2010/10/03 15:42:14 | 000,000,000 | ---D | M] (Multi Links) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\multilinks@plugin
[2011/09/07 12:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/22 21:33:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2010/10/27 17:23:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 12:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/14 18:15:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/17 14:50:50 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/11 18:09:57 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/10/27 17:23:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\Toolbar\WebBrowser: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab (UMediaPlayer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA469373-52F7-469A-B5B7-CAAC09D8E7FD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/20 11:13:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/20 11:32:00 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{13b97f8c-399d-11e0-80a3-0021979f2aa6}\Shell\AutoRun\command - "" = G:\.\DriveNavi.exe
O33 - MountPoints2\{180929ce-7585-11e0-8165-0021979f2aa6}\Shell - "" = AutoRun
O33 - MountPoints2\{180929ce-7585-11e0-8165-0021979f2aa6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{180929ce-7585-11e0-8165-0021979f2aa6}\Shell\AutoRun\command - "" = G:\DVAP.exe
O33 - MountPoints2\{ea0ff842-c4a4-11df-b1af-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ea0ff842-c4a4-11df-b1af-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea0ff842-c4a4-11df-b1af-806d6172696f}\Shell\AutoRun\command - "" = D:\mdrv7.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 19:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/21 19:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/10/21 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/10/21 17:21:50 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/10/21 17:21:26 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/10/21 17:21:25 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/10/21 17:21:24 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/10/21 17:21:23 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/10/21 17:21:22 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/10/21 17:21:21 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/10/21 17:21:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/10/21 17:21:19 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/10/21 17:21:13 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/10/21 17:20:58 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/10/21 17:20:44 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/10/21 17:20:18 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/10/21 17:20:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/10/21 17:20:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/10/21 17:20:16 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/10/21 17:20:15 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/10/21 17:20:14 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/10/21 17:20:13 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/10/21 17:20:13 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/10/21 17:20:12 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/10/21 17:20:11 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/10/21 17:20:10 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/10/21 17:19:13 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/10/21 17:19:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/10/21 17:19:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/10/21 17:19:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/10/21 17:19:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/10/21 17:19:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/10/21 17:19:10 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/10/21 17:19:10 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/10/21 17:19:09 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/10/21 17:19:08 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/10/21 17:19:08 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/10/21 17:19:07 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/10/21 17:19:06 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/10/21 17:19:06 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/10/21 17:19:05 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/10/21 17:19:05 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/10/21 17:19:04 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/10/21 17:19:04 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/10/21 17:18:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/21 17:18:55 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/10/21 17:18:54 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/10/21 17:18:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/10/21 17:18:53 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/10/21 17:18:53 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/10/21 17:18:52 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/10/21 17:18:52 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/10/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/20 19:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\movies
[2011/10/20 18:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/10/20 17:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Graboid
[2011/10/20 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Graboid_Inc
[2011/10/20 17:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Graboid
[2011/10/20 17:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Geckofx
[2011/10/20 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/20 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/10/19 23:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2011/10/19 21:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2011/10/19 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CD-LabelPrint
[2011/10/18 19:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\you tube video
[2011/10/18 19:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\vivas photos
[2011/10/16 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\flash
[2011/10/16 14:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sylvester
[2011/10/16 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\horse Crazy
[2011/10/16 10:24:18 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/15 11:35:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011/10/15 11:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/10/15 11:29:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/08 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/10/08 15:00:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Application Data\.#
[2011/10/01 16:11:12 | 000,000,000 | ---D | C] -- C:\MGS
[2011/10/01 15:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Royal Vegas Online Casino
[2011/10/01 12:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ma
[2011/09/30 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/09/22 21:14:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/22 14:06:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-299502267-1417001333-1003.job
[2011/10/22 14:06:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-299502267-1417001333-1003.job
[2011/10/22 13:59:18 | 000,662,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/10/22 13:59:17 | 087,676,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/22 13:57:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/10/22 13:53:46 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/10/22 13:53:45 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/10/22 13:53:45 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/10/22 13:53:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 19:40:20 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/10/21 17:47:13 | 000,243,324 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/10/21 17:47:08 | 000,234,667 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/10/21 17:41:43 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2011/10/21 17:38:56 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 17:34:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 17:27:42 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/10/21 17:27:38 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/21 14:45:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 23:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
[2011/10/20 19:26:11 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/10/20 18:08:57 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/20 17:07:11 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Clone2Go Video Converter Professional.lnk
[2011/10/19 21:31:02 | 000,004,500 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/10/18 18:13:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/16 08:46:12 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2011/10/13 21:47:41 | 000,550,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 21:47:41 | 000,101,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/08 18:21:27 | 000,000,323 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/10/08 02:31:26 | 000,000,059 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/10/06 13:58:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/01 15:57:30 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/10/01 15:57:30 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Royal Vegas Online Casino.lnk
[2011/09/23 03:20:20 | 000,000,038 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 19:39:34 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/10/21 17:47:13 | 000,243,324 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/10/21 17:47:08 | 000,234,667 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/10/21 17:34:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 17:27:42 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/10/21 17:27:38 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/21 17:18:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/10/21 17:18:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/10/21 17:18:43 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/10/21 17:18:41 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/10/21 17:18:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/10/21 17:18:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/10/21 17:18:39 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/10/21 17:18:39 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/10/21 17:18:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/10/21 17:18:29 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/16 08:46:12 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2011/10/01 15:55:02 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/10/01 15:55:01 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Royal Vegas Online Casino.lnk
[2011/08/17 15:10:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/17 14:47:53 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 13:27:36 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/13 22:24:50 | 000,307,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/13 21:21:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/06/13 21:21:44 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/05/03 21:01:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\DVAP.set
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/04/14 20:38:12 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/04/07 15:01:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2011/04/07 14:13:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\.zreglib
[2011/04/01 13:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 13:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 13:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 12:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/07 21:46:47 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/02/22 18:21:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2010/12/11 16:38:46 | 000,004,500 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/12/05 14:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/04 19:39:50 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/04 18:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/03 14:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/03 14:23:04 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/10/02 20:59:31 | 000,028,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/25 16:07:00 | 000,252,616 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/25 16:06:59 | 000,252,616 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/25 16:06:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/23 21:08:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/09/23 21:02:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/22 22:13:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/22 21:14:48 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/09/22 21:14:37 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/22 21:14:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/22 21:14:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/22 21:08:08 | 000,000,323 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/09/22 19:23:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2010/09/22 19:23:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\pnpclk.dll
[2010/09/22 10:27:51 | 000,535,624 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/09/22 10:27:51 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/09/22 10:27:51 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/09/20 18:54:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/20 18:50:52 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/20 11:15:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/20 11:08:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/21 04:34:54 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,550,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,101,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/19 21:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/09/22 11:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/22 21:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2011/06/24 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2010/10/26 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/24 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/07 13:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/09/21 18:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/09/21 18:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/10/15 11:29:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/15 11:35:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011/09/21 18:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/09/21 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/09/21 18:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/10/15 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/09/21 18:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2011/09/21 18:48:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/09/21 18:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/03/15 10:32:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/22 18:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/07 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2010/09/22 20:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2010/09/30 12:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/17 15:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2010/09/22 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2011/10/21 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/15 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/11/06 12:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/11/22 19:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/23 14:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2011/06/13 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/06/25 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\starters orders 4
[2011/10/20 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/09/22 21:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2011/08/17 18:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/10/02 20:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/08 15:22:47 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\.#
[2011/02/25 08:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\123 Free Solitaire
[2010/11/24 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2011/09/30 09:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/11/04 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2011/09/21 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2011/10/19 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CD-LabelPrint
[2011/06/24 16:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2011/10/20 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Clone2Go Video Converter Professional
[2011/06/23 14:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlyWheelGames
[2011/10/21 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/08/14 19:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/08/17 15:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2010/09/22 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2011/06/13 21:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2010/09/22 21:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SolSuite
[2010/10/18 13:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unreal Streaming
[2011/10/21 17:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/10/19 20:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/12/23 03:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2011/10/20 23:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\Regwork.job
[2011/10/22 13:57:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/10/22 13:53:46 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/10/22 13:53:45 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/10/22 13:53:45 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 20:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 20:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:ADDDF689
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:7578EF04
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:45FE2B4E

< End of report >

Extras.txt file

OTL Extras logfile created on: 22/10/2011 2:06:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.72% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 248.95 Gb Total Space | 140.88 Gb Free Space | 56.59% Space Free | Partition Type: NTFS
Drive F: | 216.81 Gb Total Space | 182.68 Gb Free Space | 84.26% Space Free | Partition Type: NTFS

Computer Name: CINDY-47EEDED7D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Micro Application\Horse Racing Manager 2\HR.exe" = C:\Program Files\Micro Application\Horse Racing Manager 2\HR.exe:*:Enabled:Horse Racing Manager 2 -- (Cyanide)
"C:\Program Files\Micro Application\Horse Racing Manager 2\AutoRun.exe" = C:\Program Files\Micro Application\Horse Racing Manager 2\AutoRun.exe:*:Enabled:Horse Racing Manager 2 - AutoRun -- (Cyanide)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 4.1.0.0
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.102
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C7C621-44A0-4D31-80D9-D6B0751585BC}_is1" = Mystery Stories
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6 Special Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB099DFB-C7A3-4A4F-AB24-C8ADCC94ABE6}" = Unreal Streaming Media Player v 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0F2EDC5-9312-40A4-BB80-44CB48C47076}" = ADSL MODEM USB Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"123 Free Solitaire" = 123 Free Solitaire
"18 Wheels of Steel: Convoy" = 18 Wheels of Steel: Convoy 1.0
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.1.0.0
"54C387968987D0308E3C2F0A5D723BC3CB8926B9" = Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AnyDVD" = AnyDVD
"Arovax AntiSpyware" = Arovax AntiSpyware 2.1.153
"AVG9Uninstall" = AVG 9.0
"Banana Bugs 1.0" = Banana Bugs 1.0
"Bejeweled Blitz" = Bejeweled Blitz
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner (remove only)
"Clone2Go Video Converter Professional_is1" = Clone2Go Video Converter Professional 1.9.2
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GameCenter" = GameCenter
"Golden Trails - The New Western RushJust For Fun Games" = Golden Trails - The New Western RushJust For Fun Games
"Horse Racing Manager 2" = Horse Racing Manager 2
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IObit Security 360_is1" = IObit Security 360
"IObit SmartDefrag Beta5.01_is1" = IObit SmartDefrag
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Basic)
"Luxor 4 Quest For The Afterlife 1.00" = Luxor 4 Quest For The Afterlife 1.00
"Luxor: Amun Rising" = Luxor: Amun Rising
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Riding Stables 2 - Life with Horses_is1" = My Riding Stables 2 - Life with Horses
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealPlayer 12.0" = RealPlayer
"royalvegas" = Royal Vegas Online Casino
"Trusted Software Assistant_is1" = File Type Assistant
"Tumblebugs" = Tumblebugs
"TVUPlayer" = TVUPlayer 2.5.3.1
"Unreal Media Player Plugin" = Unreal Media Player Plugin
"uTorrent" = µTorrent
"Water Bugs 1.0" = Water Bugs 1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo!7 Toolbar
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/10/2011 4:15:35 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x00016779.

Error - 21/10/2011 4:19:03 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\shell32.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Shell Common Dll because
of this error. Program: Windows Shell Common Dll File: C:\WINDOWS\system32\shell32.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000013 Disk
type: 3

Error - 21/10/2011 4:19:23 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.6072, fault address 0x00120929.

Error - 21/10/2011 4:19:28 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 21/10/2011 4:31:22 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 9.0.0.914, faulting module
avgcfgx.dll, version 9.0.0.855, fault address 0x0008eed7.

Error - 21/10/2011 4:44:43 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x6045c48d.

Error - 21/10/2011 5:10:33 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\All Users\Application
Data\Temp\AVG\avgmfapx.exe for one of the following reasons: there is a problem
with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing. Windows closed the
program avgmfapx.exe because of this error. Program: avgmfapx.exe File: C:\Documents
and Settings\All Users\Application Data\Temp\AVG\avgmfapx.exe The error value is
listed in the Additional Data section. User Action 1. Open the file again. This situation
might be a temporary problem that corrects itself when the program runs again. 2.
If the file still cannot be accessed and - It is on the network, your network administrator
should verify that there is not a problem with the network and that the server
can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM,
verify that the disk is fully inserted into the computer. 3. Check and repair the
file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD,
and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4.
If the problem persists, restore the file from a backup copy. 5. Determine whether
other files on the same disk can be opened. If not, the disk might be damaged.
If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance. Additional Data Error value: C0000013 Disk type: 3

Error - 21/10/2011 5:10:35 AM | Computer Name = CINDY-47EEDED7D | Source = Application Error | ID = 1000
Description = Faulting application avgmfapx.exe, version 12.0.0.1829, faulting module
avgmfapx.exe, version 12.0.0.1829, fault address 0x0002f6c1.

Error - 21/10/2011 5:14:19 AM | Computer Name = CINDY-47EEDED7D | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 21/10/2011 5:40:40 AM | Computer Name = CINDY-47EEDED7D | Source = Microsoft IntelliPoint | ID = 1000
Description =

[ System Events ]
Error - 21/10/2011 7:30:45 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 7:31:47 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 7:32:11 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 7:32:28 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 7:32:45 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 7:39:29 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 8:39:00 AM | Computer Name = CINDY-47EEDED7D | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 21/10/2011 9:24:27 PM | Computer Name = CINDY-47EEDED7D | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 22/10/2011 1:54:29 AM | Computer Name = CINDY-47EEDED7D | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 22/10/2011 1:56:40 AM | Computer Name = CINDY-47EEDED7D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0021979F2AA6 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

the othere sacan

it was the note pad file i cant open a dat file hope its right

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-22 14:17:37
-----------------------------
14:17:37.125 OS Version: Windows 5.1.2600 Service Pack 3
14:17:37.125 Number of processors: 2 586 0x4B02
14:17:37.125 ComputerName: CINDY-47EEDED7D UserName: Owner
14:17:37.859 Initialize success
14:17:53.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
14:17:53.500 Disk 0 Vendor: WDC_WD50 01.0 Size: 476938MB BusType: 1
14:17:53.500 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7eff40e
14:17:53.500 Disk 0 MBR read successfully
14:17:53.500 Disk 0 MBR scan
14:17:53.515 Disk 0 Windows XP default MBR code
14:17:53.515 Disk 0 scanning sectors +976767120
14:17:53.562 Disk 0 scanning C:\WINDOWS\system32\drivers
14:17:56.250 Service scanning
14:17:57.109 Modules scanning
14:18:05.062 Disk 0 trace - called modules:
14:18:05.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
14:18:05.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5039c0]
14:18:05.078 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8a541938]
14:18:05.078 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a533030]
14:18:05.078 Scan finished successfully
14:18:25.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
14:18:25.000 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#4
Essexboy

Posted 22 October 2011 - 04:36 AM

GeekU Moderator

Retired Staff
69,964 posts

The dat file is a raw dump of the MBR data so it will not be able to be opened by you - it is there in case I needed to look at it. You can delete that and aswMBR from the desktop now

On completion of these runs can you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
[2011/10/08 15:00:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Application Data\.#
[2011/10/22 13:57:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/10/22 13:53:46 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/10/22 13:53:45 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/10/22 13:53:45 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#5
Cindy Pryt

Posted 22 October 2011 - 07:02 AM

Member

Topic Starter
Member
106 posts

OTL logfile created on: 22/10/2011 8:58:13 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.76% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 248.95 Gb Total Space | 139.43 Gb Free Space | 56.01% Space Free | Partition Type: NTFS
Drive F: | 216.81 Gb Total Space | 182.69 Gb Free Space | 84.26% Space Free | Partition Type: NTFS

Computer Name: CINDY-47EEDED7D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 14:02:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/10/22 13:56:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 19:42:37 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/08/17 14:50:37 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/01 13:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/22 15:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/11/25 10:59:31 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/25 10:59:31 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/24 17:42:23 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/24 17:42:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/24 17:42:20 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/24 17:42:19 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/24 17:42:18 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/09/24 17:42:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/24 17:42:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/24 17:42:15 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/06 15:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/22 13:56:04 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/01/22 15:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2010/09/24 17:35:32 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/09/24 17:35:32 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\libxml2.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SSHNAS)
SRV - File not found [On_Demand | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/01 13:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/11/25 10:59:31 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/24 17:42:20 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/09/24 17:42:18 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/24 17:42:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/06 15:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2011/09/16 19:42:37 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 20:28:06 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/04/27 14:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/04/01 13:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 13:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/01/22 15:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 15:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 15:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 15:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/09/24 17:42:19 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/09/24 17:42:19 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/09/24 17:42:19 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/09/24 17:42:19 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/09/24 17:42:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/24 17:42:15 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/24 17:35:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/09/24 17:35:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/09/06 15:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/20 18:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 18:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 18:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/01/19 18:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/17 12:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/11/26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/25 01:15:32 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://search.avg.co...u&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@umediaserver.net/UMediaPlayer: C:\Program Files\UnrealMediaPlayer5Plugin\npUMediaPlayer5.dll (C Systems - Creative Software Solutions since 1996)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/11 18:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/17 14:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 13:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/22 13:56:11 | 000,000,000 | ---D | M]

[2010/09/22 21:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/07 12:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions
[2010/11/28 15:49:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 14:04:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/14 19:52:12 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2011/09/06 10:54:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2010/10/03 15:42:14 | 000,000,000 | ---D | M] (Multi Links) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\multilinks@plugin
[2011/09/07 12:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/22 21:33:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2010/10/27 17:23:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 12:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/14 18:15:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/17 14:50:50 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/11 18:09:57 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/10/27 17:23:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/22 20:36:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab (UMediaPlayer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA469373-52F7-469A-B5B7-CAAC09D8E7FD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/20 11:13:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/20 11:32:00 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{13b97f8c-399d-11e0-80a3-0021979f2aa6}\Shell\AutoRun\command - "" = G:\.\DriveNavi.exe
O33 - MountPoints2\{180929ce-7585-11e0-8165-0021979f2aa6}\Shell - "" = AutoRun
O33 - MountPoints2\{180929ce-7585-11e0-8165-0021979f2aa6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{180929ce-7585-11e0-8165-0021979f2aa6}\Shell\AutoRun\command - "" = G:\DVAP.exe
O33 - MountPoints2\{ea0ff842-c4a4-11df-b1af-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ea0ff842-c4a4-11df-b1af-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea0ff842-c4a4-11df-b1af-806d6172696f}\Shell\AutoRun\command - "" = D:\mdrv7.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 20:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 14:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Heartland season 2 part 2
[2011/10/22 14:45:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/10/22 14:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/10/21 19:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/21 19:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/10/21 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/10/21 17:21:50 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/10/21 17:21:26 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/10/21 17:21:25 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/10/21 17:21:24 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/10/21 17:21:23 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/10/21 17:21:22 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/10/21 17:21:21 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/10/21 17:21:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/10/21 17:21:19 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/10/21 17:21:13 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/10/21 17:20:58 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/10/21 17:20:44 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/10/21 17:20:18 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/10/21 17:20:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/10/21 17:20:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/10/21 17:20:16 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/10/21 17:20:15 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/10/21 17:20:14 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/10/21 17:20:13 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/10/21 17:20:13 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/10/21 17:20:12 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/10/21 17:20:11 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/10/21 17:20:10 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/10/21 17:19:13 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/10/21 17:19:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/10/21 17:19:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/10/21 17:19:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/10/21 17:19:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/10/21 17:19:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/10/21 17:19:10 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/10/21 17:19:10 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/10/21 17:19:09 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/10/21 17:19:08 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/10/21 17:19:08 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/10/21 17:19:07 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/10/21 17:19:06 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/10/21 17:19:06 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/10/21 17:19:05 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/10/21 17:19:05 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/10/21 17:19:04 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/10/21 17:19:04 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/10/21 17:18:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/21 17:18:55 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/10/21 17:18:54 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/10/21 17:18:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/10/21 17:18:53 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/10/21 17:18:53 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/10/21 17:18:52 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/10/21 17:18:52 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/10/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/20 18:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/10/20 17:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Graboid
[2011/10/20 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Graboid_Inc
[2011/10/20 17:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Graboid
[2011/10/20 17:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Geckofx
[2011/10/20 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/20 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/10/19 23:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2011/10/19 21:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2011/10/19 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CD-LabelPrint
[2011/10/18 19:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\you tube video
[2011/10/18 19:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\vivas photos
[2011/10/16 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\flash
[2011/10/16 14:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sylvester
[2011/10/16 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\horse Crazy
[2011/10/16 10:24:18 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/15 11:35:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011/10/15 11:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/10/15 11:29:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/08 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/10/01 16:11:12 | 000,000,000 | ---D | C] -- C:\MGS
[2011/10/01 15:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Royal Vegas Online Casino
[2011/10/01 12:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ma
[2011/09/30 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/09/22 21:14:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/10/22 21:00:27 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-299502267-1417001333-1003.job
[2011/10/22 21:00:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-299502267-1417001333-1003.job
[2011/10/22 20:55:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/22 20:36:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/22 20:15:59 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/10/22 15:04:54 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 13:59:18 | 000,662,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/10/22 13:59:17 | 087,676,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/21 19:40:20 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/10/21 17:47:13 | 000,243,324 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/10/21 17:47:08 | 000,234,667 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/10/21 17:41:43 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2011/10/21 17:38:56 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 17:34:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 17:27:38 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/21 14:45:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 23:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
[2011/10/20 17:07:11 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Clone2Go Video Converter Professional.lnk
[2011/10/19 21:31:02 | 000,004,500 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/10/18 18:13:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/16 08:46:12 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2011/10/13 21:47:41 | 000,550,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 21:47:41 | 000,101,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/08 18:21:27 | 000,000,323 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/10/08 02:31:26 | 000,000,059 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/10/06 13:58:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/01 15:57:30 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/10/01 15:57:30 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Royal Vegas Online Casino.lnk
[2011/09/23 03:20:20 | 000,000,038 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

========== Files Created - No Company Name ==========

[2011/10/21 19:39:34 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/10/21 17:47:13 | 000,243,324 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/10/21 17:47:08 | 000,234,667 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/10/21 17:34:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 17:27:38 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/21 17:18:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/10/21 17:18:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/10/21 17:18:43 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/10/21 17:18:41 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/10/21 17:18:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/10/21 17:18:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/10/21 17:18:39 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/10/21 17:18:39 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/10/21 17:18:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/10/21 17:18:29 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/16 08:46:12 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2011/10/01 15:55:02 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/10/01 15:55:01 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Royal Vegas Online Casino.lnk
[2011/08/17 15:10:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/17 14:47:53 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 13:27:36 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/13 22:24:50 | 000,307,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/13 21:21:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/06/13 21:21:44 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/05/03 21:01:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\DVAP.set
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/04/14 20:38:12 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/04/07 15:01:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2011/04/07 14:13:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\.zreglib
[2011/04/01 13:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 13:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 13:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 12:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/07 21:46:47 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/02/22 18:21:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2010/12/11 16:38:46 | 000,004,500 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/12/05 14:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/04 19:39:50 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/04 18:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/03 14:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/03 14:23:04 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/10/02 20:59:31 | 000,028,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/25 16:07:00 | 000,252,616 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/25 16:06:59 | 000,252,616 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/25 16:06:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/23 21:08:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/09/23 21:02:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/22 22:13:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/22 21:14:48 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/09/22 21:14:37 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/22 21:14:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/22 21:14:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/22 21:08:08 | 000,000,323 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/09/22 19:23:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2010/09/22 19:23:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\pnpclk.dll
[2010/09/22 10:27:51 | 000,535,624 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/09/22 10:27:51 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/09/22 10:27:51 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/09/20 18:54:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/20 18:50:52 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/20 11:15:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/20 11:08:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/21 04:34:54 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,550,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,101,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/19 21:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/09/22 11:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/22 21:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2011/06/24 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2010/10/26 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/24 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/07 13:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/09/21 18:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/09/21 18:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/10/15 11:29:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/15 11:35:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011/09/21 18:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/09/21 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/09/21 18:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/10/15 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/09/21 18:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2011/09/21 18:48:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/09/21 18:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/03/15 10:32:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/22 18:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/07 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2010/09/22 20:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2011/10/22 14:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/17 15:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2010/09/22 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2011/10/21 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/15 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/11/06 12:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/11/22 19:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/23 14:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2011/06/13 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/06/25 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\starters orders 4
[2011/10/20 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/09/22 21:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2011/08/17 18:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/10/02 20:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/25 08:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\123 Free Solitaire
[2010/11/24 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2011/09/30 09:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/11/04 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2011/09/21 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2011/10/19 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CD-LabelPrint
[2011/06/24 16:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2011/10/20 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Clone2Go Video Converter Professional
[2011/06/23 14:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlyWheelGames
[2011/10/21 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/08/14 19:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/08/17 15:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2010/09/22 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2011/06/13 21:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2010/09/22 21:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SolSuite
[2010/10/18 13:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unreal Streaming
[2011/10/22 15:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/10/22 18:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/12/23 03:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2011/10/20 23:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\Regwork.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:ADDDF689
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:7578EF04
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:45FE2B4E

< End of report >

#6
Essexboy

Posted 22 October 2011 - 07:09 AM

GeekU Moderator

Retired Staff
69,964 posts

Once MBAM has completed could you let me know if the crashes still occur

#7
Cindy Pryt

Posted 22 October 2011 - 07:12 AM

Member

Topic Starter
Member
106 posts

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7999

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/10/2011 9:11:37 PM
mbam-log-2011-10-22 (21-11-37).txt

Scan type: Quick scan
Objects scanned: 163050
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\my documents\downloads\royalvegas.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\my documents\downloads\jackpotcity.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

#8
Cindy Pryt

Posted 22 October 2011 - 07:17 AM

Member

Topic Starter
Member
106 posts

okay i will have to try and burn a disc it normaly crashes after 10 15 min ill post again

#9
Essexboy

Posted 22 October 2011 - 07:19 AM

GeekU Moderator

Retired Staff
69,964 posts

If it does could you make a note of any data shown on the screen, also do you have any minidump files in C:\Windows\minidumps ?

#10
Cindy Pryt

Posted 23 October 2011 - 12:21 AM

Member

Topic Starter
Member
106 posts

hi i crashed again you can read what the blue screen says goes to fast the computer freezes and than shuts down and re starts ??
but no erro message be for it came up with dr watson message ?? would it be my anti virs i have avg paid version or would it be my computer runing on 64bit not the normal 32 ? i cant run a scan now because it says im not on the 32bit

#11
Cindy Pryt

Posted 23 October 2011 - 12:25 AM

Member

Topic Starter
Member
106 posts

no cant find any minidumps files

#12
Cindy Pryt

Posted 23 October 2011 - 01:20 AM

Member

Topic Starter
Member
106 posts

this error came up when im trying to convert a clip to dvd

windows// system32 Isass.exe it had windows will shut down in 50 seconds i didnt get it all ,

is there any way i can restore my computer with out loosing every thing on my hard drive if the problem cant be fixed ?

Edited by Cindy Pryt, 23 October 2011 - 01:31 AM.

#13
Essexboy

Posted 23 October 2011 - 05:48 AM

GeekU Moderator

Retired Staff
69,964 posts

We will run one more programme to see if we can fix it.. If that fails then we will look at a repair install (this will keep alll your files)

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts. Allow Combofix to install the recovery console

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now