Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer keeps crashing


  • This topic is locked This topic is locked

#61
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is due to the recovery console and is an easy fix. What we will do next is determine whther there is a devioce conflict causing the problem

Right click "my computer" and select properties
When the tab opens select advanced
Remove the ticks from time to display operating systems

The screenshots are from windows 7 but are similar to XP



SERVICE INVESTIGATION

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.


Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem
  • 0

Advertisements


#62
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Just crashed again :)
  • 0

#63
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I'll try the msconfig tomorrow and the other stuff later today it . 1am going to bed lol
  • 0

#64
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At what stage did it crash

Lets check the main hardware first, then check the devices after that

Sleep tight :)

Please download SINO by Artellos.

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:
    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Event Log
    Ipconfig
    Ping
    Netstat
    Hosts file
    Shares
    Routing Table
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.
  • 0

#65
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
9% about 17 min . In to defragment
  • 0

#66
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok see you tommorow :)
  • 0

#67
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
System Investigator by Olrik
Log Created On: 1528_25-10-2011
SINO Version: 3.1.0.0

Total RAM: 2046 MB | Free RAM: 1329 MB | Pagefile Size: 3939 MB
A: | None | 3 1/2 Inch Floppy Drive
C: | 143471 MB out of 254928 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc
F: | 187073 MB out of 222008 MB Free | Local Fixed Disk

<<<< System Information >>>>

Computer Name: CINDY-47EEDED7D
Username: Owner
Language Setting: ENA
Windows Directory: C:\WINDOWS
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[SYSTEM] - Process ID: 4
[C:\WINDOWS\System32\smss.exe] - Process ID: 684
[csrss.exe] - Process ID: 944
[C:\WINDOWS\system32\winlogon.exe] - Process ID: 976
[C:\WINDOWS\system32\services.exe] - Process ID: 1028
[C:\WINDOWS\system32\lsass.exe] - Process ID: 1040
[C:\WINDOWS\system32\nvsvc32.exe] - Process ID: 1220
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1300
[svchost.exe] - Process ID: 1348
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1444
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1488
[svchost.exe] - Process ID: 1584
[C:\WINDOWS\system32\spoolsv.exe] - Process ID: 1812
[C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe] - Process ID: 1864
[C:\WINDOWS\Explorer.EXE] - Process ID: 1964
[C:\WINDOWS\RTHDCPL.EXE] - Process ID: 404
[C:\Program Files\Microsoft IntelliPoint\ipoint.exe] - Process ID: 416
[C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe] - Process ID: 488
[C:\WINDOWS\system32\RUNDLL32.EXE] - Process ID: 496
[C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe] - Process ID: 596
[C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe] - Process ID: 612
[C:\WINDOWS\system32\ctfmon.exe] - Process ID: 664
[C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe] - Process ID: 924
[C:\Program Files\Bonjour\mDNSResponder.exe] - Process ID: 1760
[C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe] - Process ID: 1848
[C:\WINDOWS\system32\FsUsbExService.Exe] - Process ID: 260
[C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE] - Process ID: 1992
[C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe] - Process ID: 528
[C:\Program Files\Java\jre6\bin\jqs.exe] - Process ID: 520
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1736
[C:\WINDOWS\System32\svchost.exe] - Process ID: 2292
[C:\Program Files\CyberLink\Shared Files\RichVideo.exe] - Process ID: 2344
[C:\WINDOWS\system32\svchost.exe] - Process ID: 2376
[svchost.exe] - Process ID: 3100
[alg.exe] - Process ID: 3260
[C:\Program Files\Mozilla Firefox\firefox.exe] - Process ID: 2696
[C:\Program Files\AVG\AVG2012\avgwdsvc.exe] - Process ID: 3860
[C:\Program Files\AVG\AVG2012\avgrsx.exe] - Process ID: 2420
[C:\Program Files\AVG\AVG2012\avgcsrvx.exe] - Process ID: 620
[C:\Program Files\AVG\AVG2012\avgtray.exe] - Process ID: 3232
[C:\Program Files\Mozilla Firefox\plugin-container.exe] - Process ID: 3748
[C:\DOCUME~1\Owner\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 888
[wmiprvse.exe] - Process ID: 3320

<<<< Startup Items >>>>

[RTHDCPL] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - RTHDCPL.EXE
[IntelliPoint] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
[EaseUs Watch] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
[NvMediaCenter] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[nwiz] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
[NvCplDaemon] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[CanonMyPrinter] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
[CanonSolutionMenuEx] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
[AVG_TRAY] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\AVG\AVG2012\avgtray.exe"
[ctfmon.exe] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\ctfmon.exe

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\alg.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
HID Input Service (HidServ) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
Pml Driver HPZ12 (Pml Driver HPZ12) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HPZ12
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Background Intelligent Transfer Service (BITS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k eapsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Help and Support (helpsvc) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\imapi.exe
TCP/IP NetBIOS Helper (LmHosts) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\SCardSvr.exe
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{F44EDC71-C694-4C94-AAEF-D202CF2EB3ED}
Performance Logs and Alerts (SysmonLog) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\smlogsvc.exe
Distributed Link Tracking Client (TrkWks) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\vssvc.exe
WebClient (WebClient) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

Advanced SystemCare Service (AdvancedSystemCareService) - Running [Auto | Stoppable | Pausable] - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
AVG WatchDog (avgwd) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\AVG\AVG2012\avgwdsvc.exe"
Bonjour Service (Bonjour Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Bonjour\mDNSResponder.exe"
EASEUS Agent (EASEUS Agent) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
FsUsbExService (FsUsbExService) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\FsUsbExService.Exe
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
InCD Helper (InCDsrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Java Quick Starter (JavaQuickStarterService) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Net Driver HPZ12 (Net Driver HPZ12) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HPZ12
NVIDIA Display Driver Service (nvsvc) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\nvsvc32.exe
Cyberlink RichVideo Service(CRVS) (RichVideo) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
UMVPFSrv (UMVPFSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
ArcSoft Connect Daemon (ACDaemon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
iPod Service (iPod Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\iPod\bin\iPodService.exe"
NBService (NBService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
NMIndexingService (NMIndexingService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k WINRM

<<<< Boot.ini >>>>

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: CINDY-47EEDED7D | ID: 1004 | Source: Application Error | Type: Error | Date: 24-10-11 22:46:0 | Log: Application
Message: Faulting application lsass.exe, version 5.1.2600.5512, faulting module oakley.dll, version 5.1.2600.5886, fault address 0x00003283.


Computer Name: CINDY-47EEDED7D | ID: 1015 | Source: Winlogon | Type: Error | Date: 24-10-11 22:43:20 | Log: Application
Message: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000006. The machine

must now be restarted.


Computer Name: CINDY-47EEDED7D | ID: 1000 | Source: Application Error | Type: Error | Date: 24-10-11 22:42:47 | Log: Application
Message: Faulting application lsass.exe, version 5.1.2600.5512, faulting module oakley.dll, version 5.1.2600.5886, fault address 0x00003283.


Computer Name: CINDY-47EEDED7D | ID: 1005 | Source: Application Error | Type: Error | Date: 24-10-11 22:42:39 | Log: Application
Message: Windows cannot access the file C:\WINDOWS\system32\oakley.dll for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program Oakley Key Manager because of this error.



Program: Oakley Key Manager

File: C:\WINDOWS\system32\oakley.dll



The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: C0000013

Disk type: 3


Computer Name: CINDY-47EEDED7D | ID: 1015 | Source: MsiInstaller | Type: Warning | Date: 24-10-11 22:19:34 | Log: Application
Message: Failed to connect to server. Error: 0x800401F0


<<<< Last 5 System Errors or Warnings >>>>

Computer Name: CINDY-47EEDED7D | ID: 1002 | Source: Dhcp | Type: Error | Date: 25-10-11 15:10:5 | Log: System
Message: The IP address lease 192.168.2.2 for the Network Card with network address 0021979F2AA6 has been

denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).


Computer Name: CINDY-47EEDED7D | ID: 7023 | Source: Service Control Manager | Type: Error | Date: 25-10-11 15:9:5 | Log: System
Message: The Help and Support service terminated with the following error:

%%126


Computer Name: CINDY-47EEDED7D | ID: 7023 | Source: Service Control Manager | Type: Error | Date: 25-10-11 0:59:50 | Log: System
Message: The Help and Support service terminated with the following error:

%%126


Computer Name: CINDY-47EEDED7D | ID: 51 | Source: Disk | Type: Warning | Date: 25-10-11 0:50:7 | Log: System
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.


Computer Name: CINDY-47EEDED7D | ID: 51 | Source: Disk | Type: Warning | Date: 25-10-11 0:50:7 | Log: System
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.


<<<< Special Events >>>>

There were no special events found

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : cindy-47eeded7d
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : edimax.com

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . : edimax.com
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-9F-2A-A6
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : Tuesday, 25 October 2011 3:28:29 PM
Lease Expires . . . . . . . . . . : Tuesday, 25 October 2011 3:30:09 PM


<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:
Response - 218ms
Response - 219ms
Response - 217ms
Response - 219msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 217ms - Maximum = 219ms

OpenDNS IP Test
Pinging to 208.69.38.150 [208.69.38.150]:
Response - 218ms
Response - 219ms
Response - 202ms
Response - 219msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 202ms - Maximum = 219ms

Kaspersky Domain Test
Pinging to www.kaspersky.com [212.5.89.20]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms

Kaspersky IP Test
Pinging to 195.27.181.10 [195.27.181.10]:
Response - 359ms
Response - 359ms
Response - 358ms
Response - 358msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 358ms - Maximum = 359ms

YouTube Domain Test
Pinging to www.youtube.com [74.125.237.44]:
Response - 78ms
Response - 62ms
Response - 78ms
Response - 78msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 62ms - Maximum = 78ms

YouTube IP Test
Pinging to 66.102.9.136 [66.102.9.136]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:
Response - 0ms
Response - 0ms
Response - 0ms
Response - 0msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1348
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING 3260
[alg.exe]

TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 520
[jqs.exe]

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 1760
[mDNSResponder.exe]

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 924
[AppleMobileDeviceService.exe]

TCP 192.168.2.2:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1057 127.0.0.1:1058 ESTABLISHED 2696
[firefox.exe]

TCP 127.0.0.1:1058 127.0.0.1:1057 ESTABLISHED 2696
[firefox.exe]

TCP 127.0.0.1:1060 127.0.0.1:1061 ESTABLISHED 2696
[firefox.exe]

TCP 127.0.0.1:1061 127.0.0.1:1060 ESTABLISHED 2696
[firefox.exe]

TCP 192.168.2.2:1376 74.125.237.50:80 ESTABLISHED 2696
[firefox.exe]

TCP 192.168.2.2:1377 74.125.237.48:80 ESTABLISHED 2696
[firefox.exe]

TCP 192.168.2.2:1336 74.125.237.50:80 TIME_WAIT 0
TCP 192.168.2.2:1340 64.233.183.95:80 TIME_WAIT 0
TCP 192.168.2.2:1342 74.125.237.14:80 TIME_WAIT 0
TCP 192.168.2.2:1352 184.86.223.19:80 TIME_WAIT 0
TCP 192.168.2.2:1353 74.125.237.60:80 TIME_WAIT 0
TCP 192.168.2.2:1354 64.233.183.141:80 TIME_WAIT 0
TCP 192.168.2.2:1355 74.125.237.7:443 TIME_WAIT 0
TCP 192.168.2.2:1358 74.125.237.58:80 TIME_WAIT 0
TCP 192.168.2.2:1359 74.125.237.58:80 TIME_WAIT 0
TCP 192.168.2.2:1363 184.86.223.66:80 TIME_WAIT 0
TCP 192.168.2.2:1364 74.125.237.14:80 TIME_WAIT 0
TCP 192.168.2.2:1365 184.86.223.25:80 TIME_WAIT 0
TCP 192.168.2.2:1366 74.125.237.60:80 TIME_WAIT 0
TCP 192.168.2.2:1373 69.163.234.194:80 TIME_WAIT 0
UDP 0.0.0.0:1027 *:* 1760
[mDNSResponder.exe]

UDP 0.0.0.0:4500 *:* 1040
[lsass.exe]

UDP 0.0.0.0:500 *:* 1040
[lsass.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:1026 *:* 924
[AppleMobileDeviceService.exe]

UDP 127.0.0.1:1025 *:* 924
[AppleMobileDeviceService.exe]

UDP 127.0.0.1:1900 *:* 3100
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 1444
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.2.2:137 *:* 4
[System]

UDP 192.168.2.2:138 *:* 4
[System]

UDP 192.168.2.2:1900 *:* 3100
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.2.2:5353 *:* 1760
[mDNSResponder.exe]

UDP 192.168.2.2:123 *:* 1444
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]


<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 97 9f 2a a6 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
69.171.229.12 255.255.255.255 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.2 192.168.2.2 20
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Hosts File >>>>

The HOSTS file is 27 Bytes in size.

There were 0 lines which refer to an external IP address.

<<<< Active Shares >>>>

Share: IPC$ - Path:


------ End of File ------
  • 0

#68
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is referencing an error in the oakley.dll which is concerned with cd burning and reading

First we will run a check disc and then see if we can locate that file

Dakeyras has a nice little tutorial on it here

Then run OTL with the following custom scan please

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    /md5start
    oakley.*
    /md5stop
  • Then click scan

  • 0

#69
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
OTL logfile created on: 26/10/2011 9:04:39 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.33% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 248.95 Gb Total Space | 139.39 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
Drive F: | 216.81 Gb Total Space | 182.69 Gb Free Space | 84.26% Space Free | Partition Type: NTFS

Computer Name: CINDY-47EEDED7D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 14:02:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/10/22 13:56:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/01 13:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/22 15:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/09/06 15:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/22 13:56:04 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/01/22 15:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2010/11/15 15:38:14 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2010/02/06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\libxml2.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/01 13:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/09/06 15:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/04/05 18:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/04/27 14:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/04/01 13:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 13:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/01/22 15:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 15:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 15:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 15:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/09/06 15:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/20 18:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 18:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 18:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/01/19 18:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/17 12:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/11/26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/25 01:15:32 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://search.avg.co...u&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@umediaserver.net/UMediaPlayer: C:\Program Files\UnrealMediaPlayer5Plugin\npUMediaPlayer5.dll (C Systems - Creative Software Solutions since 1996)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 13:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/22 13:56:11 | 000,000,000 | ---D | M]

[2010/09/22 21:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/07 12:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions
[2010/11/28 15:49:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 14:04:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/14 19:52:12 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2011/09/06 10:54:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2010/10/03 15:42:14 | 000,000,000 | ---D | M] (Multi Links) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ma0jul6.default\extensions\[email protected]
[2011/09/07 12:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/22 21:33:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2010/10/27 17:23:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 12:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/14 18:15:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.avg.co...US&iy=&ychte=au
CHR - default_search_provider: suggest_url = http://suggestquerie...q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Unreal Media Player Plugin (Enabled) = C:\Program Files\UnrealMediaPlayer5Plugin\npUMediaPlayer5.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\

O1 HOSTS File: ([2011/10/23 22:01:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-299502267-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab (UMediaPlayer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA469373-52F7-469A-B5B7-CAAC09D8E7FD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/20 11:13:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found
NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 16:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/10/26 11:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/10/26 11:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2011/10/26 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/10/26 11:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\mypcdrivers
[2011/10/26 11:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\MyPCDrivers
[2011/10/26 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyPCDrivers
[2011/10/26 10:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2011/10/26 10:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/10/25 15:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sinos
[2011/10/24 22:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/10/24 22:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/24 22:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/24 22:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/10/24 22:16:14 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/10/24 21:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2011/10/24 21:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/24 21:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2011/10/23 22:46:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/23 21:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/23 21:49:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/23 20:30:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/23 20:21:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/23 20:21:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/23 20:21:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/23 20:21:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/23 20:20:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/23 20:20:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 20:09:52 | 004,269,423 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/23 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2011/10/22 21:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/10/22 21:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 21:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/22 21:07:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/22 21:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 20:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 14:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Heartland season 2 part 2
[2011/10/22 14:45:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/10/22 14:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/10/21 19:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/21 19:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/10/21 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/10/21 17:21:51 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/10/21 17:21:50 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/10/21 17:21:49 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/10/21 17:21:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/10/21 17:21:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/10/21 17:21:45 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/10/21 17:21:44 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/10/21 17:21:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/10/21 17:21:37 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/10/21 17:21:36 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/10/21 17:21:34 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/10/21 17:21:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011/10/21 17:21:32 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011/10/21 17:21:31 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/10/21 17:21:30 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011/10/21 17:21:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011/10/21 17:21:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/10/21 17:21:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/10/21 17:21:26 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/10/21 17:21:26 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/10/21 17:21:25 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/10/21 17:21:24 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/10/21 17:21:23 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/10/21 17:21:22 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/10/21 17:21:21 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/10/21 17:21:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/10/21 17:21:19 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/10/21 17:21:19 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/10/21 17:21:18 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/10/21 17:21:17 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/10/21 17:21:16 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/10/21 17:21:15 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/10/21 17:21:14 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/10/21 17:21:13 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/10/21 17:21:10 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/10/21 17:21:10 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/10/21 17:21:09 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/10/21 17:21:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/10/21 17:21:01 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/10/21 17:21:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/10/21 17:20:58 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/10/21 17:20:58 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011/10/21 17:20:57 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/10/21 17:20:56 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/10/21 17:20:56 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011/10/21 17:20:55 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011/10/21 17:20:54 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011/10/21 17:20:54 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011/10/21 17:20:45 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/10/21 17:20:44 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/10/21 17:20:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/10/21 17:20:19 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2011/10/21 17:20:18 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/10/21 17:20:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/10/21 17:20:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/10/21 17:20:16 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/10/21 17:20:15 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/10/21 17:20:14 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/10/21 17:20:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/10/21 17:20:13 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/10/21 17:20:13 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/10/21 17:20:12 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/10/21 17:20:11 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/10/21 17:20:10 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/10/21 17:20:07 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/10/21 17:20:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/10/21 17:20:06 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/10/21 17:20:06 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/10/21 17:20:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/10/21 17:20:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/10/21 17:20:04 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/10/21 17:20:04 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/10/21 17:20:03 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/10/21 17:19:16 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2011/10/21 17:19:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011/10/21 17:19:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/10/21 17:19:15 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2011/10/21 17:19:15 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2011/10/21 17:19:14 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2011/10/21 17:19:13 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/10/21 17:19:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/10/21 17:19:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/10/21 17:19:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/10/21 17:19:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/10/21 17:19:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/10/21 17:19:10 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/10/21 17:19:10 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/10/21 17:19:09 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/10/21 17:19:08 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/10/21 17:19:08 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/10/21 17:19:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/10/21 17:19:07 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/10/21 17:19:06 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/10/21 17:19:06 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/10/21 17:19:05 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/10/21 17:19:05 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/10/21 17:19:04 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/10/21 17:19:04 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/10/21 17:19:02 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/10/21 17:18:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/21 17:18:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/10/21 17:18:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/10/21 17:18:57 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/10/21 17:18:57 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/10/21 17:18:57 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/10/21 17:18:55 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/10/21 17:18:55 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/10/21 17:18:54 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/10/21 17:18:54 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/10/21 17:18:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/10/21 17:18:53 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/10/21 17:18:53 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/10/21 17:18:52 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/10/21 17:18:52 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/10/21 17:18:51 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/10/21 17:18:51 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/10/21 17:18:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/10/21 17:18:48 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2011/10/21 17:18:48 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2011/10/21 17:18:47 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2011/10/21 17:18:46 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2011/10/21 17:18:45 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2011/10/21 17:18:43 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011/10/21 17:18:42 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011/10/21 17:18:41 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011/10/21 17:18:40 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011/10/21 17:18:38 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/10/21 17:18:38 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/10/21 17:18:37 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011/10/21 17:18:36 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011/10/21 17:18:36 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011/10/21 17:18:35 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011/10/21 17:18:34 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011/10/21 17:18:33 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011/10/21 17:18:33 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011/10/21 17:18:33 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011/10/21 17:18:33 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011/10/21 17:18:32 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/10/21 17:18:32 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011/10/21 17:18:31 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/10/21 17:18:31 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/10/21 17:18:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/10/21 17:18:30 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/10/21 17:18:30 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/10/21 17:18:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/10/21 17:18:28 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011/10/21 17:18:28 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011/10/21 17:18:27 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011/10/21 17:18:26 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011/10/21 17:18:26 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011/10/21 17:18:25 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011/10/21 17:18:25 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011/10/21 17:18:25 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011/10/21 17:18:24 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011/10/21 17:18:23 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011/10/21 17:18:23 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011/10/21 17:18:23 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011/10/21 17:18:22 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011/10/21 17:18:22 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011/10/21 17:18:22 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011/10/21 17:18:21 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011/10/21 17:18:20 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011/10/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/20 18:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/10/20 17:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Graboid
[2011/10/20 17:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Geckofx
[2011/10/20 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/19 23:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2011/10/19 21:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2011/10/19 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CD-LabelPrint
[2011/10/18 19:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\you tube video
[2011/10/18 19:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\vivas photos
[2011/10/16 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\flash
[2011/10/16 14:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sylvester
[2011/10/16 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\horse Crazy
[2011/10/15 11:35:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011/10/15 11:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/10/15 11:29:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/08 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/10/01 16:11:12 | 000,000,000 | ---D | C] -- C:\MGS
[2011/10/01 15:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Royal Vegas Online Casino
[2011/10/01 12:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Music
[2011/09/30 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/09/22 21:14:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/10/26 20:56:17 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-299502267-1417001333-1003.job
[2011/10/26 20:56:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 19:25:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-299502267-1417001333-1003UA.job
[2011/10/26 18:07:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-299502267-1417001333-1003.job
[2011/10/26 16:25:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-299502267-1417001333-1003Core.job
[2011/10/26 16:23:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/10/26 16:23:23 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/26 13:07:20 | 000,004,500 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/10/26 11:08:53 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/10/26 11:02:02 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyPCDrivers.lnk
[2011/10/26 10:58:29 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/10/26 10:37:51 | 107,326,893 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/25 20:35:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 15:24:09 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/10/25 15:15:41 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/23 23:29:10 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/10/23 23:17:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/23 22:01:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/23 20:10:40 | 004,269,423 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/23 13:19:52 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 21:07:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/21 19:40:20 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/10/21 17:47:13 | 000,243,324 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/10/21 17:47:08 | 000,234,667 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/10/21 17:41:43 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/10/21 17:38:56 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 17:34:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 17:27:38 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/20 23:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
[2011/10/20 17:07:11 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Clone2Go Video Converter Professional.lnk
[2011/10/13 21:47:41 | 000,550,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 21:47:41 | 000,101,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/08 18:21:27 | 000,000,323 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/10/08 02:31:26 | 000,000,059 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/10/06 13:58:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/03 16:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/01 15:57:30 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/10/01 15:57:30 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Royal Vegas Online Casino.lnk

========== Files Created - No Company Name ==========

[2011/10/26 16:21:31 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/10/26 16:21:31 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/26 16:20:46 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-299502267-1417001333-1003UA.job
[2011/10/26 16:20:46 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-299502267-1417001333-1003Core.job
[2011/10/26 11:08:53 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/10/26 11:08:53 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/10/26 11:02:02 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyPCDrivers.lnk
[2011/10/26 10:58:29 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/10/26 10:37:51 | 107,326,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/24 22:22:59 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/23 22:48:12 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/10/23 20:30:57 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/10/23 20:30:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/23 20:21:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/23 20:21:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/23 20:21:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/23 20:21:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/23 20:21:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/22 21:07:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/21 19:39:34 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/10/21 17:47:13 | 000,243,324 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/10/21 17:47:08 | 000,234,667 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/10/21 17:34:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 17:27:38 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/21 17:18:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/10/21 17:18:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/10/21 17:18:43 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/10/21 17:18:41 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/10/21 17:18:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/10/21 17:18:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/10/21 17:18:39 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/10/21 17:18:39 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/10/21 17:18:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/10/21 17:18:29 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/01 15:55:02 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/10/01 15:55:01 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Royal Vegas Online Casino.lnk
[2011/08/17 15:10:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/17 14:47:53 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 13:27:36 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/13 22:24:50 | 000,307,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/13 21:21:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/06/13 21:21:44 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/05/03 21:01:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\DVAP.set
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/04/14 20:38:12 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/04/07 15:01:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2011/04/07 14:13:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\.zreglib
[2011/04/01 13:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 13:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 13:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 12:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/07 21:46:47 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/02/22 18:21:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2010/12/11 16:38:46 | 000,004,500 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/12/05 14:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/04 19:39:50 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/04 18:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/03 14:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/03 14:23:04 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/10/02 20:59:31 | 000,028,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/25 16:07:00 | 000,252,616 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/25 16:06:59 | 000,252,616 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/25 16:06:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/23 21:08:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/09/23 21:02:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/22 22:13:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/22 21:14:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/22 21:14:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/22 21:08:08 | 000,000,323 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/09/22 19:23:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2010/09/22 19:23:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\pnpclk.dll
[2010/09/22 10:27:51 | 000,535,624 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/09/22 10:27:51 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/09/22 10:27:51 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/09/20 18:54:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/20 18:50:52 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/20 11:15:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/20 11:08:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/21 04:34:54 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,550,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,101,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========



< MD5 for: OAKLEY.DLL >
[2008/04/14 20:00:00 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=33CEB89B62589E8B12AEE9E2D523DADE -- C:\WINDOWS\$NtUninstallKB974392$\oakley.dll
[2009/10/13 18:38:09 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=7EADBA6D371C60CCA9E4DB57C28C8045 -- C:\WINDOWS\$hf_mig$\KB974392\SP3QFE\oakley.dll
[2009/10/13 18:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=C5FF8682EADA5B3B27A865F1C3EF9270 -- C:\WINDOWS\system32\dllcache\oakley.dll
[2009/10/13 18:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=C5FF8682EADA5B3B27A865F1C3EF9270 -- C:\WINDOWS\system32\oakley.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:ADDDF689
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:7578EF04
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:45FE2B4E

< End of report >
  • 0

#70
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
had to reinstall avg again as it did not install all the protections . before it restarted the screen flicked blue ?? lol

Edited by Cindy Pryt, 26 October 2011 - 08:58 AM.

  • 0

Advertisements


#71
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well the oakley file is legitimate and in the right place

If you are game we will check the services out now using MSConfig as per post 61 :)
  • 0

#72
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
What will happen with that lol if I un check it will I loose any thing :)
  • 0

#73
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope what that does is temporarily stops the services from starting - That way if it works OK we know we have a conflict somewhere and can then narrow it down by re-enabling the services in batches
  • 0

#74
Cindy Pryt

Cindy Pryt

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Can any thing go wrong :)
  • 0

#75
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Only if you hit it with a hammer :)

No as long as the microsoft services are hidden before you select disable all there will be no problem
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP