Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

logonUI.exe unable to locate component. wtsapi32.dll not found [Solved


  • This topic is locked This topic is locked

#31
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
have done the check and fix.

ran OTL here are the logs:

OTL logfile created on: 1/15/2012 7:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\brian\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.05% Memory free
6.17 Gb Paging File | 5.36 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 635.19 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 16:28:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\brian\Desktop\OTL.exe
PRC - [2012/01/11 22:39:33 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/15 08:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/01/11 23:01:58 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2012/01/15 11:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/15 08:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 07:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 07:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========

OTL Extras logfile created on: 1/15/2012 7:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\brian\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.05% Memory free
6.17 Gb Paging File | 5.36 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 635.19 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oops sorry for the delay I lost notification

What are the current problems ?

Could you post all of the main OTL log please - it was cut off
  • 0

#33
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
dont worry about the delay, as i am on 14.00-22.00 shift this week so there will be delays from my side.

current problems:

bsod MEMORY_MANAGEMENT while running malwarebytes

after pc rebooted after bsod, i got another bsod WINS32K.SYS PAGE IN NON PAGE AREA.

after reboot, i tried opening windows email, bsod BAD POOL ERROR

i can run a quick scan with malwarebytes and it comes up with no problems.

here are all the otl results:

OTL logfile created on: 1/15/2012 7:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\brian\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.05% Memory free
6.17 Gb Paging File | 5.36 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 635.19 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 16:28:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\brian\Desktop\OTL.exe
PRC - [2012/01/11 22:39:33 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/15 08:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/01/11 23:01:58 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2012/01/15 11:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/15 08:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 07:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 07:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm






IE - HKU\S-1-5-21-2689938297-1827862986-799398173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2689938297-1827862986-799398173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2689938297-1827862986-799398173-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-2689938297-1827862986-799398173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/11 16:26:34 | 000,000,000 | ---D | M]

[2012/01/11 17:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brian\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/11 17:36:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\brian\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-2689938297-1827862986-799398173-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2654EB47-81C2-4F5B-9F3E-3DEDAE608D6C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 17:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/01/15 17:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/01/15 17:18:23 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/01/15 17:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/01/15 16:27:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\brian\Desktop\OTL.exe
[2012/01/14 14:45:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/14 12:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/14 12:45:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/01/11 20:11:39 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Macromedia
[2012/01/11 20:11:39 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Adobe
[2012/01/11 20:11:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/01/11 20:07:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/11 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/01/11 19:46:04 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\uTorrent
[2012/01/11 19:44:26 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Mozilla
[2012/01/11 19:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/11 17:36:24 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Mozilla
[2012/01/11 17:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/11 17:36:20 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Conduit
[2012/01/11 17:33:57 | 000,735,608 | ---- | C] (BitTorrent, Inc.) -- C:\Users\brian\Documents\utorrent.exe
[2012/01/11 17:28:29 | 000,000,000 | ---D | C] -- C:\Users\brian\Documents\scotts work
[2012/01/11 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\brian\Documents\scotts stick
[2012/01/11 17:19:01 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\vlc
[2012/01/11 16:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2012/01/11 16:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2012/01/11 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 16:44:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/11 16:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Malwarebytes
[2012/01/11 16:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 16:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/11 16:37:00 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Google
[2012/01/11 16:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/11 16:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/01/11 16:36:06 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\WinRAR
[2012/01/11 16:36:06 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/11 16:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/11 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/11 16:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/11 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/11 16:32:30 | 000,000,000 | ---D | C] -- C:\Users\brian\Documents\kate1
[2012/01/11 16:32:06 | 000,000,000 | ---D | C] -- C:\Users\brian\Documents\greenbelt
[2012/01/11 16:31:15 | 000,000,000 | ---D | C] -- C:\Users\brian\Documents\dell service tag
[2012/01/11 16:28:37 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\AVG2012
[2012/01/11 16:26:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/01/11 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/11 16:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/11 16:26:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/01/11 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/01/11 16:19:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/01/11 16:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/11 06:35:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/11 06:33:38 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/01/11 06:28:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/01/11 06:26:55 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/01/11 06:26:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/01/11 06:14:51 | 000,000,000 | ---D | C] -- C:\Windows.old.000
[2012/01/11 00:09:17 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/01/10 22:54:10 | 000,000,000 | R--D | C] -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/10 22:54:10 | 000,000,000 | R--D | C] -- C:\Users\brian\Searches
[2012/01/10 22:54:10 | 000,000,000 | R--D | C] -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/10 22:54:02 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Identities
[2012/01/10 22:54:00 | 000,000,000 | R--D | C] -- C:\Users\brian\Contacts
[2012/01/10 22:53:59 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\VirtualStore
[2012/01/10 22:53:55 | 000,000,000 | --SD | C] -- C:\Users\brian\AppData\Roaming\Microsoft
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Videos
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Saved Games
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Pictures
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Music
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Links
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Favorites
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Downloads
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Documents
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\Desktop
[2012/01/10 22:53:55 | 000,000,000 | R--D | C] -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\AppData\Local\Temporary Internet Files
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Templates
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Start Menu
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\SendTo
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Recent
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\PrintHood
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\NetHood
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Documents\My Videos
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Documents\My Pictures
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Documents\My Music
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\My Documents
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Local Settings
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\AppData\Local\History
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Cookies
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\Application Data
[2012/01/10 22:53:55 | 000,000,000 | -HSD | C] -- C:\Users\brian\AppData\Local\Application Data
[2012/01/10 22:53:55 | 000,000,000 | -H-D | C] -- C:\Users\brian\AppData
[2012/01/10 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Temp
[2012/01/10 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Microsoft
[2012/01/10 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\Media Center Programs
[2012/01/05 10:22:12 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

========== Files - Modified Within 30 Days ==========

[2012/01/15 19:05:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 19:05:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 19:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/15 19:05:28 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/15 18:55:54 | 000,000,680 | ---- | M] () -- C:\Users\brian\AppData\Local\d3d9caps.dat
[2012/01/15 18:08:58 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/15 18:08:58 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/15 17:06:46 | 000,008,704 | ---- | M] () -- C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 16:28:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\brian\Desktop\OTL.exe
[2012/01/15 11:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/15 10:21:29 | 086,774,023 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/13 14:33:13 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/01/12 15:28:37 | 032,112,640 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012/01/12 15:28:36 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012/01/12 15:28:36 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012/01/12 14:50:05 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/12 00:01:39 | 000,000,953 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 23:15:41 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2012/01/11 23:09:01 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2012/01/11 19:46:50 | 000,000,786 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/11 17:42:49 | 000,000,104 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Recycle Bin - Shortcut.lnk
[2012/01/11 17:42:46 | 000,000,852 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2012/01/11 17:42:41 | 000,000,869 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2012/01/11 17:42:38 | 000,000,814 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2012/01/11 17:34:11 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Users\brian\Documents\utorrent.exe
[2012/01/11 16:48:25 | 000,000,940 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/11 16:44:54 | 000,002,016 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic - Home Cinema.lnk
[2012/01/11 06:43:08 | 000,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/01/11 06:36:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2012/01/11 06:26:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2012/01/15 18:59:10 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/15 18:55:54 | 000,000,680 | ---- | C] () -- C:\Users\brian\AppData\Local\d3d9caps.dat
[2012/01/15 17:18:22 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/01/15 10:21:29 | 086,774,023 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/14 12:46:51 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/01/13 14:33:13 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/01/11 23:15:41 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012/01/11 23:09:01 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/01/11 22:08:16 | 032,112,640 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012/01/11 22:08:16 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012/01/11 22:08:16 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012/01/11 19:46:50 | 000,000,786 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/11 17:42:49 | 000,000,104 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Recycle Bin - Shortcut.lnk
[2012/01/11 17:42:46 | 000,000,852 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2012/01/11 17:42:41 | 000,000,869 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2012/01/11 17:42:38 | 000,000,814 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2012/01/11 16:48:25 | 000,000,940 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/11 16:44:54 | 000,002,016 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic - Home Cinema.lnk
[2012/01/11 16:25:05 | 000,008,704 | ---- | C] () -- C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 14:49:37 | 000,000,953 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 06:26:16 | 000,000,036 | RH-- | C] () -- C:\Windows\DELL_VERSION
[2012/01/10 22:54:11 | 000,000,959 | ---- | C] () -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 22:54:10 | 000,000,954 | ---- | C] () -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/10 22:54:00 | 000,000,925 | ---- | C] () -- C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/10 22:53:55 | 000,000,258 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/10 22:53:55 | 000,000,240 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,618,410 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,103,818 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2012/01/11 16:28:37 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\AVG2012
[2012/01/15 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\uTorrent
[2012/01/15 18:57:54 | 000,010,082 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2011/05/27 19:32:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old.000\Windows\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old.000\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/27 19:32:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/20 11:07:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/20 11:07:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/01/11 22:39:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/01/11 22:39:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old.000\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/05/27 19:32:01 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/05/20 11:07:53 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012/01/11 22:39:32 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old.000\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/05/27 19:32:01 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/05/20 11:07:52 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2012/01/11 22:39:32 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/27 03:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows.old\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/05/20 11:42:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/27 03:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2012/01/11 23:10:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/27 02:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows.old\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2011/05/20 11:42:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2007/08/27 02:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2012/01/11 23:10:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old.000\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2011/05/27 19:32:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2011/05/20 11:07:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2012/01/11 22:39:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old.000\Windows\System32\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old\Windows\System32\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old.000\Windows\System32\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\System32\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old.000\Windows\System32\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\System32\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2006/11/02 08:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2654EB47-81C2-4F5B-9F3E-3DEDAE608D6C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E22B8DAB-9EBE-414F-8199-CE169F3FEFAE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2006/11/02 08:57:26 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 04 01 01 01 05 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 09:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/01/11 23:18:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/01/11 23:18:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/01/11 23:18:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/01/11 23:18:11 | 000,634,632 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/01/11 23:18:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/01/11 23:18:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/01/11 23:18:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/01/11 23:18:11 | 000,634,632 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >

OTL Extras logfile created on: 1/15/2012 7:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\brian\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.05% Memory free
6.17 Gb Paging File | 5.36 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 635.19 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37C8E02D-4C66-40E3-BB7B-6B5FEA7ED11A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{47C439A0-EE50-44B0-B66F-46ADDDEB9E2A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{4F35C6C2-255D-4282-9948-94362C22E4C6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{632B2C6B-FCB8-4F35-A656-79EC2EAA0D4C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6A4DECC2-1F79-42F9-B250-F2A8D28E1181}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7A9E50F5-C826-4B5E-9FE6-34D817A16939}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AE05AA6E-A19B-4120-8B6E-3E46711417F1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B8242C82-814E-4DED-B17E-EE0C7A615A53}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{DCD985E9-F87D-4A10-9038-990E2590DCFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E182F758-71EE-46F2-BA8A-8A09FFE3A9E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2012 2:27:36 PM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 2.0.50727.3053, time stamp
0x4889dc4b, faulting module mscorwks.dll, version 2.0.50727.3603, time stamp 0x4a7cd88e,
exception code 0xc0000005, fault offset 0x00003478, process id 0xe6c, application
start time 0x01ccd22105d3320b.

Error - 1/13/2012 2:27:51 PM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 2.0.50727.3053, time stamp
0x4889dc4b, faulting module mscorwks.dll, version 2.0.50727.3603, time stamp 0x4a7cd88e,
exception code 0xc0000005, fault offset 0x00003478, process id 0xe70, application
start time 0x01ccd2210e95814b.

Error - 1/13/2012 2:28:05 PM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 2.0.50727.3053, time stamp
0x4889dc4b, faulting module mscorwks.dll, version 2.0.50727.3603, time stamp 0x4a7cd88e,
exception code 0xc0000005, fault offset 0x00003478, process id 0x834, application
start time 0x01ccd221170e05eb.

Error - 1/13/2012 4:37:07 PM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_SysMain, version 6.0.6000.16386,
time stamp 0x4549adc4, faulting module kernel32.dll, version 6.0.6000.16820, time
stamp 0x49952034, exception code 0xc0000005, fault offset 0x0004736d, process id
0x4e4, application start time 0x01ccd1ff346a4238.

Error - 1/15/2012 5:55:26 AM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application avgwdsvc.exe, version 12.0.0.1773, time stamp
0x4e37528d, faulting module avgwd.dll, version 12.0.0.1884, time stamp 0x4ed4ba69,
exception code 0xc0000005, fault offset 0x00043855, process id 0x488, application
start time 0x01ccd36bca394e01.

Error - 1/15/2012 7:24:56 AM | Computer Name = brian-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/15/2012 8:58:02 AM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16982, time stamp
0x4b2b56f5, faulting module jscript.dll, version 5.7.0.16865, time stamp 0x4a27c0d1,
exception code 0xc0000005, fault offset 0x0001b2f5, process id 0x16d8, application
start time 0x01ccd3851f44ac62.

Error - 1/15/2012 12:25:54 PM | Computer Name = brian-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_BFE, version 6.0.6000.16386, time
stamp 0x4549adc4, faulting module bfe.dll, version 6.0.6000.16386, time stamp 0x4549bcbc,
exception code 0xc0000005, fault offset 0x00008126, process id 0x1f74, application
start time 0x01ccd3a240013814.

Error - 1/15/2012 12:33:45 PM | Computer Name = BRIAN-PC | Source = Application Error | ID = 1000
Description = Faulting application SLsvc.exe, version 6.0.6000.16509, time stamp
0x4679d9fe, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0002beaf, process id 0xd28, application
start time 0x01ccd3a3726d0162.

Error - 1/15/2012 3:08:47 PM | Computer Name = brian-PC | Source = VSS | ID = 8216
Description =

[ System Events ]
Error - 1/15/2012 12:26:35 PM | Computer Name = brian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/15/2012 12:26:35 PM | Computer Name = brian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/15/2012 12:28:15 PM | Computer Name = brian-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 1/15/2012 12:28:16 PM | Computer Name = brian-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 1/15/2012 12:33:43 PM | Computer Name = brian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:31:55 PM on 1/15/2012 was unexpected.

Error - 1/15/2012 1:11:00 PM | Computer Name = brian-PC | Source = DCOM | ID = 10016
Description =

Error - 1/15/2012 1:11:00 PM | Computer Name = brian-PC | Source = DCOM | ID = 10016
Description =

Error - 1/15/2012 1:11:00 PM | Computer Name = brian-PC | Source = DCOM | ID = 10016
Description =

Error - 1/15/2012 1:11:00 PM | Computer Name = brian-PC | Source = DCOM | ID = 10016
Description =

Error - 1/15/2012 1:11:00 PM | Computer Name = brian-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
All those errors are indicative of memory problems

Could you run a memory check please

Instructions on how to do it are here
  • 0

#35
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ran the diagnostic, came back with box saying your computer has memory problems, no actual log or details though.
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK how many ram sticks do you have in your computer ?

If there are two

Then remove one and run the computer... Do you still get the same errors

If so

Then replace the first stick and remove the second and run the computer
  • 0

#37
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
will do it in morn, off to work now.

just to be clear, should i run the diagnostic, or just run pc in normal use and watch for errors?

Edited by cuda67, 17 January 2012 - 07:27 AM.

  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run MBAM as that appears to give problems very fast

Or you could run a quick diagnostic, whichever you find easier
  • 0

#39
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Had a look inside and found four sticks of memory,

two 1gb
two 512mb

took them out one by one and ran memory diagnostic each time one was removed.

results were that one of the 1gb sticks was showing an error. when removed all scans were good.

so lookslike im of to amazon or crucial for a replacement. have you any recomendations on what to buy? i have read that vista 32 bit can only access 3-3.5gb so if this is true should i just replace the 1gb stick or do you think as one has failed (pc is three years old) its worth changing them all?
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Vista will work up to 3.5 Gb any more that that is really wasted

For the memory I would recommend that you run the Crucial scanner as that will give you full details about the RAM that your system will accept

How is it running now ?
  • 0

Advertisements


#41
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
yes i did the crucial scanner and it came up with what you said, 3.5 is about the limit. its running well with the faulty ram removed. do you think i should buy all new or just replace the 1gig. all the ram has been in there from new, how long does ram usually last?
i ran a full mbam and all was well.
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Memory is one of those pieces where it will either last forever or just fail for no apparent reason

Just replacing the faulty module should be OK

I will give my little clean spiel now

Let me know if there are further problems

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP