GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Nuqel.E - AVG scan dies & computer shuts down

View previous topic View next topic Go down

Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 08, 2010 1:05 am

Even the original OTC scan I was doing ran for about 20 minutes, then the computer abruptly shut down. I am now rerunning OTC scan with the computer in Safe Mode with Networking. Hopefully I will get the two log files I can copy and paste below.....

I am going to post now and will update with lof file contents when I gat them, hopefully in a few minutes.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 08, 2010 1:23 am

OTL Extras logfile created on: 6/7/2010 8:59:56 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:UsersJoeDownloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 90.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 581.52 Gb Total Space | 445.69 Gb Free Space | 76.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses]

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:Program Files (x86)Microsoft OfficeOFFICE11msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:Program Files (x86)Microsoft OfficeOFFICE11msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:Program Files (x86)Microsoft OfficeOFFICE11msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:Program Files (x86)Microsoft OfficeOFFICE11msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 32 B9 BB 55 26 41 CA 01 [binary data]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{3F8907F3-E4DE-4260-BB5F-938A3DE8E186}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4104AA77-862A-4930-8044-BB2521DFCFFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{69F25289-BD35-419C-95D8-ABA8EA1D8A45}" = lport=80 | protocol=6 | dir=out | app=c:program files (x86)common filesintuitupdate serviceintuitupdateservice.exe |
"{A487BEFC-D7D8-4018-B73F-1A148B1ADBE8}" = lport=80 | protocol=6 | dir=out | app=c:program files (x86)common filesintuitupdate serviceintuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{1B42F944-37D0-4489-BD8D-B48BEA9B315D}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |
"{2FC0C6A3-39F0-4F97-B731-AA83320135FA}" = dir=in | app=c:program files (x86)avgavg8avgupd.exe |
"{6A9FEA51-5E13-4B96-9519-B10C84194D7F}" = dir=in | app=c:program files (x86)cyberlinkpowerdirectorpdr.exe |
"{874CBC43-45DF-4CB6-A706-3036EC2A1EFA}" = dir=in | app=c:program files (x86)windows livemessengerwlcsdk.exe |
"{BF6E6D2F-88B1-47CF-9990-F26B1D7A1F41}" = dir=in | app=c:program files (x86)avgavg8avgnsa.exe |
"{FC53E6EB-19E6-4867-BA34-8B33A3833C39}" = dir=in | app=c:program files (x86)windows livesyncwindowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}" = Realtek Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Spyware Doctor" = Spyware Doctor 7.0
"SystemRequirementsLab" = System Requirements Lab
"TurboTax Business 2008" = TurboTax Business 2008
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2010 11:35:37 AM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 11:35:37 AM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 11:35:42 AM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 11:35:42 AM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 12:30:03 PM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 12:30:03 PM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 12:30:03 PM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 12:30:03 PM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 12:30:03 PM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

Error - 5/24/2010 12:30:03 PM | Computer Name = Joe-PC | Source = QuickBooks | ID = 4
Description =

[ System Events ]
Error - 9/25/2009 2:14:02 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10005
Description =

Error - 9/25/2009 2:14:02 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/25/2009 2:14:02 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/25/2009 3:35:02 PM | Computer Name = Joe-PC | Source = HTTP | ID = 15016
Description =

Error - 9/25/2009 4:04:12 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10016
Description =

Error - 9/25/2009 4:04:12 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10016
Description =

Error - 9/25/2009 4:04:12 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10016
Description =

Error - 9/25/2009 4:04:12 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10016
Description =

Error - 9/25/2009 4:04:12 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10016
Description =

Error - 9/25/2009 4:13:57 PM | Computer Name = Joe-PC | Source = HTTP | ID = 15016
Description =


< End of report >

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 08, 2010 1:23 am

OTL logfile created on: 6/7/2010 8:59:56 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:UsersJoeDownloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 90.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 581.52 Gb Total Space | 445.69 Gb Free Space | 76.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/07 20:33:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:UsersJoeDownloadsOTL.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 20:33:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:UsersJoeDownloadsOTL.exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWOW64comdlg32.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWOW64msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeFntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/08 15:11:02 | 000,726,016 | ---- | M] () [Auto | Stopped] -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2008/09/08 15:09:52 | 000,221,696 | ---- | M] () [Auto | Stopped] -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/07/22 22:54:06 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:WindowsSysNativeagr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:Program Files (x86)NOSbingetPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:Program Files (x86)Spyware DoctorpctsSvc.exe -- (sdcoreservice)
SRV - [2010/03/13 17:38:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:Program Files (x86)AVGAVG9avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:Program Files (x86)Spyware DoctorpctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)McAfee Security Scan2.0.181McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/16 19:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:Program Files (x86)Common FilesIntuitQuickBooksQBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Gateway GamesGateway Game ConsoleGameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Common FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:WindowsSysWOW64Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:WindowsSysWOW64wbemvds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:WindowsSysWOW64wbemvss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/02 18:43:51 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WindowsSysNativeDriversavgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/02 18:43:51 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:WindowsSysNativeDriversavgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:WindowsSysNativedriversPCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/03/13 17:38:15 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:WindowsSysNativeDriversavgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSathrx.sys -- (athr)
DRV:64bit: - [2008/07/22 22:54:33 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSagrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 02:06:54 | 000,204,288 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversRTS5121.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversGEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/10 04:51:10 | 000,432,256 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversAVer88xHD64.sys -- (AVer88xHD)
DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2005/08/27 13:19:21 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSNVAMACPI.sys -- (nvamacpi)
DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:WindowsSysWOW64driversint15_64.sys -- (int15)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:WindowsSysWOW64wbemtcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:WindowsSysWOW64wbemmpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = [You must be registered and logged in to see this link.]
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = [You must be registered and logged in to see this link.]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = [You must be registered and logged in to see this link.]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1
IE - HKCU..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program Files (x86)AVGAVG9ToolbarIEToolbar.dll ()
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:WindowsSysNativedriversetcHosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG9avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG9avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common Filesmicrosoft sharedWindows LiveWindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program Files (x86)AVGAVG9ToolbarIEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.5.5126.1836swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:Program Files (x86)Microsoft MoneySystemmnyviewer.dll (Microsoft Corporation)
O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O3 - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O3 - HKLM..Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program Files (x86)AVGAVG9ToolbarIEToolbar.dll ()
O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O3 - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O3 - HKCU..ToolbarWebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program Files (x86)AVGAVG9ToolbarIEToolbar.dll ()
O4:64bit: - HKLM..Run: [NVRaidService] C:WindowsSysNativenvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..Run: [RtHDVCpl] C:WindowsRAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..Run: [Skytel] C:WindowsSkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..Run: [Windows Defender] C:Program FilesWindows DefenderMSASCui.exe (Microsoft Corporation)
O4 - HKLM..Run: [AVG9_TRAY] C:Program Files (x86)AVGAVG9avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..Run: [eRecoveryService] File not found
O4 - HKLM..Run: [ISTray] C:Program Files (x86)Spyware DoctorpctsTray.exe (PC Tools)
O4 - HKLM..Run: [LchDrvKey] C:WindowsLchDrvKey.exe ()
O4 - HKLM..Run: [LedKey] C:WindowsCNYHKey.exe (Creative)
O4 - HKLM..Run: [MoneyStartUp10.0] C:Program Files (x86)Microsoft MoneySystemActivation.exe (Microsoft Corporation)
O4 - HKLM..Run: [P2Go_Menu] C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..Run: [UpdatePDRShortCut] C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..Run: [swg] C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..Run: [WindowsWelcomeCenter] C:WindowsSysWow64oobefldr.dll (Microsoft Corporation)
O4 - HKLM..RunOnce: [Uninstall Adobe Download Manager] File not found
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:Program Files (x86)Microsoft OfficeOFFICE11EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:Program Files (x86)Microsoft OfficeOFFICE11EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:Program Files (x86)Microsoft OfficeOFFICE11REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program Files (x86)Microsoft MoneySystemmnyviewer.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerintu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG9avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - ProtocolHandlerlivecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlermsdaipp - No CLSID value found
O18:64bit: - ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlermsnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlermso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerqbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - ProtocolHandlerwlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlerintu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:Program Files (x86)IntuitQuickBooks 2008HelpAsyncPluggableProtocol.dll (TODO: )
O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG9avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - ProtocolHandlerlivecall {828030A1-22C1-4009-854F-8E305202313F} - C:Program Files (x86)Windows LiveMessengermsgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlermsnim {828030A1-22C1-4009-854F-8E305202313F} - C:Program Files (x86)Windows LiveMessengermsgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - ProtocolHandlerqbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - ProtocolHandlerwlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:Program Files (x86)Windows LiveMailmailcomm.dll (Microsoft Corporation)
O18:64bit: - ProtocolFilterapplication/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - ProtocolFilterapplication/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - ProtocolFilterapplication/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - ProtocolFiltertext/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - ProtocolFilterapplication/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - ProtocolFilterapplication/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - ProtocolFilterapplication/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - ProtocolFiltertext/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE11MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:WindowsSysNativeavgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:WindowsWebWallpaperGTW3_Wide.bmp
O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperGTW3_Wide.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2{e4d40701-4774-11de-b435-0022684b4b71}Shell - "" = AutoRun
O33 - MountPoints2{e4d40701-4774-11de-b435-0022684b4b71}ShellAutoRuncommand - "" = J:LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:WindowsSysNativeias [2008/01/20 23:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:WindowsSysNativeirmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:WindowsSysNativewmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:WindowsSysWOW64ias [2008/01/20 23:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:WindowsSysWOW64wmi.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:WindowsSysWOW64wbemvds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MPSDrv - C:WindowsSysWOW64wbemmpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:WindowsSysWOW64wbemtcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:WindowsSysWOW64wbemvds.mof ()
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%Windows MailWinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:Windowssystem32ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:Windowssystem32Rundll32.exe C:Windowssystem32mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:Windowssystem32unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:Windowssystem32ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%Windows MailWinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:WindowsSysWOW64ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:WindowsSysWOW64Rundll32.exe C:WindowsSysWOW64mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%system32unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:WindowsSysWOW64ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:WindowsSysWOW64rundll32.exe" "C:WindowsSysWOW64iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:WindowsSysNativel3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:WindowsSysWOW64l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/07 20:30:46 | 000,000,000 | -HSD | C] -- C:Config.Msi
[2010/06/07 20:29:45 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesAdobe AIR
[2010/06/07 20:29:35 | 000,000,000 | ---D | C] -- C:ProgramDataMcAfee Security Scan
[2010/06/07 20:29:35 | 000,000,000 | ---D | C] -- C:ProgramDataMcAfee
[2010/06/07 20:29:32 | 000,000,000 | ---D | C] -- C:Program Files (x86)McAfee Security Scan
[2010/06/07 20:29:23 | 000,000,000 | ---D | C] -- C:ProgramDataNOS
[2010/06/07 20:29:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)NOS
[2010/06/07 20:26:14 | 000,000,000 | ---D | C] -- C:UsersJoeDocumentsJavaRa[1]
[2010/06/07 20:20:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSysWow64deployJava1.dll
[2010/06/07 18:28:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:WindowsPCTBDRes.dll
[2010/06/07 18:22:51 | 000,306,648 | ---- | C] (PC Tools) -- C:WindowsSysNativedriverspctgntdi64.sys
[2010/06/07 18:22:51 | 000,133,072 | ---- | C] (PC Tools) -- C:WindowsSysNativedriverspctwfpfilter64.sys
[2010/06/07 18:22:47 | 000,233,488 | ---- | C] (PC Tools) -- C:WindowsSysNativedriversPCTCore64.sys
[2010/06/07 18:22:43 | 000,092,896 | ---- | C] (PC Tools) -- C:WindowsSysNativedriverspctplsg64.sys
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spyware Doctor
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:ProgramDataPC Tools
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesPC Tools
[2009/09/02 19:09:58 | 000,018,944 | ---- | C] ( ) -- C:WindowsSysWow64Implode.dll
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/07 20:57:10 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2010/06/07 20:54:18 | 002,359,296 | -HS- | M] () -- C:UsersJoeNTUSER.DAT
[2010/06/07 20:31:06 | 000,001,919 | ---- | M] () -- C:UsersPublicDesktopAdobe Reader 9.lnk
[2010/06/07 20:29:53 | 000,000,904 | ---- | M] () -- C:UsersPublicDesktopAcrobat_com.lnk
[2010/06/07 20:29:33 | 000,001,773 | ---- | M] () -- C:UsersPublicDesktopMcAfee Security Scan Plus.lnk
[2010/06/07 20:29:33 | 000,001,771 | ---- | M] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk
[2010/06/07 20:23:04 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job
[2010/06/07 20:19:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64deployJava1.dll
[2010/06/07 20:19:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64javaws.exe
[2010/06/07 20:19:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64javaw.exe
[2010/06/07 20:19:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe
[2010/06/07 20:14:20 | 000,067,569 | ---- | M] () -- C:ProgramDatanvModes.dat
[2010/06/07 20:14:16 | 000,067,569 | ---- | M] () -- C:ProgramDatanvModes.001
[2010/06/07 19:29:07 | 000,690,960 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI
[2010/06/07 19:29:07 | 000,595,446 | ---- | M] () -- C:WindowsSysNativeperfh009.dat
[2010/06/07 19:29:07 | 000,101,144 | ---- | M] () -- C:WindowsSysNativeperfc009.dat
[2010/06/07 19:23:23 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job
[2010/06/07 19:23:13 | 000,004,784 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/07 19:23:13 | 000,004,784 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/07 19:23:12 | 000,000,000 | ---- | M] () -- C:WindowsSysNativeLogConfigTemp.xml
[2010/06/07 19:23:10 | 000,000,006 | -H-- | M] () -- C:WindowstasksSA.DAT
[2010/06/07 19:18:17 | 000,524,288 | -HS- | M] () -- C:UsersJoeNTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/07 19:18:17 | 000,065,536 | -HS- | M] () -- C:UsersJoeNTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/07 19:18:16 | 002,686,363 | -H-- | M] () -- C:UsersJoeAppDataLocalIconCache.db
[2010/06/07 19:01:20 | 000,325,904 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT
[2010/06/07 18:28:30 | 000,001,815 | ---- | M] () -- C:UsersPublicDesktopSpyware Doctor.lnk
[2010/06/07 18:22:36 | 060,811,867 | ---- | M] () -- C:WindowsSysNativedriversAvgincavi.avm
[2010/06/07 14:16:51 | 018,223,104 | ---- | M] () -- C:UsersJoeDocumentsMy Money.mny
[2010/06/02 18:43:51 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:WindowsSysNativedriversavgtdia.sys
[2010/06/02 18:43:51 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:WindowsSysNativedriversavgmfx64.sys
[2010/05/21 10:21:37 | 000,024,576 | ---- | M] () -- C:UsersJoeDocumentsKimco Fax May 2010.doc
[2010/05/14 09:13:24 | 000,006,144 | ---- | M] () -- C:UsersJoeAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/07 20:31:06 | 000,001,919 | ---- | C] () -- C:UsersPublicDesktopAdobe Reader 9.lnk
[2010/06/07 20:29:53 | 000,000,904 | ---- | C] () -- C:UsersPublicDesktopAcrobat_com.lnk
[2010/06/07 20:29:33 | 000,001,773 | ---- | C] () -- C:UsersPublicDesktopMcAfee Security Scan Plus.lnk
[2010/06/07 20:29:33 | 000,001,771 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk
[2010/06/07 18:22:51 | 000,007,357 | ---- | C] () -- C:WindowsSysNativedriverspctgntdi64.cat
[2010/06/07 18:22:47 | 000,007,353 | ---- | C] () -- C:WindowsSysNativedriverspctcore64.cat
[2010/06/07 18:22:45 | 000,001,815 | ---- | C] () -- C:UsersPublicDesktopSpyware Doctor.lnk
[2010/06/07 18:22:43 | 000,007,353 | ---- | C] () -- C:WindowsSysNativedriverspctplsg64.cat
[2010/05/21 10:21:37 | 000,024,576 | ---- | C] () -- C:UsersJoeDocumentsKimco Fax May 2010.doc
[2010/05/14 08:02:50 | 000,006,144 | ---- | C] () -- C:UsersJoeAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 08:03:36 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll
[2009/09/17 08:03:01 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll
[2009/09/02 19:09:58 | 000,748,160 | ---- | C] () -- C:WindowsSysWow64Co2c40en.dll
[2009/09/02 19:09:58 | 000,054,272 | ---- | C] () -- C:WindowsSysWow64P2irdao.dll
[2009/09/02 19:09:58 | 000,050,176 | ---- | C] () -- C:WindowsSysWow64P2ctdao.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:WindowsSysWow64physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:WindowsSysWow64AgCPanelFrench.dll
[2009/05/20 11:12:36 | 000,000,376 | ---- | C] () -- C:WindowsODBC.INI
[2009/03/18 03:51:35 | 000,294,912 | ---- | C] () -- C:WindowsPIC.dll
[2009/03/18 03:51:35 | 000,000,870 | ---- | C] () -- C:Windowsmhotkey_reg.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:WindowsSysWow64OUTLPERF.INI
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:WindowsSysWow64sysres.dll

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:bootmgr
[2009/01/18 05:10:10 | 000,008,192 | R-S- | M] () -- C:BOOTSECT.BAK
[2009/01/18 07:02:24 | 000,000,165 | ---- | M] () -- C:Labelprint.log
[2010/06/07 14:39:11 | 000,000,109 | ---- | M] () -- C:mbam-error.txt
[2009/03/18 04:10:09 | 000,000,106 | ---- | M] () -- C:ms.log
[2010/06/07 20:56:57 | 312,807,422 | -HS- | M] () -- C:pagefile.sys
[2009/01/18 06:44:54 | 000,000,827 | ---- | M] () -- C:RHDSetup.log

< %PROGRAMFILES%*. >
[2010/06/07 20:31:03 | 000,000,000 | ---D | M] -- C:Program Files (x86)Adobe
[2009/09/25 16:11:22 | 000,000,000 | ---D | M] -- C:Program Files (x86)AGEIA Technologies
[2009/05/15 14:21:32 | 000,000,000 | ---D | M] -- C:Program Files (x86)Akamai
[2009/08/16 11:49:18 | 000,000,000 | ---D | M] -- C:Program Files (x86)Apple Software Update
[2009/01/18 06:44:58 | 000,000,000 | ---D | M] -- C:Program Files (x86)AVerMedia
[2009/11/10 11:07:45 | 000,000,000 | ---D | M] -- C:Program Files (x86)AVG
[2009/09/10 22:24:45 | 000,000,000 | ---D | M] -- C:Program Files (x86)Citrix
[2010/06/07 20:29:45 | 000,000,000 | ---D | M] -- C:Program Files (x86)Common Files
[2009/03/18 04:10:39 | 000,000,000 | ---D | M] -- C:Program Files (x86)CyberLink
[2009/05/15 08:36:37 | 000,000,000 | ---D | M] -- C:Program Files (x86)D-Link
[2009/01/18 07:00:10 | 000,000,000 | ---D | M] -- C:Program Files (x86)Gateway Games
[2010/02/04 00:12:03 | 000,000,000 | ---D | M] -- C:Program Files (x86)Google
[2010/01/07 09:52:18 | 000,000,000 | ---D | M] -- C:Program Files (x86)HotHotSoftware
[2009/05/18 08:49:13 | 000,000,000 | -H-D | M] -- C:Program Files (x86)InstallShield Installation Information
[2010/05/27 03:02:58 | 000,000,000 | ---D | M] -- C:Program Files (x86)Internet Explorer
[2009/05/15 14:27:11 | 000,000,000 | ---D | M] -- C:Program Files (x86)Intuit
[2010/01/27 19:12:47 | 000,000,000 | ---D | M] -- C:Program Files (x86)Java
[2010/06/07 14:39:10 | 000,000,000 | ---D | M] -- C:Program Files (x86)Malwarebytes' Anti-Malware
[2010/06/07 20:29:32 | 000,000,000 | ---D | M] -- C:Program Files (x86)McAfee Security Scan
[2009/01/18 07:07:01 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft
[2009/05/20 11:11:55 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft ActiveSync
[2009/05/19 20:30:24 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft Money
[2009/05/20 11:11:50 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft Office
[2009/01/18 06:50:05 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft Office Suite Activation Assistant
[2009/01/18 07:08:12 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft SQL Server Compact Edition
[2009/06/12 03:04:07 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft Works
[2009/05/20 11:11:32 | 000,000,000 | ---D | M] -- C:Program Files (x86)Microsoft.NET
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:Program Files (x86)MSBuild
[2009/05/15 14:25:32 | 000,000,000 | ---D | M] -- C:Program Files (x86)MSXML 4.0
[2009/03/18 03:57:16 | 000,000,000 | ---D | M] -- C:Program Files (x86)Northstar
[2010/06/07 20:29:23 | 000,000,000 | ---D | M] -- C:Program Files (x86)NOS
[2009/09/25 16:12:14 | 000,000,000 | ---D | M] -- C:Program Files (x86)NVIDIA Corporation
[2009/08/16 11:52:04 | 000,000,000 | ---D | M] -- C:Program Files (x86)QuickTime
[2009/09/02 22:28:22 | 000,000,000 | ---D | M] -- C:Program Files (x86)QuickWordtoPDF
[2009/03/18 03:55:07 | 000,000,000 | ---D | M] -- C:Program Files (x86)Realtek
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:Program Files (x86)Reference Assemblies
[2010/06/07 19:28:36 | 000,000,000 | ---D | M] -- C:Program Files (x86)Spyware Doctor
[2009/09/25 16:04:11 | 000,000,000 | ---D | M] -- C:Program Files (x86)SystemRequirementsLab
[2009/05/15 13:38:38 | 000,000,000 | ---D | M] -- C:Program Files (x86)TurboTax
[2006/11/02 11:36:07 | 000,000,000 | -H-D | M] -- C:Program Files (x86)Uninstall Information
[2009/09/29 12:55:23 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Calendar
[2008/01/20 23:09:47 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Collaboration
[2008/01/20 23:09:41 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Defender
[2009/01/18 07:09:04 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Live
[2009/01/18 07:06:48 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Live SkyDrive
[2010/05/13 03:20:58 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Mail
[2009/10/29 03:03:03 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Media Player
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows NT
[2009/09/29 12:55:21 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Photo Gallery
[2009/11/17 10:49:01 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Portable Devices
[2009/09/29 12:55:23 | 000,000,000 | ---D | M] -- C:Program Files (x86)Windows Sidebar

< %appdata%*.* >


< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fcAGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1eatapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:Windowswinsxsamd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1ccngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSysWOW64cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSysWOW64cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/20 22:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:Windowswinsxsamd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490disk.sys
[2009/04/11 03:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:Windowswinsxsamd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdcdisk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:Program Files (x86)CyberLinkPowerDirectorEventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598dnetlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSysWOW64netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSysWOW64netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159dnvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSysWOW64scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSysWOW64scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8fscecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:Windowswinsxsamd64_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_a4a4ea3a50308c79USBSTOR.SYS
[2009/04/11 01:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:Windowswinsxsamd64_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_a69063464d5257c5USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:ProgramDataTemp:DFC5A2B2
< End of report >

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Tue Jun 08, 2010 4:54 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 08, 2010 9:17 pm

The scan only took 5 minutes. Below is the log file. It is asking me to restart, so I will do that now....


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4181

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

6/8/2010 5:14:37 PM
mbam-log-2010-06-08 (17-14-37).txt

Scan type: Quick scan
Objects scanned: 143045
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:UsersMy Gym ChantillyAppDataLocalTemp4f4aef65.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:UsersMy Gym ChantillyAppDataLocalTemp7fdb3287.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 08, 2010 9:38 pm

After reboot I went back into user having the trouble and was still getting bogus messages and it was still hijacking my browser. In case you are interested, one of the messages was:

===============================
Microsoft Visual C++ Runtime Library
C:usersMyGymChantillyAppDataLocalkbhdea.caoabi.exe

This application has requested to terminate it in an unusual way...
============================================
Malwarebytes' Anti-Malware 1.46

[You must be registered and logged in to see this link.]



Database version: 4181



Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904



6/8/2010 5:29:24 PM

mbam-log-2010-06-08 (17-29-24).txt



Scan type: Quick scan

Objects scanned: 141759

Time elapsed: 3 minute(s), 42 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

HKEY_CURRENT_USERSoftwareavsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSoftwareavsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.



Registry Values Infected:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunwopcpknxqmegu (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

c:Usersmy gym chantillyAppDataLocalkbhdeacaoabi.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.

No virus found in this incoming message.
Checked by AVG - [You must be registered and logged in to see this link.]
Version: 9.0.829 / Virus Database: 271.1.1/2926 - Release Date: 06/08/10 14:35:00


I reran malware bytes under the user getting the trouble and it found 4 infections... the log is:

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Wed Jun 09, 2010 12:00 am

Hello.
Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Wed Jun 09, 2010 12:18 pm

It is now much better. I am no longer having things pop up telling me that I am under attack, etc.

I had to reset my connections in Internet Explorer Options to auto detect....as the virus had set it to do some sort of proxy server thing.

The only detectable problem I see now is with AVG 9 Free. If I run a scan, the computer shuts down during the scan and when I restart it, Windows says it did not end normally.

I did a reinstall of it choosing "repair" and that did no good. I uninstalled AVG, did a new download and install. Still shuts down when I run the scan. If I run the AVG scan in Safe Mode (command line) it runs through to the end, but I can't find the file "avgrep.txt" it is supposed to produce.

Anyway, thanks for your help and if this AVG thing is something I need to go to AVG with, no problem.

I have a hard time believing that a virus can leave something on the computer that messes up AVG, but it appears it has.

Thanks again for getting most of the problem cleared up.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Wed Jun 09, 2010 11:36 pm

Hello.
You've no idea the powers malware writers have. If AVG is playing up, we can try a new AV, AVG caused me nothing but problems for myself.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Fri Jun 11, 2010 11:12 pm

Well, I now believe that I still have a problem. I was working away on the computer. Normal stuff. Email, Excel, Word, Quickbooks, etc. I left the computer for 15 minutes, and when I returned it was shut down. I restarted irt and checked to make sure that AVG had not been running a scan, as that is the one thing that had caused an abrupt shut down in the past. All indications are that AVG had not been running.

So, I downloaded the latest updates for Malwarebytes and ran a quick scan. 5 minutes later it finished, telling me it found one infection "Killav.ASF". It offered to tell me more about the virus and I clicked on that and it took me to the internet. I clicked on the "remove" button and it worked a second or two, and then took me to the log of threats found. I clicked on remove again, and there was an immediate hard shutdown.

I restarted and thought I would try to read up on the virus, so I started internet explorer. It offered to restore the session and I told it to do so. It took me to the malwarebytes encyclopedia. I searched on killav and it took me to a list of viruses. When I clicked on the "killav" so I could read about it, there was an immediate hard shutdown.

I thought I would try to read about that virus from another computer, but can't seem to find the right url.

Anyway, I am now going to run malwarebytes scan agan and see what happens.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Fri Jun 11, 2010 11:21 pm

Here is the log from the scan that found the Killav.ASF virus

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4190

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

6/11/2010 6:23:48 PM
mbam-log-2010-06-11 (18-23-48).txt

Scan type: Quick scan
Objects scanned: 142625
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\My Gym Chantilly\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
==================================================

Here is the log from the scan I just ran

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4190

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

6/11/2010 7:17:28 PM
mbam-log-2010-06-11 (19-17-28).txt

Scan type: Quick scan
Objects scanned: 142704
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I would feel better if I could find the url to the malwarebytes virus encyclopedia and click on that virus to see if it shuts down my machine again.

I am now going to try to run the AVG scan.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Fri Jun 11, 2010 11:45 pm

1) Ran AVG scan. Computer did hard shut down in about 5 minutes.
2) rebooted. When it was starting it said it wanted to do a windows startup repair....during that process it did a system restore.
3) Rebooted again. Came up normally. But shut down again very quickly. I am now operating in safe mode with networking and feeling like this computer is still infected with something pretty nasty.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sat Jun 12, 2010 12:06 am

computer shut down again, even in safe mode.

Will not stay up very long. Might be a coincidence, but whenever I go to the internet, it shuts down. I am gouing to let it sit for an hour or so, turn it on and do absoƖute nothing and see if it shuts down.

I am beginning to think it may be a hardware problem? Please don't tell me that malware is capable of doing damage to hardware.

I am writing this from another computer on the network.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sat Jun 12, 2010 2:03 am

okay, went back and booted up. did inoccuous things for 15 to 20 minutes. Solitare. Then a little internet browsing not going anywhere near AVG, or Malwarebytes sites.

I started malwarebytes and checked to make sure I had latest updates. I did. Ran quick scan. It ran for over 3 minutes (I watched). It went through registry, through c:\Windows\System32 (maybe it was still in that directory, not sure), hard stop. I am going to wait to hear from you before doing anything. Writing from and will check from 2nd computer.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Sat Jun 12, 2010 9:19 pm

Hello.
Please re-run OTL and post the new log for me, we'll see what's happening.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sun Jun 13, 2010 2:38 am

here is latest OTL

OTL logfile created on: 6/12/2010 10:31:43 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = c:\users\Joe\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 437.52 Gb Free Space | 75.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: My Gym Chantilly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/12 14:55:30 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/06/12 14:55:04 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/08 22:50:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/07 20:33:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Users\Joe\Downloads\OTL.exe
PRC - [2010/05/27 03:03:23 | 000,304,240 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/16 20:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/05 11:37:58 | 012,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/11 19:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
PRC - [2008/08/11 12:20:28 | 000,335,872 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 20:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 17:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 20:33:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Users\Joe\Downloads\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/07 13:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/08 15:11:02 | 000,726,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2008/09/08 15:09:52 | 000,221,696 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/07/22 22:54:06 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/08 22:50:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdcoreservice)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/16 19:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/12 14:55:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/12 14:55:29 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/06/08 22:51:48 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/22 22:54:33 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 02:06:54 | 000,204,288 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/10 04:51:10 | 000,432,256 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer88xHD64.sys -- (AVer88xHD)
DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2005/08/27 13:19:21 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49164



O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files (x86)\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4d40701-4774-11de-b435-0022684b4b71}\Shell - "" = AutoRun
O33 - MountPoints2\{e4d40701-4774-11de-b435-0022684b4b71}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/12 07:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/12 07:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/06/12 07:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/09 07:04:51 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Roaming\WildTangent
[2010/06/08 22:51:53 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/08 22:51:52 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/08 22:51:48 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/06/08 22:51:47 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/08 22:51:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/06/07 20:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/07 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/06/07 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/07 20:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/06/07 20:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/07 20:20:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/07 18:28:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/07 18:22:51 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/06/07 18:22:51 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/06/07 18:22:47 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/06/07 18:22:43 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Roaming\PC Tools
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/06/07 14:02:37 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Local\kbhdea
[2010/06/03 07:44:49 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\Documents\mge music
[2010/05/17 07:50:53 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\Documents\News
[2009/09/02 19:09:58 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/12 22:33:49 | 002,359,296 | ---- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat
[2010/06/12 22:33:34 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/12 22:33:33 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/12 22:30:10 | 000,067,972 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/12 22:30:09 | 000,067,972 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/12 22:29:15 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/12 22:29:15 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/12 22:29:15 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/12 22:28:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/12 22:26:40 | 060,983,337 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/12 22:23:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/06/12 22:23:11 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 22:23:11 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 22:23:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/12 22:23:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/12 22:22:48 | 4294,156,287 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 17:17:09 | 000,524,288 | -HS- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000001.regtrans-ms
[2010/06/12 17:17:09 | 000,065,536 | -HS- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TM.blf
[2010/06/12 17:17:07 | 002,805,213 | -H-- | M] () -- C:\Users\My Gym Chantilly\AppData\Local\IconCache.db
[2010/06/12 16:52:14 | 000,497,664 | ---- | M] () -- C:\Users\My Gym Chantilly\Documents\email_addresses.doc
[2010/06/12 15:23:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/12 14:55:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/12 14:55:29 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/12 07:54:04 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/11 19:34:55 | 000,524,288 | -HS- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000002.regtrans-ms
[2010/06/09 08:06:29 | 000,524,288 | -HS- | M] () -- C:\Users\My Gym Chantilly\NTUSER.DAT{a674e685-44e5-11de-859c-0022684b4b71}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 08:06:29 | 000,065,536 | -HS- | M] () -- C:\Users\My Gym Chantilly\NTUSER.DAT{a674e685-44e5-11de-859c-0022684b4b71}.TM.blf
[2010/06/08 22:51:54 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/08 22:51:54 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/08 22:51:48 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/06/08 22:51:47 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/06/08 17:09:07 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/07 21:27:53 | 000,325,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/07 20:31:06 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/07 20:29:53 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/06/07 20:19:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/07 20:19:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/07 20:19:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/07 20:19:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/07 18:28:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/07 14:04:54 | 000,052,736 | ---- | M] () -- C:\Users\My Gym Chantilly\AppData\Local\syssvc.exe
[2010/05/30 13:21:39 | 000,043,057 | ---- | M] () -- C:\Users\My Gym Chantilly\Desktop\chantillyemails.csv
[2010/05/23 08:39:35 | 000,026,624 | ---- | M] () -- C:\Users\My Gym Chantilly\Documents\My Gym Training via the Internet Erin.doc
[2010/05/23 08:29:10 | 000,167,634 | ---- | M] () -- C:\Users\My Gym Chantilly\Desktop\w4.pdf
[2010/05/23 08:28:27 | 000,387,855 | ---- | M] () -- C:\Users\My Gym Chantilly\Desktop\i-9.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/12 07:54:04 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/11 19:48:24 | 4294,156,287 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/11 19:34:55 | 000,524,288 | -HS- | C] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000002.regtrans-ms
[2010/06/11 19:34:55 | 000,524,288 | -HS- | C] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 19:34:55 | 000,065,536 | -HS- | C] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TM.blf
[2010/06/08 22:51:54 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/08 22:51:47 | 060,983,337 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/08 22:51:47 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/06/07 20:31:06 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/07 20:29:53 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/06/07 20:29:33 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/07 20:29:33 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/07 18:22:51 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/06/07 18:22:47 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/06/07 18:22:45 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/07 18:22:43 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/06/07 14:04:53 | 000,052,736 | ---- | C] () -- C:\Users\My Gym Chantilly\AppData\Local\syssvc.exe
[2010/05/23 08:39:35 | 000,026,624 | ---- | C] () -- C:\Users\My Gym Chantilly\Documents\My Gym Training via the Internet Erin.doc
[2010/05/23 08:29:10 | 000,167,634 | ---- | C] () -- C:\Users\My Gym Chantilly\Desktop\w4.pdf
[2010/05/23 08:28:27 | 000,387,855 | ---- | C] () -- C:\Users\My Gym Chantilly\Desktop\i-9.pdf
[2009/09/17 08:03:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 08:03:01 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/02 19:09:58 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll
[2009/09/02 19:09:58 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\P2irdao.dll
[2009/09/02 19:09:58 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\P2ctdao.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/05/20 11:12:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/18 03:51:35 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/03/18 03:51:35 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sun Jun 13, 2010 8:28 am

OTL logfile created on: 6/13/2010 4:25:38 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = c:\users\Joe\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 436.76 Gb Free Space | 75.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: My Gym Chantilly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sun Jun 13, 2010 8:36 am

sorry, here is rest of OTL

================

========== Processes (SafeList) ==========

PRC - [2010/06/12 14:55:30 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/06/12 14:55:04 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/08 22:50:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/07 20:33:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Users\Joe\Downloads\OTL.exe
PRC - [2010/05/27 03:03:23 | 000,304,240 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/04/17 00:18:36 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/04/14 10:53:24 | 002,058,192 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\Update.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/16 20:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 20:33:46 | 000,189,728 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe
PRC - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/11 19:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
PRC - [2008/08/11 12:20:28 | 000,335,872 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 20:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 17:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 20:33:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Users\Joe\Downloads\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/07 13:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/08 15:11:02 | 000,726,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2008/09/08 15:09:52 | 000,221,696 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/07/22 22:54:06 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/08 22:50:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdcoreservice)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/16 19:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/12 14:55:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/12 14:55:29 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/06/08 22:51:48 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/22 22:54:33 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 02:06:54 | 000,204,288 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/10 04:51:10 | 000,432,256 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer88xHD64.sys -- (AVer88xHD)
DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2005/08/27 13:19:21 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49164



O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files (x86)\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4d40701-4774-11de-b435-0022684b4b71}\Shell - "" = AutoRun
O33 - MountPoints2\{e4d40701-4774-11de-b435-0022684b4b71}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/12 07:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/12 07:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/06/12 07:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/11 04:46:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/11 04:46:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/11 04:43:42 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/11 04:43:42 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/11 04:43:42 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/11 04:43:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/11 04:43:35 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/06/11 04:43:35 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/11 04:43:34 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/11 04:43:34 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/11 04:43:34 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/06/11 04:43:34 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/11 04:43:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/06/11 04:43:34 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/11 04:43:34 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/11 04:43:34 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/06/11 04:43:34 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/06/11 04:43:33 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/11 04:43:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/06/11 04:43:33 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/11 04:43:33 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/06/11 04:43:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/11 04:43:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/06/11 04:43:33 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/11 04:43:33 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/11 04:43:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/06/11 04:43:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/06/11 04:43:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/06/11 04:43:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/06/11 04:43:33 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/06/11 04:43:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/11 04:43:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/06/11 04:43:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/11 04:43:33 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/06/11 04:43:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/11 04:43:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/11 04:43:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/11 04:43:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/06/11 04:43:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/09 07:04:51 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Roaming\WildTangent
[2010/06/08 22:51:53 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/08 22:51:52 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/08 22:51:48 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/06/08 22:51:47 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/08 22:51:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/06/07 20:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/07 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/06/07 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/07 20:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/06/07 20:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/07 20:20:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/07 18:28:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/07 18:22:51 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/06/07 18:22:51 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/06/07 18:22:47 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/06/07 18:22:43 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Roaming\PC Tools
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/07 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/06/07 14:02:37 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Local\kbhdea
[2010/06/03 07:44:49 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\Documents\mge music
[2010/05/17 07:50:53 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\Documents\News
[2009/09/02 19:09:58 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/13 04:25:55 | 002,359,296 | ---- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat
[2010/06/13 04:23:47 | 000,067,569 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/13 04:23:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/13 04:23:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/13 04:22:27 | 000,067,569 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/13 03:32:48 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/13 03:32:48 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/13 03:32:48 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/13 03:26:56 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 03:26:55 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 03:26:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/06/13 03:26:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/13 03:26:33 | 000,325,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 03:26:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/13 03:25:38 | 4294,156,287 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 03:24:28 | 000,524,288 | -HS- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 03:24:28 | 000,065,536 | -HS- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TM.blf
[2010/06/13 03:24:27 | 006,291,456 | -H-- | M] () -- C:\Users\My Gym Chantilly\AppData\Local\IconCache.db
[2010/06/13 03:07:00 | 000,000,265 | ---- | M] () -- C:\Windows\win.ini
[2010/06/12 22:33:34 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/12 22:33:33 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/12 22:26:40 | 060,983,337 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/12 16:52:14 | 000,497,664 | ---- | M] () -- C:\Users\My Gym Chantilly\Documents\email_addresses.doc
[2010/06/12 14:55:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/12 14:55:29 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/12 07:54:04 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/11 19:34:55 | 000,524,288 | -HS- | M] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000002.regtrans-ms
[2010/06/09 08:06:29 | 000,524,288 | -HS- | M] () -- C:\Users\My Gym Chantilly\NTUSER.DAT{a674e685-44e5-11de-859c-0022684b4b71}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 08:06:29 | 000,065,536 | -HS- | M] () -- C:\Users\My Gym Chantilly\NTUSER.DAT{a674e685-44e5-11de-859c-0022684b4b71}.TM.blf
[2010/06/08 22:51:54 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/08 22:51:54 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/08 22:51:48 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/06/08 22:51:47 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/06/08 17:09:07 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/07 20:31:06 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/07 20:29:53 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/06/07 20:19:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/07 20:19:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/07 20:19:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/07 20:19:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/07 18:28:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/30 13:21:39 | 000,043,057 | ---- | M] () -- C:\Users\My Gym Chantilly\Desktop\chantillyemails.csv
[2010/05/26 13:23:46 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 11:10:41 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/23 08:39:35 | 000,026,624 | ---- | M] () -- C:\Users\My Gym Chantilly\Documents\My Gym Training via the Internet Erin.doc
[2010/05/23 08:29:10 | 000,167,634 | ---- | M] () -- C:\Users\My Gym Chantilly\Desktop\w4.pdf
[2010/05/23 08:28:27 | 000,387,855 | ---- | M] () -- C:\Users\My Gym Chantilly\Desktop\i-9.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/12 07:54:04 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/11 19:48:24 | 4294,156,287 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/11 19:34:55 | 000,524,288 | -HS- | C] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000002.regtrans-ms
[2010/06/11 19:34:55 | 000,524,288 | -HS- | C] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 19:34:55 | 000,065,536 | -HS- | C] () -- C:\Users\My Gym Chantilly\ntuser.dat{d2bf5615-75b1-11df-8f1f-0022684b4b71}.TM.blf
[2010/06/08 22:51:54 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/08 22:51:47 | 060,983,337 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/08 22:51:47 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/06/07 20:31:06 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/07 20:29:53 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/06/07 20:29:33 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/07 20:29:33 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/07 18:22:51 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/06/07 18:22:47 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/06/07 18:22:45 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/07 18:22:43 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/05/23 08:39:35 | 000,026,624 | ---- | C] () -- C:\Users\My Gym Chantilly\Documents\My Gym Training via the Internet Erin.doc
[2010/05/23 08:29:10 | 000,167,634 | ---- | C] () -- C:\Users\My Gym Chantilly\Desktop\w4.pdf
[2010/05/23 08:28:27 | 000,387,855 | ---- | C] () -- C:\Users\My Gym Chantilly\Desktop\i-9.pdf
[2009/09/17 08:03:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 08:03:01 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/02 19:09:58 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll
[2009/09/02 19:09:58 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\P2irdao.dll
[2009/09/02 19:09:58 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\P2ctdao.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/05/20 11:12:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/18 03:51:35 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/03/18 03:51:35 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sun Jun 13, 2010 2:36 pm

One more thing. Prior to running the above OTC scan, I ran OTC scan (had intended to post that log, and I thought I did, but I must not have)> Anyway, just as that first OTC scan ended a window from AVG popped up saying it had detected two threts. THey were both for KILLAV and both had the file name: c:users\mygymchantilly\appdata\local\syssvc.exe Trojan Horse KILLAV.ASF. I forget the exact terminology but one was listed as "unaccessable". I clicked the button to remove the threts.

When I noticed I had forgotten to [post the original OTC log, I reran it this morning and posted it above.

Also, I used explorer to look for the file listed and it can not find it.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Sun Jun 13, 2010 2:50 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2010/06/07 14:02:37 | 000,000,000 | ---D | C] -- C:\Users\My Gym Chantilly\AppData\Local\kbhdea



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Sun Jun 13, 2010 9:12 pm

here is what appeared:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Users\My Gym Chantilly\AppData\Local\kbhdea folder moved successfully.

OTL by OldTimer - Version 3.2.5.3 log created on 06132010_171123

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Mon Jun 14, 2010 12:42 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Mon Jun 14, 2010 2:39 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4195

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/13/2010 10:38:47 PM
mbam-log-2010-06-13 (22-38-47).txt

Scan type: Quick scan
Objects scanned: 144496
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Tue Jun 15, 2010 12:27 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 15, 2010 6:46 am

Okay, I ran this two times. The first time it ran I did not have the "Scan unwanted applications" selected. The second time I did also select that option. Bothy times zero threats were detected.

I would paste the contents of "log.txt" but no such file was created. In fact, under "c:\program files" there is no directory for "eset*". A Windows Explorer search for "log.txt" only found 4 files, and they were all old.

One good bit of news, the computer has been running for over 24 hours and has not shut down unexpectedly even once. It was shutting down quite often.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Tue Jun 15, 2010 7:31 pm

I ran an update to AVG and then a full scan, and no infections were detected.

THere is a "kbhdea" folder within a directory that starts C:\_OTL\MovedFiles....."
Will we eventually want to delete that?

Also, intermittent computer shut downs no longer seem to be a problem. But, I did talk w Gateway and they gave me a Bios Update to apply. Do you think that we have fixed the problem and I don't need to run this BIOS Update, or should I run it in the thought that it probably won't do any harm.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Tue Jun 15, 2010 8:46 pm

Hello.
Don't worry about the OTL folder, it's a backup folder just in case we removed anything that wasn't supposed to be removed so we can get it back.

In this case, that folder is part of the malware, it's just a dead backup, you can delete the OTL folder if you want to.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Wed Jun 16, 2010 1:17 am

Okay. Do you think we are done? Or, is there additional work to be done?

I very much appreciate all your assistance. I will donate!

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Thu Jun 17, 2010 12:28 am

Hello.
There is a risk to BIOS updates that you could fry the BIOS and then you wont be able to boot anymore.

To do a bios update though, you have to boot to DOS mode, are you able to do that?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by jgilley on Thu Jun 17, 2010 2:15 am

Since this Computer is no longer yo-yo-ing 50 times a day (on the 3rd day without one) I think I will avoid the BIOS update. I may go read up on it.

I did a bios update a few PCs back. It went okay.

Thanks again for all your help. I hope I won't need your services in the future, but with all the hackers and mal-contents out there, I pronanly will return one day.

jgilley
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2010-06-07
OS : vista
Points : 24013
# Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - AVG scan dies & computer shuts down

Post by Belahzur on Thu Jun 17, 2010 1:23 pm

Hello.
Yeah, BIOS update is easy, but that small risk can have a big effect.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum