Posts by gerbil

so put up the boot.ini file that you ended up with, please..

er... i think you will need:

[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Other, surplus? cos I don't trust Windows OS" /noexecute=optin /fastdetect

...or something like that... which assumes that C: is on partition 1 of your first disk, that E: with the other OS is on partition 1 of your second disk.

AAAARRRGHHHhhh.....!
I hate reinstalls, esp when I just got me teeth into something....
No laughing, now, Titans!!

That, than, is pretty neat, rumbleman - you're out of the woods, I think. Is your sys working okay now?
Powerreg scheduler is just a pgm to remind you to register some software or product... it is just a commercial prompter used by many co's. Delete it. Do a search for powerreg - it will turn up several entries, incl one in your pgm files; delete that too.
Cheers.

Yep, that will work [the name in inverted commas is the name you will see on the boot menu: change it to suit]; you can also start recovery console and type:
bootcfg /rebuild -windows will scan the volumes looking for installations; it will ask you if you wish to add them to the boot menu and to name them also...

Ow. Try checking your drivers for the burner, Jessykah. Go start > run, type devmgt.msc and enter. Expand the cd/dvd rom drive entry, dclick the drive and then select driver tab. Update driver, Yes this time only.... and so on. Now you have options - you can accept the M$ defaults, insert the CD which came with your drive, or even point the loader at a file which you previously [heh heh] downloaded from the manufacturer's site for your drive. And if it all falls over, hit the rollback button.
Say how you get on...

Titans, I'm just wordy...
And Anita, be very careful of the spelling of that file if you type the name instead of doing a copynpaste..... LSASS.exe is a very necessary windows file, LSASSS.exe is the pest.

Heya, titans.. you beat me this time.. could you handle a bit of help with this one? Yeah? Really? Cool... :)
Anita, lessee... AVG left a lot, not to be desired....
==First, dump that hijackthis and get a new one from http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it, and click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will shutdown your computer - click OK.
Restart your computer.
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
[If you wish, save ATF Cleaner to your desktop or a cleaning folder somewhere as it is a fairly useful tool for occasional use.]
==Start HijackThis by dclicking imabunny.exe; now close ALL other applications and any open windows including the …

google gives you this:-
http://support.microsoft.com/kb/935448

pmnnl.dll is one of the random process names available to vundo [virtumonde] when it installs itself. It was killed early on by one of the scans you ran [zonelabs?] but it already had made duplicates with other names which escaped detection. Vundo now sometimes uses a rootkit to hide behind, but the later versions of vundofix employ rootkit detectors. when you finish the panda scan it may be cool to run a specialist rootkit detector such as f-Secure's blacklight beta.
===Download the latest trial version of Blacklight beta from http://www.f-secure.com/blacklight/
Dclick the .exe [they change the name occasionally when they update it so I am not giving it here...], click Run, agree to the terms and Scan. Post the results if positive.

You have not come back yet with results, and I must stop for a while now, so here is some more to be going on with...
Go to control panel, add/remove pgms, and uninstall WinAntiVirus Pro.

Now, in safe mode, please search for these two files [ you will first have to go to CP>folder options>view, and check Show hidden files and folders, Apply and OK].

*****Note that C:Windows\system32\svchost.exe is a valid windows pgm and should not be deleted!! *****

C:\WINDOWS\system32\wkdsez.dll -delete if you find it.
C:\WINDOWS\??crosoft.NET\??chost.exe - this may be in C:\WINDOWS\microsoft.NET\svchost.exe, and if you find it there it may safely be deleted.

Good. Now start Hijackthis [still in safe mode], do a Scan Only and place checkmarks against all the following entries if they exist, and finally press Fix Checked.:-

C:\WINDOWS\??crosoft.NET\??chost.exe
R3 - URLSearchHook: (no name) - {FD7C362A-F9BA-FA1B-9847-FEBAAA364BC2} - (no file)
O2 - BHO: (no name) - {10B6A716-3B81-3E22-A741-6EE33FECFB92} - C:\WINDOWS\system32\wkdsez.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [{592069D0-0724-2057-0613-06042606002c}] "C:\Program Files\Common Files\{592069D0-0724-2057-0613-06042606002c}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [{592069D0-0725-2057-0613-06042606002c}] "C:\Program Files\Common Files\{592069D0-0725-2057-0613-06042606002c}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\SIMONN~1\APPLIC~1\SCURIT~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Esjmz] C:\WINDOWS\??crosoft.NET\??chost.exe

Okay. A reason for running ATF Cleaner before AVG AS is that the cleaner removes all the cookies if run as i suggest, so the AVG report is as a result a bit easier to read...
Please tell me if your AV is still throwing up Lop warnings...
And yeah, you are correct about ATF and other browsers.. :) - I checked your log but obviously firefox wasn't running when you made it, so it didn't show up, so I cut that bit from my guide to you.. I think I shall just include the other browser instructions as standard in my texts from now on.

..means nothing. you've been hijacked, now get over to the other forum cos it won't be dealt with in here.... [I'll just get jumped on.. :)]
errr.... please?

Updating my instructions....
Please rerun vundofix - I think it missed one...
Rerun ATF Cleaner [you will have to rerun it from the site, else dl it to your desktop and run it from there...]
Then try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select the link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
Rename hijackthis.exe to rumble.exe and do another scan- post the log.
If the panda scan gets through you should retry AVG because that will remove the lop infection if it gets a chance to run fully.

Please rerun vundofix - I think it missed one...
Then rename hijackthis.exe to rumble.exe and do another scan- post the log.

Wow. I was going to ask you what you thought of the F-Secure suite, but then I worked my way further down your log.... I guess not everything is perfect. Let's see what we can do.
But first you need to make a decision: you have both f-Secure and AVG antivirus services running. Now I realise that there is a lot of talk about layering to detect malware, but this does NOT apply to active, realtime AV scanners. They interfere atrociously and so you must remove one -uninstall it. Your choice, I have no guidance to give here on which should go.
===Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Close ATF.
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
===Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.

Before the next step memorise these instructions... or copy them to notepad.
Ok, you're done with the net. Shut it down.
Check that a Restore point has been made . The path to this is via Start > all programs > accessories > system tools> system restore.
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before …

Your inet connectio is going out thru an office in Kiev. Ukraine. Now i pers wouldn't be happy with that - they monitor your traffic for handy stuff, n then redirect it to the site you hoped to go to. Sometimes. Take your log over to the viruses n spyware forum n get some attention there.

hi, anita, repost your log into viruses n spyware forum n it will be worked on. Yep, you have a problem. Go! Norton. Yeah.....

Sweet as....
Cheers...

..me neither. All i can gather is that you were try ing to run an auto-installation download? And it jammed. Try doing a search in your C: drive for .msi files, see if you recognise one that is definitely related to your dl by name.
.msi are Windows Installer files....
And avoid that type of pgm installation...

Well, yeah, F6, that's how it goes with Sata drives. But you said no working floppy available, n i know that windows will only read from a floppy at that stage, apart from the install CD, of course. So obviously you can slipstream the Sata drivers onto a cd along with the install files. Course, borrowing a floppy drive an plugging it in takes way less time n aggro. Btw, it aint the mobo which needs the drivers, it's the OS. Windows. Yeah. I mean, it's not as if Sata came along yesterday, is it? Bill? Bill?

Mohan, this may not help at all, but try restarting to open Windows Advanced Setup Options window -the one from where you enter Safe mode etc. Try last known good configuration - if that is no help then as you enter a Safe mode you are given the option to do a sys restore. Try that. If any of those help and you get IE up go into Safe mode with Networking and then try an online scan. I suggest:-
=== try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select the link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
If none of that works for you, dl Opera or Firefox [get this latter from Mozilla.com only!!], load the installer onto a CDRW and install.
Whatever, come back with how you get on.

Got 'im! Okay, Louise, you should be pretty pleased with that. You are going out through Oxford Science Park now. That's gotta be cool.
Couple of minor points though:-
This one is a time/resource waster, it checks every startup to see if there is an update to RealPlayer, and a lil bit of it stays in memory. Now you can check for updates yourself every month or three, and fixing this one just stops that check from loading but leaves the pgm untouched otherwise...
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
The other one is akamai; if you like it being in your machine, fine...
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
-fix them, one, both or or not, it's up to you.
Cheers.

..and I clean overlooked the limewire problem. I have two possible solutions..
1. get eMule instead - a far better clientele [I'm amongst em.. :)], and I think a better engine.
2. make sure with limewire that you are downloading the correct version. I seem to remember when i was once using it that it was possible to download an upgrade rather than the full pgm by error, and of course it would not install by itself.

Glad it worked for you. Cheers.

hello, umm, not quite the same problems... well the causes are different - all your internet traffic is going via an office downtown Kiev. Ukraine.They monitor your traffic for tasty stuff and then pass it on, sometimes even to the correct web addy. Let's cut em outta the loop. Now you've already run some antispyware but i'd like you to run this specialised tool to see if there are traces of the gear that put the redirectors into your sys:-

==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop.
From an explorer window > tools > folder options > view, set show all hidden files and folders.

Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

Then start hijackthis, do a Scan Only, and put checkmarks against the following entries for fixing, and then press Fix Checked.. …

...note that that last instruction, the reboot kill one, may fail cos that file should be missing, but no matter. You could do a search for it yourself, by going into CP > folder options, view, and checking Show hidden files and folders, Apply n OK. Then search for that filename, otjqlyku.dll - if it is not in system32 [or anywhere actually] then ignore the Delete on Reboot part of my instructions.
Cheers.

Heya, rumbleman....
Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it, and click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will shutdown your computer - click OK.
Restart your computer, start HijackThis and press Scan Only. Place checks against the following entries if they exist, and press Fix Checked

O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - E:\WINDOWS\system32\rqrropq.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: mljgd - E:\WINDOWS\system32\mljgd.dll (file missing)
O20 - Winlogon Notify: pmnnl - E:\WINDOWS\System32\pmnnl.dll (file missing
O20 - Winlogon Notify: rqrropq - E:\WINDOWS\SYSTEM32\rqrropq.dll

--Check this one also only if you do not want that google search page:-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/

--This one is just an updater - it is running every time you start your sys, and a piece of it stays in memory. It aint necessary to run it like this cos you can do it manually once a month or so. Including this one in the checkmark list only stops it auto starting every time, the pgm itself is not removed... so up to you. I'd check it for fixing...

Not quite there yet, 'king - do this n if it works then i get the badge.. :)

Start hijack this, Scan Only, and place checks against the following entries, and press Fix Checked.

O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {4FC4E0B4-9A46-4C29-B5E6-B6ADDB35F43B} - C:\WINDOWS\system32\nnnmk.dll (file missing)
O2 - BHO: (no name) - {541DAF3A-AFAA-48A3-B1DB-4612CBB8F36D} - C:\WINDOWS\system32\rqrom.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\otjqlyku.dll",setvm
O20 - Winlogon Notify: fcyvt - C:\WINDOWS\
O20 - Winlogon Notify: nnnmk - C:\WINDOWS\system32\nnnmk.dll (file missing)
O20 - Winlogon Notify: rqrom - C:\WINDOWS\system32\rqrom.dll (file missing)

Next select the Misc Services tab in hijackthis [via Config..?], Delete a file on Reboot. Paste this filename below in the text box in the file browser window that opens, and press Open, and Yes to restart now.

C:\WINDOWS\system32\otjqlyku.dll

When your sys restarts please run another hijackthis scan and post the log. Tah.

interesting. what do you see if you use disk management console in computer mgnt [control panel > admin tools...] to see if you can repartition it?

Opps. Azntam, i forgot to mention, because you can get to the Windows advanced option screen [from where you enter safe mode], you should try as a first resort Last good Configuration option.
If that does not help, then you could try system restore: in safe mode go start > run, and type or paste this in and press enter:
%systemroot%\system32\restore\rstrui.exe
...tell us how you get on.

rumbleman, you have some malware in there... please repost your hijackthis log in viruses and spyware forum.... in a new thread.

Yep, with a AV product... :)
First off cleanup a couple of folders to reduce the number of false scan log entries by deleting your temp internet files and cookies. Now try to start in Safe mode with Networking.
===Then try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select the link to the scan... free online virus scan, enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
Failing that, you are probably looking at a windows Repair; or slaving your HD in another computer, copying your vital files, and reinstalling the OS.

boss, that log is clean; i have no good idea about what could have befallen you. It could be some damaged registry entries, but first i would suggest you try this - check for any damaged windows components [and automatically replace them..] by inserting your windows install CD and going start > run, and typing
sfc /scannow
-be prepared to press enter quite a few times..

Did you try to get Hijackthis to fix this entry?
F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe
-this is the registry entry trying to start winlogin.exe, but that process has already been deleted/removed.
[Please note that winlogon.exe is a VALID and necessary process!!]
Please, what exactly do you mean by "and IE does not open up on itself" after you click OK.?

If you did already try to clear that F3 entry, then get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's neater that way.
Now run Ccleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner.
===Next try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-the link to the scan is just above the padlock pic .... free online virus scan.. [and is also the more obvious blue link], enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it, and click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will shutdown your computer - click OK.
Restart your computer, start HijackThis and press Scan Only. Check the following entries if they exist, and press Fix Checked.

O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\pmnopqp.dll
O2 - BHO: (no name) - {4FC4E0B4-9A46-4C29-B5E6-B6ADDB35F43B} - C:\WINDOWS\system32\nnnmk.dll (file missing)
O2 - BHO: (no name) - {541DAF3A-AFAA-48A3-B1DB-4612CBB8F36D} - C:\WINDOWS\system32\rqrom.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\pqfeubbj.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\otjqlyku.dll",setvm
O20 - Winlogon Notify: fcyvt - C:\WINDOWS\
O20 - Winlogon Notify: nnnmk - C:\WINDOWS\system32\nnnmk.dll (file missing)
O20 - Winlogon Notify: pmnopqp - C:\WINDOWS\SYSTEM32\pmnopqp.dll
O20 - Winlogon Notify: rqrom - C:\WINDOWS\system32\rqrom.dll (file missing)

Post the contents of C:\vundofix.txt plus a new Hijack this log. Phew, sorry for the mixed up posts.

If you saw it, please IGNORE my post re LSPfix!!! I typed in a wrong filename and of course got a null search. Arrgh! the file avgfwafu.dll is valid as an LSP.

.

well, that log is clean. So the file problems being reported look like being all due to improper shutdown. I'd ask you to do a Panda online scan for viruses [a few of which have are known to periodically shut down computers] but seven minutes would barely get the scan under way. It's really looking like a hardware problem, but 7 mins to shutdown is a rather catastrophic component failure mode. The sort of thing a power supply is good at doing [various outputs are monitored by the ps itself -they go out of range it shuts down immediately]. I'm afraid that i'm not being much help.... I hope someone else comes in with ideas. Good luck...

...you had a grub come in, something killed the file but left a registry entry that is calling it at startup, so you see the lost file msg. So do this n we may be able to help...
===hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Click the Scan and Save a Logfile button. Post the log here.

" ...see if something got me...." -chances are it did. Do this for a start...
===hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Click the Scan and Save a Logfile button. Post the log here.

Just prior to that msg first appearing you probably installed some poorly written software. Check back, and uninstall it if that is the case.

Interesting re killbox - you coulda just clicked the link in my post instead of a cutnpaste... but anyway. Re panda, anything with viruses will have been treated and will be lost now , and any spyware it detected should be fixable by AVG... so no problem there re repeating panda.
F-secure's blacklight came up clean? great. glad it all worked for you.
Cheers.

..almost too many .exe 's in that new hijackthis filename, Llew... of course it still works, but please delete one of the .exe extensions anyway.
Okay. I am surprised that Norton did not detect winlogin.exe.... I am not sure which worm version this one is, so to play safe we shall try to remove it in safe mode so that it cannot be regenerated as we do it. Just for fun, would you first go, in an explorer window, tools tab > folder options > view, and press Show hidden files and folders, apply and ok. Please then do a search in Local disc C:\ for:-

yuetyutr.dll and win32sockdrv.dll - these two are bad, but you may not have them.

===Please download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop, and leave it for the moment.

===Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
===Start hijackthis [imabunny.exe], and select Scan only. Place checks against the following entries, and then press Fix checked:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gozobil.lx.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = …

That does not sound like any group policy; never heard of a virus doing that. For a start i'd grab my install disk and go
start > run > sfc /scannow -be prepared to hit enter a few times as it runs.
You could instead, or first, try a system restore to say, a week ago...

..you have just come up against commercial dvd file protection systems. pretty much the author of that dvd does not wish you to rip it. so you need a decryptor software, possibly a file compressor, and a burner software. Plenty of each out there, some are for free too, and besides there are free softwares which will do the whole job for you Idea is that you put an image of the dvd onto your HD [the decryptor does its job at the beginning of this process, and a good one just works in the background, you don even need to start it..], it's compresssed as it's wriiten; then you just burn the image. - nero is. Not sure i should give you a list of softwares.. may break a rule or something... dunno. Go search.

Glad to be of help...

Log looks clean, Llewellyn. :D
Post that AVG log, and also do this next:
===hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Click the Scan and Save a Logfile button. Post the log here. Actually...

Hello, penman. That looks clean. No worrying symptoms left? If not, i recommend that you go to system restore [start > run > %systemroot%\system32\restore\rstrui.exe], click System restore settings, and then turn off sys res on all drives. Turn it straight back on again. This will clear all your old restore points, cos some malware was found in some of the files in there.
Ccleaner. Since you have it [ i set it to open from rclick on recycle bin cos it is convenient..] set the options you mostly need for clearing temp files, and then it is just a couple of clicks to do routine maintenance.
Cheers.

just at a quick glance, you have two resident AV services running - Norton and AVG. With this arrangement your pc is in dire straits - they conflict, and badly. Basically, they spend a lot of time checking each other's virus signatures. So if you can access one, say by desktop icon or tray icon, just stop one from running. Then decide which to remove, and uninstall it. I know which one I would ditch...
Come back with how you get on, cos otherwise your log looks clean.