Help me fix the multiple iexplore.exe in my Task Manager

Inactive
By Teh2685
Nov 24, 2010
Topic Status:
Not open for further replies.
  1. Hi,

    Recently I encounter multiple iexplore.exe going on in my task manager. I noticed it when I suddenly hear advertisements through my speakers when I don't have any programs running. So i force closed the iexplore.exe in my task manager, and the sound is gone. I suspect it comes from those iexeplore.exe. However, I still see them poping out in my task manager after closing it for some time.

    I did AVG scan and a square malware scan. But it still not helping. Someone please help me to fix this. Thanks alot.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot. Please understand the iexplore.exe is the process that runs Internet Explorer. And if you're using IE v8, multiple iexplore.exe processes are normal

    Having said that I will also say that malware can hide in these processes, as well as almost any other process on the system. Hearing background advertisements can be a system of malware

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    As for the sound problem, it's possible that when you shut down iexplore.exe which shuts down IE, there may have been a plug-in for sound and when you turned off the browser, you also turned off the sound. You should check the Sound Volume properties however to make sure the Mute button isn't checked:
    Right click on the Sound icon in the Notification area (by the clock)> Select Open Volume Controls> remove any checks in the Mute boxes.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    I tried to use the Malwarebyte to scan, but it keep prompting this error "MBAM_ERROR_ADD_TO_RESULTS (0,6)". I clicked Ok and it continue for awhile and shutsdown before it complete scanning.

    I got the GMER, attach and DDS file uploaded.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please redo the logs according to this:
    For Mbam, do this:

    Show Hidden Files and Folders in Windows Vista and Windows 7:
    • Click on the Start button and select Computer
    • Press the Alt key on your keyboard and click on Tools
    • Select Folder Options
    • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
    • Next, uncheck the box next to Hide protected operating system files (Recommended)
    • Then, uncheck the box next to Hide extensions for known filetypes
    • Click Apply then click OK

    Then go to C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware and delete rules.ref.
    Once you've done that, start MBAM and when it shows the error and asks to update, let it do so and see if that corrects it.

    Please go back and rehide the files and folders after doing this.
  5. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-25 01:57:41
    Windows 6.1.7600
    Running: download[1].exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x61 0x25 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x35 0xAA 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0x48 0x86 0x0D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x35 0x6F 0x83 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCC 0xA2 0x22 0x7A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x61 0x25 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x35 0xAA 0x31 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0x48 0x86 0x0D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x35 0x6F 0x83 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCC 0xA2 0x22 0x7A ...

    ---- EOF - GMER 1.0.15 ----
  6. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Tim at 2:26:18.05 on 11/25/2010 Thu
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.8191.5484 [GMT -8:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k NetworkService
    c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\a-squared Free\a2service.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\PPStream\PPSAP.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\Tim\AppData\Local\Apps\2.0\NEJDTCP3.HQP\HGYBQ3CR.KDT\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\PPStream\PPStream.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Tim\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: QvodGameExtend: {94c3e4bb-a261-4a83-b437-ea6f7a28ca68} - C:\Program Files (x86)\Kuaiwan\QvodGameExtend.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: D: {dbef970a-7d31-3b54-8b12-12c5f7b7aa8b} - C:\Windows\SysWow64\zs32192.dll
    BHO: EDB977E2-5F6A-ADF2-917C-1B311D8FA225 Class: {edb977e2-5f6a-adf2-917c-1b311d8fa225} - C:\QvodPlayer\AddIn\QvodAddr.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\ppsap.exe
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTAxNzMzNjI4LVhPMTArMi1CMg"&"prod=90"&"ver=10.0.1170
    StartupFolder: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WHITES~1.LNK - C:\Users\Tim\Desktop\WhiteSmokeWriterGeo5002_en.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    IFEO: ctfmon.exe - C:\Windows\system32\ctfmondud.exe
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    mRun-x64: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
    IFEO-X64: ctfmon.exe - C:\Windows\system32\ctfmondud.exe

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-13 55280]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-23 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-23 221232]
    R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-11-23 48216]
    R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-11-23 14720]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-3 953904]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-23 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101124.002\IDSviA64.sys [2010-10-19 476720]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-23 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-23 451120]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-11-23 2806000]
    R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2010-11-23 1872320]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-29 203264]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-15 122880]
    R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-9-23 126392]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-13 689472]
    R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-11-23 84752]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-29 7883264]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-29 285696]
    R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-8-13 47672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-8-24 132656]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-13 321064]
    R3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\DB3G.sys [2005-11-7 21120]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-8-13 226616]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 RzSynapse;Razer Naga Driver;C:\Windows\System32\drivers\RzSynapse.sys [2010-4-21 73216]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-24 1255736]
    S3 WRfiltv;WRfiltv;C:\Windows\System32\drivers\WRfiltv.sys [2009-7-31 25600]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2010-11-25 05:43:22 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes
    2010-11-25 05:43:11 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-25 05:43:09 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-25 05:43:09 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-25 05:43:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-25 05:42:41 -------- d-----w- C:\de735abb0e7cd1e3173654cf31d752
    2010-11-24 11:11:38 -------- d-----w- C:\Users\Tim\AppData\Roaming\AVG10
    2010-11-24 11:11:08 -------- d--h--w- C:\PROGRA~3\Common Files
    2010-11-24 11:10:16 -------- d-----w- C:\PROGRA~3\AVG10
    2010-11-24 11:00:49 -------- d-----w- C:\Program Files (x86)\AVG
    2010-11-24 10:55:56 -------- d-----w- C:\PROGRA~3\MFAData
    2010-11-23 21:37:47 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-23 21:37:47 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-23 12:29:20 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2010-11-23 12:04:50 -------- d-----w- C:\Program Files (x86)\a-squared Free
    2010-11-23 01:41:38 815104 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2010-11-23 01:41:38 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
    2010-11-23 01:41:38 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2010-11-23 01:41:38 -------- d-----w- C:\Program Files (x86)\Xvid
    2010-11-23 01:41:29 -------- d-----w- C:\Users\Tim\AppData\Roaming\ClickPotatoLite
    2010-11-23 01:41:29 -------- d-----w- C:\Program Files (x86)\ClickPotatoLite
    2010-11-23 01:41:29 -------- d-----w- C:\PROGRA~3\ClickPotatoLiteSA
    2010-11-23 01:41:29 -------- d-----w- C:\PROGRA~3\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    2010-11-23 01:38:48 253952 ----a-w- C:\Windows\SysWow64\zs32192.dll
    2010-11-20 10:53:07 679936 ----a-w- C:\Windows\SysWow64\D3DX81ab.dll
    2010-11-20 10:53:07 1970176 ----a-w- C:\Windows\SysWow64\d3dx9.dll
    2010-11-20 10:53:07 -------- d-----w- C:\Program Files (x86)\Cheat Engine
    2010-11-20 08:55:30 -------- d-----w- C:\Spray
    2010-11-17 08:08:02 -------- d-----w- C:\Program Files (x86)\Steam
    2010-11-13 23:31:32 -------- d-----w- C:\Program Files\iTunes
    2010-11-13 23:31:32 -------- d-----w- C:\Program Files\iPod
    2010-11-13 23:31:32 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-11-08 09:38:48 -------- d-----w- C:\Media
    2010-11-08 09:34:15 -------- d-----w- C:\Program Files (x86)\Kuaiwan
    2010-11-08 09:34:08 -------- d-----w- C:\QvodPlayer
    2010-11-06 19:37:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2010-11-01 02:52:20 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
    2010-11-01 02:52:04 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
    2010-11-01 02:51:55 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
    2010-11-01 02:51:54 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
    2010-11-01 02:51:52 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
    2010-11-01 02:51:52 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
    2010-10-29 12:53:50 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2010-10-29 12:53:50 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2010-10-29 12:53:48 -------- d-----w- C:\Program Files (x86)\ATI
    2010-10-29 12:53:02 -------- d-----w- C:\Program Files\ATI
    2010-10-29 12:51:59 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2010-10-27 07:48:28 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-27 07:48:28 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-27 07:48:28 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-27 07:48:28 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-27 07:48:28 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-27 07:48:28 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-27 07:48:28 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-27 07:48:24 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

    ==================== Find3M ====================

    2010-10-29 12:51:59 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-09-23 07:36:48 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2010-09-23 07:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
    2010-09-19 07:56:50 2829 ----a-w- C:\Windows\War3Unin.pif
    2010-09-19 07:56:50 139264 ----a-w- C:\Windows\War3Unin.exe
    2010-09-15 15:08:08 55600 ----a-w- C:\Windows\SysWow64\xinstaller.dll
    2010-09-15 15:04:50 33072 ----a-w- C:\Windows\SysWow64\xinstaller.exe
    2010-09-15 12:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:30:04 10752 ----a-w- C:\Windows\SysWow64\ctfmondud.exe
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-05 00:54:50 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

    ============= FINISH: 2:26:55.17 ===============
  7. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    I followed your instructions for Malware error and i come up with this new error "MBAM_ERROR_UPDATING (122, 0, WideCharTOMultiByte)". I clicked "OK" and continue to full scan, and I still get that original error message poping up. What should i do now ?
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Run this online scan please so I can get an idea of what's running:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  9. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK



    Is that what you want ?
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No, I want you to run the scan and give me the log. This is only the registration.
  11. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    i ran the scan. This is what i found in the log.txt file in c:\program files\Eset\Esetonlinescanner\log.txt. But I do an export for the scan here:

    C:\Windows\System32\zs32192.dll a variant of Win32/Chepdu.AC trojan
    C:\Windows\SysWOW64\zs32192.dll a variant of Win32/Chepdu.AC trojan
    Operating memory a variant of Win32/Chepdu.AC trojan

    Other than that, I don't see any log.txt anywhere.
     
  12. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=0c1cad36c5c30f478a9968526bfd47f2
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-28 01:12:36
    # local_time=2010-11-27 05:12:36 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776574 100 52 0 42450222 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=130222
    # found=2
    # cleaned=0
    # scan_time=1300
    C:\Windows\System32\zs32192.dll a variant of Win32/Chepdu.AC trojan 00000000000000000000000000000000 I
    C:\Windows\SysWOW64\zs32192.dll a variant of Win32/Chepdu.AC trojan 00000000000000000000000000000000 I



    I have to uninstall Norton and disable Window Defender to get this. Is this what you want ?
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Yes, it is. You are suppose to disable the AV when doing the scan:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      
      :Files  
      C:\Windows\System32\zs32192.dll 
      C:\Windows\SysWOW64\zs32192.dll 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ========================================
    Win32/Chepdu.AC is a trojan which tries to promote certain web sites. It is probably a part of other malware. It acquires data and commands from a remote computer or the Internet. More description:
    • The trojan contains a list of (2) URLs. The HTTP protocol is used.
    • It can execute the following operations:
      [o] download files from a remote computer and/or the Internet
      [o] run executable files
      [o] open a specific URL address
    • The trojan collects the following information:
      [o] a list of recently visited URLs
    • The trojan can send the information to a remote machine.
    • The trojan can redirect results of online search engines to web sites that contain adware.
    • The trojan opens the following URLs in Internet Explorer:
      [o] http://xmlwindataweb.net/
    • It may create a random executable file.
    • It created random files and specific Registry entries.
    Source: Eset
    ==========================================
    Having told you that your system has been compromised, do you want to consider a reformat/reinstall?

    Regardless, you need to remove the extra AV program:
    AVG Removal: Note: You may have to reinstall AVG to uninstall it fully.

    If you decide to continue please Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  14. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    LoadLibrary failed for C:\Windows\System32\zs32192.dll
    C:\Windows\System32\zs32192.dll moved successfully.
    File/Folder C:\Windows\SysWOW64\zs32192.dll not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Tim
    ->Temp folder emptied: 5290652 bytes
    ->Temporary Internet Files folder emptied: 85584841 bytes
    ->Java cache emptied: 8636196 bytes
    ->Flash cache emptied: 91655 bytes

    User: Timothy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19308886 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 113.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 11292010_221257

    Files moved on Reboot...
    C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3QNKF7X\addons-tracker-v4[2].htm moved successfully.
    File C:\Windows\temp\hsperfdata_TIM-PC$\1672 not found!

    Registry entries deleted on Reboot...



    I tried to run ComboFix.exe and it says not compatible OS. I read the description and it says only 32 bit OS. I'm using 64 bit though. Is there a 64 bit ComboFix compatibilty to download ?
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  16. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    OTL Extras logfile created on: 12/3/2010 12:10:44 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tim\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 71.00% Memory free
    16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.88 Gb Total Space | 826.71 Gb Free Space | 89.77% Space Free | Partition Type: NTFS

    Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback
    "{C6B8BF9C-A28E-0219-4E93-DF7925DEA793}" = ccc-utility64
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{CC7D4CC8-FE90-17E2-FAC6-3D14C93DCE09}" = AMD Drag and Drop Transcoding
    "{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{106F1DCB-F20C-A6B9-A130-4664B9A0F708}" = Catalyst Control Center Graphics Previews Vista
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{135F49F2-9071-F45A-4263-DF7D42FBF7DD}" = CCC Help English
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{167E3C11-FB97-F320-DC34-73A6C5F50E88}" = CCC Help German
    "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1BA2AC5F-2B16-A21B-E46D-AE14F5A3E8DB}" = CCC Help Czech
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29787541-F210-AD16-5B75-AC7CC0968472}" = CCC Help Hungarian
    "{299BE3A5-6281-482F-5CB0-BBFE939E5E4F}" = CCC Help English
    "{2B3DFAE1-AA77-4901-C4AB-6616D6B1E3DD}" = CCC Help Swedish
    "{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
    "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C15B204-0CAF-DADE-1B5B-B5759AE296E9}" = CCC Help Dutch
    "{3EBDD093-09D3-E08C-61DD-B0FF37CF69F7}" = CCC Help Russian
    "{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
    "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "{41894DC2-C8F4-F60A-9518-076D35EF4929}" = Catalyst Control Center InstallProxy
    "{4314A52E-9094-B391-137E-CEA1536F7484}" = CCC Help Spanish
    "{45B612A4-253E-6634-AD5C-42249E420D57}" = Catalyst Control Center Graphics Previews Common
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
    "{641CD0A3-8B54-37CA-ED94-2C1798D69D6F}" = Catalyst Control Center Core Implementation
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{65CCD116-79BD-84B0-C3C3-C6B31BC0D572}" = CCC Help Polish
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7D5BAF1B-68D7-58D9-29E2-85984483450A}" = CCC Help Norwegian
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7ED42F7A-7F2F-C401-4A91-7F4EB0EF5C10}" = CCC Help Turkish
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{818F867D-1764-9A66-0D8E-33C485380390}" = Catalyst Control Center Graphics Full New
    "{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8843048B-2293-26DE-7941-4903008191C9}" = Catalyst Control Center Graphics Full Existing
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97CC5CA6-F18E-9630-7E19-CC161A65376D}" = CCC Help Greek
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD13268-D5D9-DCBD-C5F7-8B1B1D52B36C}" = CCC Help Korean
    "{9FF20193-B992-17A0-DB1E-8865399EE534}" = ccc-core-static
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static
    "{A94C1B62-1FE3-2725-EEC5-F24C1016C650}" = CCC Help Chinese Standard
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BB34F0B3-8CDD-873A-4DB6-3CA826243680}" = CCC Help Chinese Traditional
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8637C61-3CC5-2D59-3D6D-B5F180F001AB}" = Catalyst Control Center Graphics Light
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D20FA72C-492D-B478-10BF-4BA756560BA9}" = CCC Help Thai
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D450F41E-2705-36D6-D423-AEA1058D4095}" = Catalyst Control Center Localization All
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D619FD79-6AE6-18D1-48B9-B03030D2B0D0}" = Skins
    "{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
    "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE2A98B9-D5F8-F508-750E-5AFDC2492D40}" = CCC Help Danish
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E07AE041-06B3-64A7-3C79-A0F8DDE76BB8}" = CCC Help Portuguese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E19B61A8-F114-7A00-9DF4-18E5BA7A31AA}" = CCC Help French
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{ED498060-2CB2-5288-23D4-19DFAFF3F1DB}" = CCC Help Italian
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FBD5D039-FE03-910E-C9E5-3F98B6A6BAB6}" = CCC Help Japanese
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF9F797D-1C39-1E96-7030-F5A36A6402C6}" = CCC Help Finnish
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "a-squared Free_is1" = a-squared Free 4.5
    "BitTorrent" = BitTorrent
    "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
    "ClickPotatoLiteSA" = ClickPotato
    "Dell Dock" = Dell Dock
    "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Garena" = Garena 2010
    "GoToAssist" = GoToAssist 8.0.0.514
    "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "PPSGame" = PPS游戏 V1.0.1.206
    "PPStream" = PPS影音 V2.7.0.1096 正式版
    "QQ拼音输入法" = QQ拼音输入法3.3
    "Steam App 240" = Counter-Strike: Source
    "SysInfo" = Creative System Information
    "VLC media player" = VLC media player 0.9.2
    "Warcraft III" = Warcraft III
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/9/2010 4:43:12 AM | Computer Name = Tim-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 11/9/2010 4:43:12 AM | Computer Name = Tim-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 11/9/2010 11:00:48 PM | Computer Name = Tim-PC | Source = VSS | ID = 8193
    Description =

    Error - 11/9/2010 11:08:29 PM | Computer Name = Tim-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 11/9/2010 11:08:29 PM | Computer Name = Tim-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 11/11/2010 1:40:42 AM | Computer Name = Tim-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
    time stamp: 0x4c86f9be Faulting module name: mshtml.dll, version: 8.0.7600.16671,
    time stamp: 0x4c870f2a Exception code: 0xc0000005 Fault offset: 0x001db8bf Faulting
    process id: 0x1b08 Faulting application start time: 0x01cb8162b74e1de5 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\mshtml.dll Report Id: 38939a61-ed56-11df-8a2c-b8ac6faa54e8

    Error - 11/11/2010 7:00:11 AM | Computer Name = Tim-PC | Source = VSS | ID = 8193
    Description =

    Error - 11/13/2010 4:42:01 PM | Computer Name = Tim-PC | Source = Application Hang | ID = 1002
    Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: f10 Start Time:
    01cb8373158bfb57 Termination Time: 10 Application Path: c:\program files (x86)\steam\steamapps\iaibivi\counter-strike
    source\hl2.exe Report Id:

    Error - 11/13/2010 8:34:13 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
    Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 11/13/2010 10:12:05 PM | Computer Name = Tim-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    [ Dell Events ]
    Error - 10/21/2010 7:11:40 PM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/21/2010 7:11:40 PM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/26/2010 1:26:43 AM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/26/2010 1:26:43 AM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/2/2010 2:02:02 AM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/2/2010 2:02:02 AM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/2/2010 2:04:42 AM | Computer Name = Tim-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 11/30/2010 2:09:38 AM | Computer Name = Tim-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 11/30/2010 2:09:38 AM | Computer Name = Tim-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 11/30/2010 2:09:50 AM | Computer Name = Tim-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 11/30/2010 2:09:50 AM | Computer Name = Tim-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 11/30/2010 2:12:57 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7031
    Description = The a-squared Free Service service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 11/30/2010 2:12:57 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7031
    Description = The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    0 milliseconds: Restart the service.

    Error - 11/30/2010 2:14:32 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7000
    Description = The SessionLauncher service failed to start due to the following error:
    %%2

    Error - 11/30/2010 2:14:34 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 11/30/2010 2:14:35 AM | Computer Name = Tim-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 11/30/2010 2:14:35 AM | Computer Name = Tim-PC | Source = VDS Basic Provider | ID = 33554433
    Description =


    < End of report >
  17. Teh2685

    Teh2685 Newcomer, in training Topic Starter

    OTL logfile created on: 12/3/2010 12:10:44 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tim\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 71.00% Memory free
    16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.88 Gb Total Space | 826.71 Gb Free Space | 89.77% Space Free | Partition Type: NTFS

    Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    PRC - C:\Program Files (x86)\PPStream\PPStream.exe (PPStream Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
    PRC - C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
    PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
    PRC - C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
    PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    PRC - c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
    PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
    PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
    PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (a2free) -- C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (AMDFusionSVC) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
    SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\DRIVERS\RxFilter.sys File not found
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (WRfiltv) -- C:\Windows\SysNative\drivers\WRfiltv.sys (Creative Technology Ltd.)
    DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
    DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsi Software GmbH)
    DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsi Software GmbH)
    DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
    DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.622.0\firefox\extensions [2010/11/22 17:41:29 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (D) - {DBEF970A-7D31-3B54-8B12-12C5F7B7AA8B} - C:\Windows\SysWow64\zs32192.dll File not found
    O2 - BHO: (EDB977E2-5F6A-ADF2-917C-1B311D8FA225 Class) - {EDB977E2-5F6A-ADF2-917C-1B311D8FA225} - C:\QvodPlayer\AddIn\QvodAddr.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\system32\EptMon64.DLL File not found
    O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\THXCfg64.DLL File not found
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/02 02:52:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
    [2010/11/29 22:23:59 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/11/29 22:12:57 | 000,000,000 | ---D | C] -- C:\_OTM
    [2010/11/29 22:12:03 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTM.exe
    [2010/11/29 00:29:12 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Diagnostics
    [2010/11/28 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\vlc
    [2010/11/28 20:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2010/11/28 07:42:56 | 000,000,000 | ---D | C] -- C:\extensions
    [2010/11/26 20:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/11/25 20:43:59 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\My Weblog Posts
    [2010/11/25 20:43:58 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
    [2010/11/25 20:43:58 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Windows Live Writer
    [2010/11/25 01:54:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/11/24 21:43:22 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
    [2010/11/24 21:43:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/24 21:43:09 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/24 21:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/24 21:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/24 21:42:41 | 000,000,000 | ---D | C] -- C:\de735abb0e7cd1e3173654cf31d752
    [2010/11/24 21:37:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\TFC.exe
    [2010/11/24 03:11:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG10
    [2010/11/24 03:11:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2010/11/24 03:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2010/11/24 03:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2010/11/24 02:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/11/23 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2010/11/23 04:29:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Anti-Malware
    [2010/11/23 04:04:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\a-squared Free
    [2010/11/23 04:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
    [2010/11/22 17:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
    [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickPotatoLiteSA
    [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\ClickPotatoLite
    [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClickPotatoLite
    [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    [2010/11/20 02:53:07 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll
    [2010/11/20 02:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine
    [2010/11/20 00:55:30 | 000,000,000 | ---D | C] -- C:\Spray
    [2010/11/17 00:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2010/11/13 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/13 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/11/13 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/11 02:46:53 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\WinRAR
    [2010/11/11 02:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2010/11/09 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/11/09 19:01:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2010/11/09 19:01:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2010/11/09 19:01:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2010/11/08 01:38:48 | 000,000,000 | ---D | C] -- C:\Media

    ========== Files - Modified Within 30 Days ==========

    [2010/12/02 03:56:23 | 007,847,904 | ---- | M] () -- C:\Users\Tim\Desktop\RHJ-168-AVI.7z
    [2010/12/02 03:40:02 | 007,853,846 | ---- | M] () -- C:\Users\Tim\Desktop\RHJ-167-AVI.7z
    [2010/12/02 03:33:02 | 000,096,349 | ---- | M] () -- C:\Users\Tim\Desktop\ZVPSbinglW.torrent
    [2010/12/02 03:11:23 | 000,047,273 | ---- | M] () -- C:\Users\Tim\Desktop\8hSUaB.torrent
    [2010/12/02 03:09:37 | 000,027,435 | ---- | M] () -- C:\Users\Tim\Desktop\[www.apkfile.net]_122簘獹筧れゝゝㄢマ猔硈祇.torrent
    [2010/12/02 02:52:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
    [2010/12/01 06:44:18 | 000,038,321 | ---- | M] () -- C:\Users\Tim\Desktop\Chem lab report 2010.docx
    [2010/12/01 04:39:11 | 000,079,256 | ---- | M] () -- C:\Users\Tim\Desktop\RHJ-168-AVI.torrent
    [2010/12/01 04:36:11 | 000,085,117 | ---- | M] () -- C:\Users\Tim\Desktop\RHJ-167-AVI.torrent
    [2010/11/29 22:21:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/29 22:21:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/29 22:21:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/29 22:21:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/29 22:21:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/29 22:21:12 | 003,981,232 | ---- | M] () -- C:\Users\Tim\Desktop\ComboFix.exe
    [2010/11/29 22:14:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/29 22:14:19 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/29 22:12:27 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTM.exe
    [2010/11/28 20:34:10 | 000,067,584 | ---- | M] () -- C:\Users\Tim\Desktop\teh2.doc
    [2010/11/28 20:33:50 | 000,038,470 | ---- | M] () -- C:\Users\Tim\Desktop\Bio Lab report 2010.docx
    [2010/11/28 07:39:43 | 000,457,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/25 01:51:03 | 000,630,272 | ---- | M] () -- C:\Users\Tim\Desktop\dds.scr
    [2010/11/24 21:37:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\TFC.exe
    [2010/11/23 04:29:33 | 000,001,121 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2010/11/20 04:54:06 | 000,000,636 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
    [2010/11/17 03:14:59 | 000,010,823 | ---- | M] () -- C:\Users\Tim\Desktop\Acid-Base Titration part 2.docx
    [2010/11/17 03:10:09 | 000,027,136 | ---- | M] () -- C:\Users\Tim\Desktop\Acid-Base Titraion 1.doc
    [2010/11/17 02:09:29 | 000,022,528 | ---- | M] () -- C:\Users\Tim\Desktop\2121.doc
    [2010/11/15 05:04:35 | 004,876,288 | ---- | M] () -- C:\Users\Tim\Desktop\Ch 10.ppt
    [2010/11/15 05:02:59 | 001,475,584 | ---- | M] () -- C:\Users\Tim\Desktop\Ch 11 very short.ppt
    [2010/11/12 08:33:44 | 000,035,997 | ---- | M] () -- C:\Users\Tim\Desktop\123.docx
    [2010/11/12 08:33:14 | 000,036,001 | ---- | M] () -- C:\Users\Tim\Desktop\Enzyme_project_Draft_1[1].docx

    ========== Files Created - No Company Name ==========

    [2010/12/03 12:10:20 | 733,360,584 | ---- | C] () -- C:\Users\Tim\Desktop\SKY-106.avi
    [2010/12/02 22:07:58 | 000,085,117 | ---- | C] () -- C:\Users\Tim\Desktop\RHJ-167-AVI.torrent
    [2010/12/02 22:07:37 | 000,079,256 | ---- | C] () -- C:\Users\Tim\Desktop\RHJ-168-AVI.torrent
    [2010/12/02 03:56:21 | 007,847,904 | ---- | C] () -- C:\Users\Tim\Desktop\RHJ-168-AVI.7z
    [2010/12/02 03:40:02 | 007,853,846 | ---- | C] () -- C:\Users\Tim\Desktop\RHJ-167-AVI.7z
    [2010/12/02 03:32:59 | 000,096,349 | ---- | C] () -- C:\Users\Tim\Desktop\ZVPSbinglW.torrent
    [2010/12/02 03:11:21 | 000,047,273 | ---- | C] () -- C:\Users\Tim\Desktop\8hSUaB.torrent
    [2010/12/02 03:09:35 | 000,027,435 | ---- | C] () -- C:\Users\Tim\Desktop\[www.apkfile.net]_122簘獹筧れゝゝㄢマ猔硈祇.torrent
    [2010/12/01 06:44:18 | 000,038,321 | ---- | C] () -- C:\Users\Tim\Desktop\Chem lab report 2010.docx
    [2010/11/29 22:21:05 | 003,981,232 | ---- | C] () -- C:\Users\Tim\Desktop\ComboFix.exe
    [2010/11/28 20:34:00 | 000,067,584 | ---- | C] () -- C:\Users\Tim\Desktop\teh2.doc
    [2010/11/28 20:33:48 | 000,038,470 | ---- | C] () -- C:\Users\Tim\Desktop\Bio Lab report 2010.docx
    [2010/11/25 01:50:36 | 000,630,272 | ---- | C] () -- C:\Users\Tim\Desktop\dds.scr
    [2010/11/23 04:29:33 | 000,001,121 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2010/11/20 04:54:06 | 000,000,636 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
    [2010/11/20 02:53:07 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
    [2010/11/17 03:14:59 | 000,010,823 | ---- | C] () -- C:\Users\Tim\Desktop\Acid-Base Titration part 2.docx
    [2010/11/17 02:13:39 | 000,027,136 | ---- | C] () -- C:\Users\Tim\Desktop\Acid-Base Titraion 1.doc
    [2010/11/17 02:09:28 | 000,022,528 | ---- | C] () -- C:\Users\Tim\Desktop\2121.doc
    [2010/11/15 05:03:52 | 004,876,288 | ---- | C] () -- C:\Users\Tim\Desktop\Ch 10.ppt
    [2010/11/15 05:02:53 | 001,475,584 | ---- | C] () -- C:\Users\Tim\Desktop\Ch 11 very short.ppt
    [2010/11/12 08:33:44 | 000,035,997 | ---- | C] () -- C:\Users\Tim\Desktop\123.docx
    [2010/11/12 07:18:35 | 000,036,001 | ---- | C] () -- C:\Users\Tim\Desktop\Enzyme_project_Draft_1[1].docx
    [2010/10/28 03:21:29 | 000,007,609 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
    [2010/09/25 13:37:24 | 000,008,480 | ---- | C] () -- C:\Users\Tim\AppData\Local\rx_audio.Cache
    [2010/09/25 13:37:24 | 000,000,144 | ---- | C] () -- C:\Users\Tim\AppData\Local\rx_image32.Cache
    [2010/09/04 16:54:50 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
    [2010/08/30 15:45:54 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/24 14:23:34 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/08/13 06:52:05 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2010/08/13 06:52:05 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2010/08/13 06:52:05 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2010/08/13 06:52:04 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/08/13 06:52:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/09/16 07:20:14 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
    [2009/08/19 06:15:08 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/11/24 03:11:38 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG10
    [2010/12/03 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\BitTorrent
    [2010/11/22 17:41:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ClickPotatoLite
    [2010/09/18 23:59:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DAEMON Tools Pro
    [2010/11/28 20:36:19 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PPStream
    [2010/09/25 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Tencent
    [2010/11/25 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
    [2009/07/13 21:08:49 | 000,017,942 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2010/08/13 09:17:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2010/08/13 09:17:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
    [2010/08/13 09:17:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
    [2010/08/13 09:17:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2010/08/13 09:17:13 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2010/08/13 09:17:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2010/08/13 09:17:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
    [2010/08/13 09:17:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2010/08/13 09:17:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/08/13 09:17:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2010/08/13 09:17:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2010/08/13 09:17:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2010/08/13 09:17:13 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2010/08/13 09:17:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2010/08/13 09:17:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2010/08/13 09:17:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010/08/13 09:17:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      O2 - BHO: (D) - {DBEF970A-7D31-3B54-8B12-12C5F7B7AA8B} - C:\Windows\SysWow64\zs32192.dll File not found
      O2 - BHO: (EDB977E2-5F6A-ADF2-917C-1B311D8FA225 Class) - {EDB977E2-5F6A-ADF2-917C-1B311D8FA225} - C:\QvodPlayer\AddIn\QvodAddr.dll File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\system32\EptMon64.DLL File not found
      O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\THXCfg64.DLL File not found
      O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
      O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      [2010/11/22 17:41:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ClickPotatoLite
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      [2010/11/23 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
      [2010/11/23 04:29:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Anti-Malware
      [2010/11/23 04:04:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\a-squared Free
      [2010/11/23 04:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
      [2010/11/22 17:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
      [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickPotatoLiteSA
      [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\ClickPotatoLite
      [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClickPotatoLite
      [2010/11/22 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ==============================================
    You system is full of torrent files. I don't know what they are and there are too many to open
    2010/12/02 03:33:02 | 000,096,349 | ---- | M] () -- C:\Users\Tim\Desktop\ZVPSbinglW.torrent
    [2010/12/02 03:11:23 | 000,047,273 | ---- | M] () -- C:\Users\Tim\Desktop\8hSUaB.torrent
    [2010/12/02 03:09:37 | 000,027,435 | ---- | M] () -- C:\Users\Tim\Desktop\[www.apkfile.net]_122????????????.torrent
    [2010/12/01 04:39:11 | 000,079,256 | ---- | M] () -- C:\Users\Tim\Desktop\RHJ-168-AVI.torrent
    [2010/12/01 04:36:11 | 000,085,117 | ---- | M] () -- C:\Users\Tim\Desktop\RHJ-167-AVI.torrent

    You are also missing the Extra.txt log from OTL
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    This thread will be closed on one more day if there is no reply.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Closed due to inactivity.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.