TechSpot

Win32:Crypt virus/malware - can't remove it

Inactive
By MrSheen
Oct 9, 2010
Topic Status:
Not open for further replies.
  1. Hi

    I have the above virus/malware on my machine. I've run HiJackThis and MalwareBytes and have attached the logs. I didn't run the Remove option in MalwareBytes. Just saved the log and closed it. I didn't want to remove anything I shouldn't.

    I have a trial version of Avast Internet Security running at the moment, and it keeps blocking things. They mainly seemed to involve internet explorer (which I don't use). I've included a screen print of my task manager so you can see what processes are running at the moment. (3 instances of iexplorer.exe)

    I found a similar thread on the forum here:
    http://www.techspot.com/vb/topic143450.html
    But I have Windows 7, which I understand Combofix isn't compatible with.

    Would really appreciate any help with this.

    Thanks
    Chris

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot, Mr. Sheen. I'll help with the malware.
    Combofix is compatible with Windows 7 itself, but not the 64bit version. GMER won't run on 64bit either, as well as HijackThis.

    But we do have some programs that will run as well as additional programs as needed. You should update and rescan with Malwarebytes, checking the line for removal. We will still be able to see the malware, but it will shows as quarantined, deleted. It's important that as much as possible removed.

    Questions:
    1. While HijackThis won't scan properly, I note that almost all of the files are showing as temp And there are temp files in the Mbam log. Is there some reason why most of the system is in temp configuration?

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, paste the logs for review in your next reply- use multiple posts if needed. You should be able to run TFC and DDS, with 2 logs from DDS .

    Follow this order please:
    1. Before you run anything, answer my question about the temp files.
    2. Have you or the administrator see any Group Policies intentionally or are you aware some have been set?
    =========================================
    3. If I give you the go-ahead, run TFC which you will find in the thread link below;
    4. Follow that with update and rescan with Malwarebytes,
    5. Run DDS
    6. Follow that with>
    Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Please paste all logs in next reply:
    Mbam
    2 for DDS> DDS.txt and Attach.txt
    Eset online AV scan.

    EDIT: I do not open .doc files.
  3. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    Hi. Thanks for helping.

    With regards to the temp files. I've no idea. I've only had W7 installed on this machine for about a week and haven't altered anything that I'm aware of.

    Before you posted, I read through the preliminary thread and ran MalwareBytes again, removing the results. I also ran TFC too.

    Here's the log from Malwarebytes. I won't run anything else til you give me the ok.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4784

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    09/10/2010 14:38:45
    mbam-log-2010-10-09 (14-38-45).txt

    Scan type: Quick scan
    Objects scanned: 133781
    Time elapsed: 2 minute(s), 39 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 1
    Registry Keys Infected: 3
    Registry Values Infected: 15
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 17

    Memory Processes Infected:
    C:\Windows\login.exe (Trojan.Downloader) -> Unloaded process successfully.
    C:\Windows\win32.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\Users\ChrisDesktop\AppData\Local\msudbsh.dll (Trojan.Hiloti) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ysofepozadutodig (Trojan.Hiloti) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0na2xjsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0na2xjsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqsrc (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqsrc (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvpc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvpc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koo9rv9k4z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvoxpiejlpe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvehwfiejlpe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\npapovofamanap (Trojan.Agent.U) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvsc (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvoxpiejlpe (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\ChrisDesktop\AppData\Local\msudbsh.dll (Trojan.Hiloti) -> Delete on reboot.
    C:\Windows\System32\qb9xtuzla.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\login.exe (Trojan.Downloader) -> Delete on reboot.
    C:\Windows\win32.exe (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\qbs1qft2f.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp101265229.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp102114845.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp102160609.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp102167105.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp102167512.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp102229372.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp234394026.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp234436916.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp234453492.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\_avast5_\unp234602083.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\ChrisDesktop\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\ChrisDesktop\AppData\Local\ayitamagabobi.dll (Trojan.Agent.U) -> Delete on reboot.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, that handled the Mbam entries. Please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I'll check that log before proceeding.

    There were 9 files for Avast showing infected:
    C:\Windows\Temp\_avast5_\unp101265229.tmp (Trojan.Agent)Some searching in the Avast forums indicate these [unp] files are from the Avast Self-Defense Module. And they should have been deleted when the scan was over. Quite a few asking about this. Seems to be related to Avast v5, which many uninstalled/reinstalled or changed programs all together.
    So for now, I won't worry about them.
  5. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    Followed your instructions above. Here's the log file from ESET:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=af5b341186489048809ffa1c8039d1cd
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-10 12:11:48
    # local_time=2010-10-10 01:11:48 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=768 16777215 100 0 85267 85267 0 0
    # compatibility_mode=5893 16776573 100 94 89241 39176442 0 0
    # compatibility_mode=8192 67108863 100 0 189 189 0 0
    # scanned=127052
    # found=1
    # cleaned=0
    # scan_time=1316
    D:\Software\avast pro\Avast Internet Security 5.0.545{h33t}{mad dog}\setup_ais_eng.exe probably a variant of Win32/Spy.Agent.CIWNIRS trojan 00000000000000000000000000000000 I


    Might be worth adding that after I'd run MalwareBytes and removed everything it found, I've not had warnings from Avast about viruses or anything. And my processes are back down to about 50 as opposed to nearly 100.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      :Files 
      D:\Software\avast pro\Avast Internet Security 5.0.545{h33t}{mad dog}\setup_ais_eng.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    I check this: {mad dog}\setup_ais_eng.exe. It appears this is a torrent download. That's why you got malware with the AV program. Uninstall this version and go to home site to downlad without the benefit of malware.
    Avast Home

    Please reboot the system after the installation is complete.

    Please run DDS and paste the 2 logs in your next reply.
  7. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    Here's the OTM log:

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    D:\Software\avast pro\Avast Internet Security 5.0.545{h33t}{mad dog}\setup_ais_eng.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: ChrisDesktop
    ->Temp folder emptied: 510191 bytes
    ->Temporary Internet Files folder emptied: 1079914 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 101039643 bytes
    ->Flash cache emptied: 8893 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 410977 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 98.00 mb


    OTM by OldTimer - Version 3.1.16.1 log created on 10132010_110347

    Files moved on Reboot...
    C:\Users\ChrisDesktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    1 of the DDS logs:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-05.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/09/2010 14:22:29
    System Uptime: 13/10/2010 11:06:09 (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
    Processor: AMD Phenom(tm) II X2 555 Processor | AM3 | 3200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 58 GiB total, 28.101 GiB free.
    D: is FIXED (NTFS) - 873 GiB total, 604.908 GiB free.
    E: is CDROM ()
    G: is CDROM ()
    H: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Alt.Binz 0.25.0
    ATI Catalyst Registration
    avast! Internet Security
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Dropbox
    EPU-4 Engine
    ESET Online Scanner v3
    exPressit S.E. 3.0
    Flip
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 21
    Last.fm 1.5.4.24567
    Loxley ROES
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Business 2010 - English
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.10)
    Mozilla Thunderbird (3.1.4)
    MSVCRT
    Nightmare Adventures The Witchs Prison 1.00
    OpenOffice.org 3.2
    RUNAWAY: A TWIST OF FATE (English)
    Skype Toolbars
    Skype™ 4.2
    The Lord of the Rings FREE Trial
    VirtualCloneDrive
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool

    ==== Event Viewer Messages From Past Week ========

    12/10/2010 23:51:01, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOK-7D3EA6 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3E33E2D-7F9E-4C1C-A6C2-F6208ED7D7D3}. The master browser is stopping or an election is being forced.
    12/10/2010 11:49:27, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/10/2010 11:45:49, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    09/10/2010 13:02:34, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    09/10/2010 12:22:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    09/10/2010 12:21:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    09/10/2010 12:21:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswFW aswRdr aswSnx aswSP aswTdi DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    09/10/2010 12:21:28, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08/10/2010 17:03:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    07/10/2010 22:04:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

    ==== End Of File ===========================
  8. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    The other DDS log was too large to paste into my reply so here it is attached.

    Thanks again for the help.

    Attached Files:

    • DDS.txt
      File size:
      24.4 KB
      Views:
      2
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Use multiple posts if needed but the logs must be pasted in.

    Did you do this?
    Something is clearly wrong with the system:
    Firstly, these are all executable files. Second, they are temp files. Thirdly, I can identify a few of the exe files, but not the source.
    hexdump.exeis a Trojan downloader
    win16.exe is a Trojan backdoor
    sysedit.exe is the System Configuration Editor
    debug.exe is part of PE Explorer, from HeavenTools Software.

    I cannot identify:
    LvOX either alone or with any of the additiona letters

    You say you have only had Windows 7 on the system for a week. What was the source of the operating system?
  10. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    Yep. My housemate had a disc with a few apps on it and I got the Avast from there. That was the only program I installed from his disc though and I've un-installed it as you said, and installed a trial version from the Avast website.

    I installed Windows 7 from an OEM version that I bought from eBuyer.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Well, I think you got bad copy! The term, OEM (original equipment manufacturer) refers to companies that make products for others to repackage and sell. Do you know anything about this seller?

    The group of files I quoted above starting with uRun: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe are not valid files as far as I know.

    What is this [LvOXPiejlcwZ]?

    You've only had Windows 7 on the system for a little over a week> has it ever worked well?
     
  12. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    From what I can gather eBuyer are a very reputable site. I've used them for the last 5 or 6 years at least and they always come very highly recommended.

    I've no idea what [LvOXPiejlcwZ] is I'm afraid.

    Until I had the problem with the Win32 virus, it was working fine, and no obvious problems. It's working fine now, in terms of, there's no longer any warnings from my AV software about dangerous processes running or anything.

    One thing that has appeared though, is a new partition on my HDD showing as Local Disk (Q: ). I can't access it, format it or get rid of it. Is this perhaps something related to all of this?
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please tell me about this: ChrisDesktop

    Is this a folder you set up and named?
    What do you use it for?
    Why are all the files temp files?
    Did you intentionally get 64 bit programs?
  14. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    That's just the name of the PC that Windows 7 asked for when I installed it. I assume that the folder was created automatically on installation.

    I don't actively use it for anything.

    No idea why the files are temp files. I noticed that the 2 text files when I ran DDS ended up in that folder so I guess it's just somewhere that software uses for temporary files while it's running processes. Although I don't really know too much about it.

    I got the 64 bit version of Windows 7, but don't intentionally get 64 bit software.

    Sorry if this is all a bit vague.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I've asked someone to take a look at some entries you have. Will get back to you when I hear.

    Meant to ask: What did you load this OEM Windows 7 on? Was this an upgrade? From what?
  16. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    Thanks. Really appreciate your time & effort.

    It was a new build so a fresh install.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, I believe I've nailed this down to a Trojan Clicker infection> plus a few other Trojans. I think the files are, for the most part, hidden in the CHRISDESKTOP directory. But between the system being Windows 7 AND 64bit, I am limited in what I can have you run.

    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  18. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    OTL logfile created on: 18/10/2010 23:54:59 - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ChrisDesktop\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 58.50 Gb Total Space | 25.67 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
    Drive D: | 872.92 Gb Total Space | 568.94 Gb Free Space | 65.18% Space Free | Partition Type: NTFS

    Computer Name: CHRISDESKTOP-PC | User Name: ChrisDesktop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\ChrisDesktop\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Users\ChrisDesktop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
    PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
    PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
    PRC - C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\ChrisDesktop\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7A B5 5A A6 60 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 14:51:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/10 18:41:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/01 11:39:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2010/09/30 16:03:18 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla\Extensions
    [2010/09/30 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/10/05 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\voglznlv.default\extensions
    [2010/10/05 23:08:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/10/05 23:08:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/04 18:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/05 10:49:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/10/09 12:05:18 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe File not found
    O4 - HKLM..\Run: [LvOXPiejlhb] C:\Users\CHRISD~1\AppData\Local\Temp\debug.exe File not found
    O4 - HKLM..\Run: [LvOXPiejlmc] C:\Users\CHRISD~1\AppData\Local\Temp\mdm.exe File not found
    O4 - HKLM..\Run: [LvOXPiejlotc] C:\Users\CHRISD~1\AppData\Local\Temp\hexdump.exe File not found
    O4 - HKLM..\Run: [LvOXPiejlq+] C:\Users\CHRISD~1\AppData\Local\Temp\win16.exe File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKCU..\Run: [LvehwfiejlcwZ] C:\Users\ChrisDesktop\AppData\Local\Temp\ks6otfyoc.exe File not found
    O4 - HKCU..\Run: [Lvehwfiejlhb] C:\Users\ChrisDesktop\AppData\Local\Temp\debug.exe File not found
    O4 - HKCU..\Run: [Lvehwfiejlhb(Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] C:\Users\ChrisDesktop\AppData\Local\Temp\debug.exe File not found
    O4 - HKCU..\Run: [Lvehwfiejlmc] C:\Users\ChrisDesktop\AppData\Local\Temp\mdm.exe File not found
    O4 - HKCU..\Run: [Lvehwfiejlmc(Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] C:\Users\ChrisDesktop\AppData\Local\Temp\mdm.exe File not found
    O4 - HKCU..\Run: [Lvehwfiejlotc] C:\Users\ChrisDesktop\AppData\Local\Temp\hexdump.exe File not found
    O4 - HKCU..\Run: [Lvehwfiejlq+] C:\Users\ChrisDesktop\AppData\Local\Temp\win16.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlhb] C:\Users\CHRISD~1\AppData\Local\Temp\debug.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlmc] C:\Users\CHRISD~1\AppData\Local\Temp\mdm.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlna] C:\Users\CHRISD~1\AppData\Local\Temp\login.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlotc] C:\Users\CHRISD~1\AppData\Local\Temp\hexdump.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlq+] C:\Users\CHRISD~1\AppData\Local\Temp\win16.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlqb] C:\Users\CHRISD~1\AppData\Local\Temp\winamp.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlrxc] C:\Users\CHRISD~1\AppData\Local\Temp\spoolsv.exe File not found
    O4 - HKCU..\Run: [LvOXPiejlupc] C:\Users\CHRISD~1\AppData\Local\Temp\sysedit.exe File not found
    O4 - HKCU..\Run: [Mqvscla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\winlogon.exe File not found
    O4 - HKCU..\Run: [Mqvscla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winlogon.exe File not found
    O4 - Startup: C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ChrisDesktop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
    O4 - Startup: C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk = C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation)
    O4 - Startup: C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ahb9z = C:\Users\CHRISD~1\AppData\Local\Temp\zfd3mig.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/18 23:53:29 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTL.exe
    [2010/10/13 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Loxley Designer PRO Projects
    [2010/10/13 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO
    [2010/10/13 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loxley Designer PRO
    [2010/10/13 11:03:47 | 000,000,000 | ---D | C] -- C:\_OTM
    [2010/10/13 11:02:41 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTM.exe
    [2010/10/12 22:07:19 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Ghost Ship Studios
    [2010/10/12 22:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/10/10 23:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
    [2010/10/10 22:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\exPressit S.E. 3.0
    [2010/10/10 21:46:55 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\SoftGrid Client
    [2010/10/10 21:46:50 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\SoftGrid Client
    [2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2010/10/10 21:44:13 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\TP
    [2010/10/10 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2010/10/10 12:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/10/09 14:42:05 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/10/09 13:54:32 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/10/09 12:55:20 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Malwarebytes
    [2010/10/09 12:55:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/10/09 12:55:11 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/09 12:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/09 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/09 12:09:09 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/10/09 12:09:09 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/10/09 12:09:08 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2010/10/09 12:09:07 | 000,125,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2010/10/09 12:08:56 | 000,250,448 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2010/10/09 12:08:56 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/10/09 12:08:55 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/10/09 12:08:54 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/10/09 12:08:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/10/09 12:08:47 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
    [2010/10/09 12:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/10/09 12:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/09 12:05:17 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\CrashDumps
    [2010/10/09 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2010/10/08 17:10:45 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\ElevatedDiagnostics
    [2010/10/07 23:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Pendulo Studios
    [2010/10/07 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pendulo Studios
    [2010/10/07 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
    [2010/10/06 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\.LoxleyColour
    [2010/10/06 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\.roescache
    [2010/10/06 11:37:25 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Diagnostics
    [2010/10/05 23:08:42 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\skypePM
    [2010/10/05 23:08:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Skype
    [2010/10/05 23:07:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2010/10/05 23:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2010/10/05 23:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010/10/05 10:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/10/04 22:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
    [2010/10/04 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010/10/04 22:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2010/10/04 22:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2010/10/04 22:46:34 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Adobe
    [2010/10/04 18:36:42 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\OpenOffice.org
    [2010/10/04 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
    [2010/10/04 18:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
    [2010/10/04 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/10/04 18:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2010/10/04 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
    [2010/10/04 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Tracing
    [2010/10/04 17:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2010/10/04 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/10/04 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2010/10/04 17:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2010/10/04 17:36:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2010/10/04 17:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2010/10/01 16:50:47 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Tific
    [2010/10/01 16:50:44 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Symantec
    [2010/10/01 16:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2010/10/01 16:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2010/10/01 15:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
    [2010/10/01 15:20:44 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Last.fm
    [2010/10/01 15:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
    [2010/10/01 15:19:26 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\ImgBurn
    [2010/10/01 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2010/10/01 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Dropbox
    [2010/10/01 15:06:31 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Writing
    [2010/10/01 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Sports Interactive
    [2010/10/01 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Photography Documents
    [2010/10/01 15:04:29 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Documents\My Dropbox
    [2010/10/01 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\uTorrent
    [2010/10/01 13:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2010/10/01 12:02:13 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\WinRAR
    [2010/10/01 11:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/10/01 11:39:10 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Thunderbird
    [2010/10/01 11:39:10 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Thunderbird
    [2010/10/01 11:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2010/10/01 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2010/09/30 23:10:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2010/09/30 17:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010/09/30 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2010/09/30 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2010/09/30 17:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
    [2010/09/30 17:15:02 | 000,000,000 | ---D | C] -- C:\ATI
    [2010/09/30 15:55:26 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Alt.Binz
    [2010/09/30 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AltBinz
    [2010/09/30 15:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
    [2010/09/30 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Macromedia
    [2010/09/30 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Adobe
    [2010/09/30 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2010/09/30 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla
    [2010/09/30 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Mozilla
    [2010/09/30 14:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/09/30 14:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2010/09/30 14:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2010/09/30 14:36:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2010/09/30 14:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
    [2010/09/30 14:35:01 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
    [2010/09/30 14:35:01 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
    [2010/09/30 14:35:01 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
    [2010/09/30 14:35:01 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
    [2010/09/30 14:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
    [2010/09/30 14:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2010/09/30 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\ATI
    [2010/09/30 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\ATI
    [2010/09/30 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2010/09/30 14:28:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2010/09/30 14:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010/09/30 14:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010/09/30 14:22:47 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Searches
    [2010/09/30 14:22:47 | 000,000,000 | -H-D | C] -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2010/09/30 14:22:40 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Identities
    [2010/09/30 14:22:39 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Contacts
    [2010/09/30 14:22:37 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\VirtualStore
    [2010/09/30 14:22:33 | 000,000,000 | --SD | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Videos
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Saved Games
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Pictures
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Music
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Links
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Favorites
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Downloads
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\My Documents
    [2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Desktop
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\AppData\Local\Temporary Internet Files
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Templates
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Start Menu
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\SendTo
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Recent
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\PrintHood
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\NetHood
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Documents\My Videos
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Documents\My Pictures
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Documents\My Music
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\My Documents
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Local Settings
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\AppData\Local\History
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Cookies
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Application Data
    [2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\AppData\Local\Application Data
    [2010/09/30 14:22:33 | 000,000,000 | -H-D | C] -- C:\Users\ChrisDesktop\AppData
    [2010/09/30 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Temp
    [2010/09/30 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Microsoft
    [2010/09/30 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Media Center Programs
    [2010/09/30 14:22:27 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2010/09/30 14:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010/09/30 14:11:59 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2010/09/30 14:11:31 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/08/26 02:57:50 | 000,462,336 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2010/08/26 02:57:14 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2010/08/26 02:56:06 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2010/08/26 02:55:28 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2010/08/26 02:27:58 | 000,057,344 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/10/18 23:53:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTL.exe
    [2010/10/18 16:41:22 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/18 16:41:22 | 000,628,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/18 16:41:22 | 000,110,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/18 15:39:57 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/18 15:39:57 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/18 15:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/18 15:32:18 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/15 10:23:00 | 000,010,695 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Rent & Bills.xlsx
    [2010/10/15 10:17:48 | 000,289,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/14 12:43:08 | 000,002,067 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\Loxley ROES.lnk
    [2010/10/13 18:51:51 | 000,002,048 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO Prefs
    [2010/10/13 18:36:17 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Loxley Designer PRO.lnk
    [2010/10/13 11:02:32 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTM.exe
    [2010/10/12 23:32:00 | 000,418,816 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Accounts2.xls
    [2010/10/12 22:07:24 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
    [2010/10/12 01:24:21 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/10/10 23:47:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/10/10 21:13:47 | 000,016,384 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Books.xls
    [2010/10/10 18:41:27 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/09 14:42:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/10/09 13:59:07 | 000,130,048 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\TaskManager.doc
    [2010/10/09 12:55:15 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/09 12:43:12 | 000,000,120 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Local\Xhisunogewusuy.dat
    [2010/10/09 12:43:12 | 000,000,000 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Local\Hgimuq.bin
    [2010/10/09 12:09:09 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2010/10/09 12:05:11 | 000,000,145 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\asdsada.bat
    [2010/10/09 00:01:52 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
    [2010/10/07 22:56:39 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\RUNAWAY - A TWIST OF FATE.lnk
    [2010/10/07 22:16:09 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    [2010/10/05 23:08:42 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/05 23:07:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/10/04 18:37:22 | 000,001,239 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/10/04 18:25:27 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
    [2010/10/01 18:14:46 | 000,001,033 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/10/01 17:08:24 | 000,001,869 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\ImgBurn.lnk
    [2010/09/30 17:30:20 | 000,009,826 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.ini
    [2010/09/30 17:30:13 | 000,009,679 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bak
    [2010/09/30 17:17:15 | 000,002,208 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bk!
    [2010/09/30 16:16:45 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2010/09/30 16:16:34 | 000,036,551 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
    [2010/09/30 15:55:23 | 000,001,005 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\Alt.Binz.lnk
    [2010/09/30 15:38:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2010/09/30 15:35:30 | 000,002,042 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk
    [2010/09/30 14:51:11 | 000,001,967 | ---- | M] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/09/30 14:49:46 | 000,001,441 | ---- | M] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/09/30 14:35:12 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
    [2010/09/30 14:31:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2010/09/30 14:14:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2010/09/30 14:14:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/09/07 15:54:22 | 000,125,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2010/09/07 15:54:10 | 000,472,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2010/09/07 15:53:40 | 000,250,448 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2010/09/07 15:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/09/07 15:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/09/07 15:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/09/07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/09/07 15:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/08/26 03:01:34 | 000,076,216 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
    [2010/08/26 02:57:50 | 000,462,336 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2010/08/26 02:57:14 | 000,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2010/08/26 02:56:06 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2010/08/26 02:55:28 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2010/08/26 02:30:40 | 000,583,888 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
    [2010/08/26 02:27:58 | 000,057,344 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
    [2010/08/26 02:25:36 | 000,583,888 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
    [2010/08/19 17:37:48 | 000,009,881 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Lauren & Chris Gas Electric.xlsx
    [2010/08/02 09:38:00 | 000,021,866 | ---- | M] () -- C:\Windows\atiogl.xml

    ========== Files Created - No Company Name ==========

    [2010/10/14 12:43:08 | 000,002,067 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\Loxley ROES.lnk
    [2010/10/13 18:45:51 | 000,002,048 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO Prefs
    [2010/10/13 18:36:17 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Loxley Designer PRO.lnk
    [2010/10/12 22:07:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2010/10/10 23:47:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/10/10 21:45:37 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/10/10 18:41:27 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/09 13:59:01 | 000,130,048 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\TaskManager.doc
    [2010/10/09 12:55:15 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/09 12:43:12 | 000,000,120 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Local\Xhisunogewusuy.dat
    [2010/10/09 12:43:12 | 000,000,000 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Local\Hgimuq.bin
    [2010/10/09 12:09:09 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2010/10/09 12:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/10/09 12:05:11 | 000,000,145 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\asdsada.bat
    [2010/10/09 00:01:52 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
    [2010/10/08 15:32:47 | 000,000,792 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/10/07 22:56:39 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\RUNAWAY - A TWIST OF FATE.lnk
    [2010/10/07 22:16:09 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    [2010/10/05 23:08:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/05 23:07:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/10/04 18:37:22 | 000,001,239 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/10/04 18:25:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
    [2010/10/01 18:14:46 | 000,001,033 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/10/01 17:08:24 | 000,001,869 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\ImgBurn.lnk
    [2010/10/01 15:06:37 | 001,576,076 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Veva1210_User_Guide.pdf
    [2010/10/01 15:06:37 | 000,418,816 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Accounts2.xls
    [2010/10/01 15:06:37 | 000,024,064 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Lodger Agreement.doc
    [2010/10/01 15:06:37 | 000,016,384 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Books.xls
    [2010/10/01 15:06:37 | 000,010,695 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Rent & Bills.xlsx
    [2010/10/01 15:06:37 | 000,009,881 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Lauren & Chris Gas Electric.xlsx
    [2010/09/30 17:30:15 | 000,002,208 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bk!
    [2010/09/30 17:30:06 | 000,009,679 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bak
    [2010/09/30 16:56:51 | 000,009,826 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.ini
    [2010/09/30 16:56:03 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys
    [2010/09/30 15:55:23 | 000,001,005 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\Alt.Binz.lnk
    [2010/09/30 15:38:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2010/09/30 15:35:30 | 000,002,042 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk
    [2010/09/30 14:51:11 | 000,001,967 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/09/30 14:49:46 | 000,001,441 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/09/30 14:36:07 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/09/30 14:36:07 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/09/30 14:36:05 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2010/09/30 14:36:05 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2010/09/30 14:35:12 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
    [2010/09/30 14:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/30 14:26:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/09/30 14:26:48 | 000,036,551 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2010/09/30 14:22:33 | 000,000,290 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010/09/30 14:22:33 | 000,000,272 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010/09/30 14:11:31 | 3219,791,872 | -HS- | C] () -- C:\hiberfil.sys
    [2010/08/26 03:01:34 | 000,076,216 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2010/08/26 02:30:40 | 000,583,888 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2010/08/26 02:25:36 | 000,583,888 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2010/08/02 09:38:00 | 000,021,866 | ---- | C] () -- C:\Windows\atiogl.xml
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
    [2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2010/10/18 19:51:08 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Dropbox
    [2010/10/12 22:07:19 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Ghost Ship Studios
    [2010/10/01 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\ImgBurn
    [2010/10/13 18:42:58 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO
    [2010/10/04 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\OpenOffice.org
    [2010/10/16 00:59:36 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\SoftGrid Client
    [2010/10/01 11:39:10 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Thunderbird
    [2010/10/01 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Tific
    [2010/10/10 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\TP
    [2010/10/09 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\uTorrent
    [2009/07/14 06:08:49 | 000,012,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
  19. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
    [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A819A132

    < End of report >
  20. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    Now the Extras file:

    OTL Extras logfile created on: 18/10/2010 23:54:59 - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ChrisDesktop\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 58.50 Gb Total Space | 25.67 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
    Drive D: | 872.92 Gb Total Space | 568.94 Gb Free Space | 65.18% Space Free | Partition Type: NTFS

    Computer Name: CHRISDESKTOP-PC | User Name: ChrisDesktop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
    "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
    "{DF49D66D-D2D3-46DA-878B-F0BFC7795276}" = Flip
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
    "{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Alt.Binz" = Alt.Binz 0.25.0
    "avast5" = avast! Internet Security
    "ESET Online Scanner" = ESET Online Scanner v3
    "exPressit S.E. 3.0" = exPressit S.E. 3.0
    "ImgBurn" = ImgBurn
    "LastFM_is1" = Last.fm 1.5.4.24567
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "RUNAWAY: A TWIST OF FATE (en)" = RUNAWAY: A TWIST OF FATE (English)
    "VirtualCloneDrive" = VirtualCloneDrive
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Loxley Designer PRO" = Loxley Designer PRO
    "Loxley ROES" = Loxley ROES

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/10/2010 08:27:08 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "d:\web downloads\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 10/10/2010 09:07:56 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
    Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 11/10/2010 07:58:40 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 11/10/2010 09:58:32 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "D:\Web Downloads\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 12/10/2010 10:43:11 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 13/10/2010 06:02:36 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "D:\Web Downloads\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 14/10/2010 10:23:17 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 15/10/2010 12:52:21 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 17/10/2010 09:30:01 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 18/10/2010 16:23:59 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    [ System Events ]
    Error - 18/10/2010 05:34:14 | Computer Name = ChrisDesktop-PC | Source = DCOM | ID = 10010
    Description =

    Error - 18/10/2010 11:38:27 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 18/10/2010 11:38:28 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 18/10/2010 11:38:28 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 18/10/2010 11:38:29 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 18/10/2010 14:09:33 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR3.

    Error - 18/10/2010 14:09:34 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR3.

    Error - 18/10/2010 14:09:34 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR3.

    Error - 18/10/2010 14:09:35 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR3.

    Error - 18/10/2010 18:34:52 | Computer Name = ChrisDesktop-PC | Source = bowser | ID = 8003
    Description =


    < End of report >
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Broni brought my attention back to this as I missed it. OE is messed up and I must have deleted your feedback. If your patience can last a little bit longer, I will return with some script to run in OTL.

    Please accept my apology for this delay.

    Has there been any change with the system?
  22. MrSheen

    MrSheen Newcomer, in training Topic Starter Posts: 16

    No change. System still appears to be running fine. Avast isn't showing any warnings about anything still.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.