Inactive Win32:Crypt virus/malware - can't remove it

Status
Not open for further replies.
M

MrSheen

Posts: 14   +0
Hi

I have the above virus/malware on my machine. I've run HiJackThis and MalwareBytes and have attached the logs. I didn't run the Remove option in MalwareBytes. Just saved the log and closed it. I didn't want to remove anything I shouldn't.

I have a trial version of Avast Internet Security running at the moment, and it keeps blocking things. They mainly seemed to involve internet explorer (which I don't use). I've included a screen print of my task manager so you can see what processes are running at the moment. (3 instances of iexplorer.exe)

I found a similar thread on the forum here:
https://www.techspot.com/vb/topic143450.html
But I have Windows 7, which I understand Combofix isn't compatible with.

Would really appreciate any help with this.

Thanks
Chris
 

Attachments

  • hijackthis.log
    12.3 KB · Views: 3
  • mbam-log-2010-10-09 (13-38-17).txt
    4.5 KB · Views: 31
  • TaskManager.doc
    127 KB · Views: 2
Welcome to TechSpot, Mr. Sheen. I'll help with the malware.
Combofix is compatible with Windows 7 itself, but not the 64bit version. GMER won't run on 64bit either, as well as HijackThis.

But we do have some programs that will run as well as additional programs as needed. You should update and rescan with Malwarebytes, checking the line for removal. We will still be able to see the malware, but it will shows as quarantined, deleted. It's important that as much as possible removed.

Questions:
1. While HijackThis won't scan properly, I note that almost all of the files are showing as temp And there are temp files in the Mbam log. Is there some reason why most of the system is in temp configuration?

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, paste the logs for review in your next reply- use multiple posts if needed. You should be able to run TFC and DDS, with 2 logs from DDS .

Follow this order please:
1. Before you run anything, answer my question about the temp files.
2. Have you or the administrator see any Group Policies intentionally or are you aware some have been set?
=========================================
3. If I give you the go-ahead, run TFC which you will find in the thread link below;
4. Follow that with update and rescan with Malwarebytes,
5. Run DDS
6. Follow that with>
Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Please paste all logs in next reply:
Mbam
2 for DDS> DDS.txt and Attach.txt
Eset online AV scan.

EDIT: I do not open .doc files.
 
Hi. Thanks for helping.

With regards to the temp files. I've no idea. I've only had W7 installed on this machine for about a week and haven't altered anything that I'm aware of.

Before you posted, I read through the preliminary thread and ran MalwareBytes again, removing the results. I also ran TFC too.

Here's the log from Malwarebytes. I won't run anything else til you give me the ok.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4784

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/10/2010 14:38:45
mbam-log-2010-10-09 (14-38-45).txt

Scan type: Quick scan
Objects scanned: 133781
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 15
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
C:\Windows\login.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Windows\win32.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Users\ChrisDesktop\AppData\Local\msudbsh.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ysofepozadutodig (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0na2xjsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0na2xjsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqsrc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqsrc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvpc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvpc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koo9rv9k4z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvoxpiejlpe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvehwfiejlpe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\npapovofamanap (Trojan.Agent.U) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvsc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvoxpiejlpe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\ChrisDesktop\AppData\Local\msudbsh.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Windows\System32\qb9xtuzla.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\login.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\win32.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\qbs1qft2f.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp101265229.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp102114845.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp102160609.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp102167105.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp102167512.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp102229372.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp234394026.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp234436916.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp234453492.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_avast5_\unp234602083.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\ChrisDesktop\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\ChrisDesktop\AppData\Local\ayitamagabobi.dll (Trojan.Agent.U) -> Delete on reboot.
 
Okay, that handled the Mbam entries. Please run the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I'll check that log before proceeding.

There were 9 files for Avast showing infected:
C:\Windows\Temp\_avast5_\unp101265229.tmp (Trojan.Agent)Some searching in the Avast forums indicate these [unp] files are from the Avast Self-Defense Module. And they should have been deleted when the scan was over. Quite a few asking about this. Seems to be related to Avast v5, which many uninstalled/reinstalled or changed programs all together.
So for now, I won't worry about them.
 
Followed your instructions above. Here's the log file from ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=af5b341186489048809ffa1c8039d1cd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-10 12:11:48
# local_time=2010-10-10 01:11:48 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 85267 85267 0 0
# compatibility_mode=5893 16776573 100 94 89241 39176442 0 0
# compatibility_mode=8192 67108863 100 0 189 189 0 0
# scanned=127052
# found=1
# cleaned=0
# scan_time=1316
D:\Software\avast pro\Avast Internet Security 5.0.545{h33t}{mad dog}\setup_ais_eng.exe probably a variant of Win32/Spy.Agent.CIWNIRS trojan 00000000000000000000000000000000 I


Might be worth adding that after I'd run MalwareBytes and removed everything it found, I've not had warnings from Avast about viruses or anything. And my processes are back down to about 50 as opposed to nearly 100.
 
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :Processes	
:Files 
D:\Software\avast pro\Avast Internet Security 5.0.545{h33t}{mad dog}\setup_ais_eng.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

I check this: {mad dog}\setup_ais_eng.exe. It appears this is a torrent download. That's why you got malware with the AV program. Uninstall this version and go to home site to downlad without the benefit of malware.
Avast Home

Please reboot the system after the installation is complete.

Please run DDS and paste the 2 logs in your next reply.
 
Here's the OTM log:

All processes killed
========== PROCESSES ==========
========== FILES ==========
D:\Software\avast pro\Avast Internet Security 5.0.545{h33t}{mad dog}\setup_ais_eng.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ChrisDesktop
->Temp folder emptied: 510191 bytes
->Temporary Internet Files folder emptied: 1079914 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101039643 bytes
->Flash cache emptied: 8893 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 410977 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98.00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 10132010_110347

Files moved on Reboot...
C:\Users\ChrisDesktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1 of the DDS logs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/09/2010 14:22:29
System Uptime: 13/10/2010 11:06:09 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
Processor: AMD Phenom(tm) II X2 555 Processor | AM3 | 3200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 58 GiB total, 28.101 GiB free.
D: is FIXED (NTFS) - 873 GiB total, 604.908 GiB free.
E: is CDROM ()
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Alt.Binz 0.25.0
ATI Catalyst Registration
avast! Internet Security
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Dropbox
EPU-4 Engine
ESET Online Scanner v3
exPressit S.E. 3.0
Flip
ImgBurn
Java Auto Updater
Java(TM) 6 Update 21
Last.fm 1.5.4.24567
Loxley ROES
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSVCRT
Nightmare Adventures The Witchs Prison 1.00
OpenOffice.org 3.2
RUNAWAY: A TWIST OF FATE (English)
Skype Toolbars
Skype™ 4.2
The Lord of the Rings FREE Trial
VirtualCloneDrive
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

12/10/2010 23:51:01, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOK-7D3EA6 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3E33E2D-7F9E-4C1C-A6C2-F6208ED7D7D3}. The master browser is stopping or an election is being forced.
12/10/2010 11:49:27, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/10/2010 11:45:49, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09/10/2010 13:02:34, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
09/10/2010 12:22:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
09/10/2010 12:21:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/10/2010 12:21:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswFW aswRdr aswSnx aswSP aswTdi DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/10/2010 12:21:28, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/10/2010 17:03:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
07/10/2010 22:04:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

==== End Of File ===========================
 
The other DDS log was too large to paste into my reply so here it is attached.

Thanks again for the help.
 

Attachments

  • DDS.txt
    24.4 KB · Views: 2
Use multiple posts if needed but the logs must be pasted in.

Did you do this?
I check this: {mad dog}\setup_ais_eng.exe. It appears this is a torrent download. That's why you got malware with the AV program. Uninstall this version and go to home site to download without the benefit of malware.
Click to expand...

Something is clearly wrong with the system:
uRun: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe
uRun: [LvOXPiejlq+] C:\Users\CHRISD~1\AppData\Local\Temp\win16.exe
uRun: [LvOXPiejlhb] C:\Users\CHRISD~1\AppData\Local\Temp\debug.exe
uRun: [LvOXPiejlotc] C:\Users\CHRISD~1\AppData\Local\Temp\hexdump.exe
uRun: [LvOXPiejlmc] C:\Users\CHRISD~1\AppData\Local\Temp\mdm.exe
uRun: [Lvehwfiejlotc] C:\Users\ChrisDesktop\AppData\Local\Temp\hexdump.exe
uRun: [Lvehwfiejlq+] C:\Users\ChrisDesktop\AppData\Local\Temp\win16.exe
uRun: [Lvehwfiejlhb] C:\Users\ChrisDesktop\AppData\Local\Temp\debug.exe
uRun: [Lvehwfiejlmc] C:\Users\ChrisDesktop\AppData\Local\Temp\mdm.exe
uRun: [LvehwfiejlcwZ] C:\Users\ChrisDesktop\AppData\Local\Temp\ks6otfyoc.exe
uRun: [LvOXPiejlrxc] C:\Users\CHRISD~1\AppData\Local\Temp\spoolsv.exe
uRun: [LvOXPiejlna] C:\Users\CHRISD~1\AppData\Local\Temp\login.exe
uRun: [LvOXPiejlqb] C:\Users\CHRISD~1\AppData\Local\Temp\winamp.exe
uRun: [LvOXPiejlupc] C:\Users\CHRISD~1\AppData\Local\Temp\sysedit.exe
Click to expand...

Firstly, these are all executable files. Second, they are temp files. Thirdly, I can identify a few of the exe files, but not the source.
hexdump.exeis a Trojan downloader
win16.exe is a Trojan backdoor
sysedit.exe is the System Configuration Editor
debug.exe is part of PE Explorer, from HeavenTools Software.

I cannot identify:
LvOX either alone or with any of the additiona letters

You say you have only had Windows 7 on the system for a week. What was the source of the operating system?
 
Yep. My housemate had a disc with a few apps on it and I got the Avast from there. That was the only program I installed from his disc though and I've un-installed it as you said, and installed a trial version from the Avast website.

I installed Windows 7 from an OEM version that I bought from eBuyer.
 
I installed Windows 7 from an OEM version that I bought from eBuyer.
Click to expand...

Well, I think you got bad copy! The term, OEM (original equipment manufacturer) refers to companies that make products for others to repackage and sell. Do you know anything about this seller?

The group of files I quoted above starting with uRun: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe are not valid files as far as I know.

What is this [LvOXPiejlcwZ]?

You've only had Windows 7 on the system for a little over a week> has it ever worked well?
 
From what I can gather eBuyer are a very reputable site. I've used them for the last 5 or 6 years at least and they always come very highly recommended.

I've no idea what [LvOXPiejlcwZ] is I'm afraid.

Until I had the problem with the Win32 virus, it was working fine, and no obvious problems. It's working fine now, in terms of, there's no longer any warnings from my AV software about dangerous processes running or anything.

One thing that has appeared though, is a new partition on my HDD showing as Local Disk (Q: ). I can't access it, format it or get rid of it. Is this perhaps something related to all of this?
 
Please tell me about this: ChrisDesktop

Is this a folder you set up and named?
What do you use it for?
Why are all the files temp files?
Did you intentionally get 64 bit programs?
 
That's just the name of the PC that Windows 7 asked for when I installed it. I assume that the folder was created automatically on installation.

I don't actively use it for anything.

No idea why the files are temp files. I noticed that the 2 text files when I ran DDS ended up in that folder so I guess it's just somewhere that software uses for temporary files while it's running processes. Although I don't really know too much about it.

I got the 64 bit version of Windows 7, but don't intentionally get 64 bit software.

Sorry if this is all a bit vague.
 
I've asked someone to take a look at some entries you have. Will get back to you when I hear.

Meant to ask: What did you load this OEM Windows 7 on? Was this an upgrade? From what?
 
Okay, I believe I've nailed this down to a Trojan Clicker infection> plus a few other Trojans. I think the files are, for the most part, hidden in the CHRISDESKTOP directory. But between the system being Windows 7 AND 64bit, I am limited in what I can have you run.

  • Download OTL from either of the links below and save it to your desktop.
    Link 1
    Link 2
  • Double click the OTL icon to run it.
    OTL_Icon.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL logfile created on: 18/10/2010 23:54:59 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ChrisDesktop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 25.67 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
Drive D: | 872.92 Gb Total Space | 568.94 Gb Free Space | 65.18% Space Free | Partition Type: NTFS

Computer Name: CHRISDESKTOP-PC | User Name: ChrisDesktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ChrisDesktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Users\ChrisDesktop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\ChrisDesktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7A B5 5A A6 60 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 14:51:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/10 18:41:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/01 11:39:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/30 16:03:18 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla\Extensions
[2010/09/30 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/05 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\voglznlv.default\extensions
[2010/10/05 23:08:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/05 23:08:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/04 18:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/05 10:49:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/09 12:05:18 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe File not found
O4 - HKLM..\Run: [LvOXPiejlhb] C:\Users\CHRISD~1\AppData\Local\Temp\debug.exe File not found
O4 - HKLM..\Run: [LvOXPiejlmc] C:\Users\CHRISD~1\AppData\Local\Temp\mdm.exe File not found
O4 - HKLM..\Run: [LvOXPiejlotc] C:\Users\CHRISD~1\AppData\Local\Temp\hexdump.exe File not found
O4 - HKLM..\Run: [LvOXPiejlq+] C:\Users\CHRISD~1\AppData\Local\Temp\win16.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [LvehwfiejlcwZ] C:\Users\ChrisDesktop\AppData\Local\Temp\ks6otfyoc.exe File not found
O4 - HKCU..\Run: [Lvehwfiejlhb] C:\Users\ChrisDesktop\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [Lvehwfiejlhb(Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] C:\Users\ChrisDesktop\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [Lvehwfiejlmc] C:\Users\ChrisDesktop\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [Lvehwfiejlmc(Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] C:\Users\ChrisDesktop\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [Lvehwfiejlotc] C:\Users\ChrisDesktop\AppData\Local\Temp\hexdump.exe File not found
O4 - HKCU..\Run: [Lvehwfiejlq+] C:\Users\ChrisDesktop\AppData\Local\Temp\win16.exe File not found
O4 - HKCU..\Run: [LvOXPiejlcwZ] C:\Users\CHRISD~1\AppData\Local\Temp\ks6otfyoc.exe File not found
O4 - HKCU..\Run: [LvOXPiejlhb] C:\Users\CHRISD~1\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [LvOXPiejlmc] C:\Users\CHRISD~1\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [LvOXPiejlna] C:\Users\CHRISD~1\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [LvOXPiejlotc] C:\Users\CHRISD~1\AppData\Local\Temp\hexdump.exe File not found
O4 - HKCU..\Run: [LvOXPiejlq+] C:\Users\CHRISD~1\AppData\Local\Temp\win16.exe File not found
O4 - HKCU..\Run: [LvOXPiejlqb] C:\Users\CHRISD~1\AppData\Local\Temp\winamp.exe File not found
O4 - HKCU..\Run: [LvOXPiejlrxc] C:\Users\CHRISD~1\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKCU..\Run: [LvOXPiejlupc] C:\Users\CHRISD~1\AppData\Local\Temp\sysedit.exe File not found
O4 - HKCU..\Run: [Mqvscla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\winlogon.exe File not found
O4 - HKCU..\Run: [Mqvscla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winlogon.exe File not found
O4 - Startup: C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ChrisDesktop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk = C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation)
O4 - Startup: C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ahb9z = C:\Users\CHRISD~1\AppData\Local\Temp\zfd3mig.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/18 23:53:29 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTL.exe
[2010/10/13 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Loxley Designer PRO Projects
[2010/10/13 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO
[2010/10/13 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loxley Designer PRO
[2010/10/13 11:03:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/13 11:02:41 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTM.exe
[2010/10/12 22:07:19 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Ghost Ship Studios
[2010/10/12 22:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/10/10 23:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/10/10 22:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\exPressit S.E. 3.0
[2010/10/10 21:46:55 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\SoftGrid Client
[2010/10/10 21:46:50 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\SoftGrid Client
[2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2010/10/10 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/10/10 21:44:13 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\TP
[2010/10/10 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/10 12:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/09 14:42:05 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/09 13:54:32 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/09 12:55:20 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Malwarebytes
[2010/10/09 12:55:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/09 12:55:11 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/09 12:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/09 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/09 12:09:09 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/10/09 12:09:09 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/10/09 12:09:08 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/10/09 12:09:07 | 000,125,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/10/09 12:08:56 | 000,250,448 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/10/09 12:08:56 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/10/09 12:08:55 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/10/09 12:08:54 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/10/09 12:08:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/10/09 12:08:47 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2010/10/09 12:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/09 12:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/09 12:05:17 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\CrashDumps
[2010/10/09 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/08 17:10:45 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\ElevatedDiagnostics
[2010/10/07 23:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Pendulo Studios
[2010/10/07 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pendulo Studios
[2010/10/07 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/10/06 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\.LoxleyColour
[2010/10/06 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\.roescache
[2010/10/06 11:37:25 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Diagnostics
[2010/10/05 23:08:42 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\skypePM
[2010/10/05 23:08:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Skype
[2010/10/05 23:07:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/10/05 23:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/10/05 23:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/10/05 10:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/04 22:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/10/04 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/04 22:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/04 22:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/10/04 22:46:34 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Adobe
[2010/10/04 18:36:42 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\OpenOffice.org
[2010/10/04 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/10/04 18:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/10/04 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/04 18:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/04 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/10/04 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Tracing
[2010/10/04 17:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/10/04 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/10/04 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/10/04 17:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/10/04 17:36:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/04 17:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/10/01 16:50:47 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Tific
[2010/10/01 16:50:44 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Symantec
[2010/10/01 16:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/10/01 16:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/10/01 15:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/10/01 15:20:44 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Last.fm
[2010/10/01 15:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2010/10/01 15:19:26 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\ImgBurn
[2010/10/01 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010/10/01 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Dropbox
[2010/10/01 15:06:31 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Writing
[2010/10/01 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Sports Interactive
[2010/10/01 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\Documents\Photography Documents
[2010/10/01 15:04:29 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Documents\My Dropbox
[2010/10/01 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\uTorrent
[2010/10/01 13:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/01 12:02:13 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\WinRAR
[2010/10/01 11:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/01 11:39:10 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Thunderbird
[2010/10/01 11:39:10 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Thunderbird
[2010/10/01 11:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/10/01 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/30 23:10:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/30 17:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/09/30 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/09/30 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/09/30 17:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/09/30 17:15:02 | 000,000,000 | ---D | C] -- C:\ATI
[2010/09/30 15:55:26 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Alt.Binz
[2010/09/30 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AltBinz
[2010/09/30 15:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2010/09/30 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Macromedia
[2010/09/30 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Adobe
[2010/09/30 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/09/30 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Mozilla
[2010/09/30 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Mozilla
[2010/09/30 14:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/09/30 14:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/30 14:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/30 14:36:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/30 14:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2010/09/30 14:35:01 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010/09/30 14:35:01 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010/09/30 14:35:01 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010/09/30 14:35:01 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010/09/30 14:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010/09/30 14:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/30 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\ATI
[2010/09/30 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\ATI
[2010/09/30 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/09/30 14:28:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/30 14:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/09/30 14:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/09/30 14:22:47 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Searches
[2010/09/30 14:22:47 | 000,000,000 | -H-D | C] -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/30 14:22:40 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Identities
[2010/09/30 14:22:39 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Contacts
[2010/09/30 14:22:37 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\VirtualStore
[2010/09/30 14:22:33 | 000,000,000 | --SD | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Videos
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Saved Games
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Pictures
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Music
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Links
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Favorites
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Downloads
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\My Documents
[2010/09/30 14:22:33 | 000,000,000 | R--D | C] -- C:\Users\ChrisDesktop\Desktop
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\AppData\Local\Temporary Internet Files
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Templates
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Start Menu
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\SendTo
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Recent
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\PrintHood
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\NetHood
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Documents\My Videos
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Documents\My Pictures
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Documents\My Music
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\My Documents
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Local Settings
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\AppData\Local\History
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Cookies
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\Application Data
[2010/09/30 14:22:33 | 000,000,000 | -HSD | C] -- C:\Users\ChrisDesktop\AppData\Local\Application Data
[2010/09/30 14:22:33 | 000,000,000 | -H-D | C] -- C:\Users\ChrisDesktop\AppData
[2010/09/30 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Temp
[2010/09/30 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Local\Microsoft
[2010/09/30 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisDesktop\AppData\Roaming\Media Center Programs
[2010/09/30 14:22:27 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/09/30 14:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/30 14:11:59 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/30 14:11:31 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/08/26 02:57:50 | 000,462,336 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/08/26 02:57:14 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/08/26 02:56:06 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/08/26 02:55:28 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/08/26 02:27:58 | 000,057,344 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll

========== Files - Modified Within 90 Days ==========

[2010/10/18 23:53:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTL.exe
[2010/10/18 16:41:22 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/18 16:41:22 | 000,628,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/18 16:41:22 | 000,110,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/18 15:39:57 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/18 15:39:57 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/18 15:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/18 15:32:18 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 10:23:00 | 000,010,695 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Rent & Bills.xlsx
[2010/10/15 10:17:48 | 000,289,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 12:43:08 | 000,002,067 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\Loxley ROES.lnk
[2010/10/13 18:51:51 | 000,002,048 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO Prefs
[2010/10/13 18:36:17 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Loxley Designer PRO.lnk
[2010/10/13 11:02:32 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisDesktop\Desktop\OTM.exe
[2010/10/12 23:32:00 | 000,418,816 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Accounts2.xls
[2010/10/12 22:07:24 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010/10/12 01:24:21 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/10 23:47:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/10 21:13:47 | 000,016,384 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Books.xls
[2010/10/10 18:41:27 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/09 14:42:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/10/09 13:59:07 | 000,130,048 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\TaskManager.doc
[2010/10/09 12:55:15 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/09 12:43:12 | 000,000,120 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Local\Xhisunogewusuy.dat
[2010/10/09 12:43:12 | 000,000,000 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Local\Hgimuq.bin
[2010/10/09 12:09:09 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/10/09 12:05:11 | 000,000,145 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\asdsada.bat
[2010/10/09 00:01:52 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/10/07 22:56:39 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\RUNAWAY - A TWIST OF FATE.lnk
[2010/10/07 22:16:09 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/10/05 23:08:42 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/10/05 23:07:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/04 18:37:22 | 000,001,239 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/10/04 18:25:27 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/10/01 18:14:46 | 000,001,033 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/10/01 17:08:24 | 000,001,869 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\ImgBurn.lnk
[2010/09/30 17:30:20 | 000,009,826 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.ini
[2010/09/30 17:30:13 | 000,009,679 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bak
[2010/09/30 17:17:15 | 000,002,208 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bk!
[2010/09/30 16:16:45 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/09/30 16:16:34 | 000,036,551 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2010/09/30 15:55:23 | 000,001,005 | ---- | M] () -- C:\Users\ChrisDesktop\Desktop\Alt.Binz.lnk
[2010/09/30 15:38:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/30 15:35:30 | 000,002,042 | ---- | M] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk
[2010/09/30 14:51:11 | 000,001,967 | ---- | M] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/30 14:49:46 | 000,001,441 | ---- | M] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/30 14:35:12 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010/09/30 14:31:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/09/30 14:14:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/09/30 14:14:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 15:54:22 | 000,125,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/09/07 15:54:10 | 000,472,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/09/07 15:53:40 | 000,250,448 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/09/07 15:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 15:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 15:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 15:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/08/26 03:01:34 | 000,076,216 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/08/26 02:57:50 | 000,462,336 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/08/26 02:57:14 | 000,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/08/26 02:56:06 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/08/26 02:55:28 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/08/26 02:30:40 | 000,583,888 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/08/26 02:27:58 | 000,057,344 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/08/26 02:25:36 | 000,583,888 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/08/19 17:37:48 | 000,009,881 | ---- | M] () -- C:\Users\ChrisDesktop\Documents\Lauren & Chris Gas Electric.xlsx
[2010/08/02 09:38:00 | 000,021,866 | ---- | M] () -- C:\Windows\atiogl.xml

========== Files Created - No Company Name ==========

[2010/10/14 12:43:08 | 000,002,067 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\Loxley ROES.lnk
[2010/10/13 18:45:51 | 000,002,048 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO Prefs
[2010/10/13 18:36:17 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Loxley Designer PRO.lnk
[2010/10/12 22:07:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/10/10 23:47:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/10 21:45:37 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/10 18:41:27 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/09 13:59:01 | 000,130,048 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\TaskManager.doc
[2010/10/09 12:55:15 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/09 12:43:12 | 000,000,120 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Local\Xhisunogewusuy.dat
[2010/10/09 12:43:12 | 000,000,000 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Local\Hgimuq.bin
[2010/10/09 12:09:09 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/10/09 12:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/10/09 12:05:11 | 000,000,145 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\asdsada.bat
[2010/10/09 00:01:52 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/10/08 15:32:47 | 000,000,792 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/07 22:56:39 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\RUNAWAY - A TWIST OF FATE.lnk
[2010/10/07 22:16:09 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/10/05 23:08:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/05 23:07:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/04 18:37:22 | 000,001,239 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/10/04 18:25:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/10/01 18:14:46 | 000,001,033 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/10/01 17:08:24 | 000,001,869 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\ImgBurn.lnk
[2010/10/01 15:06:37 | 001,576,076 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Veva1210_User_Guide.pdf
[2010/10/01 15:06:37 | 000,418,816 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Accounts2.xls
[2010/10/01 15:06:37 | 000,024,064 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Lodger Agreement.doc
[2010/10/01 15:06:37 | 000,016,384 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Books.xls
[2010/10/01 15:06:37 | 000,010,695 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Rent & Bills.xlsx
[2010/10/01 15:06:37 | 000,009,881 | ---- | C] () -- C:\Users\ChrisDesktop\Documents\Lauren & Chris Gas Electric.xlsx
[2010/09/30 17:30:15 | 000,002,208 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bk!
[2010/09/30 17:30:06 | 000,009,679 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.bak
[2010/09/30 16:56:51 | 000,009,826 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\PStrip.ini
[2010/09/30 16:56:03 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys
[2010/09/30 15:55:23 | 000,001,005 | ---- | C] () -- C:\Users\ChrisDesktop\Desktop\Alt.Binz.lnk
[2010/09/30 15:38:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/30 15:35:30 | 000,002,042 | ---- | C] () -- C:\Users\ChrisDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk
[2010/09/30 14:51:11 | 000,001,967 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/30 14:49:46 | 000,001,441 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/30 14:36:07 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/09/30 14:36:07 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/09/30 14:36:05 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/09/30 14:36:05 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/09/30 14:35:12 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010/09/30 14:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/30 14:26:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/30 14:26:48 | 000,036,551 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/09/30 14:22:33 | 000,000,290 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/30 14:22:33 | 000,000,272 | ---- | C] () -- C:\Users\ChrisDesktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/30 14:11:31 | 3219,791,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/26 03:01:34 | 000,076,216 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/08/26 02:30:40 | 000,583,888 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/08/26 02:25:36 | 000,583,888 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/08/02 09:38:00 | 000,021,866 | ---- | C] () -- C:\Windows\atiogl.xml
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/10/18 19:51:08 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Dropbox
[2010/10/12 22:07:19 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Ghost Ship Studios
[2010/10/01 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\ImgBurn
[2010/10/13 18:42:58 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Loxley Designer PRO
[2010/10/04 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\OpenOffice.org
[2010/10/16 00:59:36 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\SoftGrid Client
[2010/10/01 11:39:10 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Thunderbird
[2010/10/01 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\Tific
[2010/10/10 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\TP
[2010/10/09 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\ChrisDesktop\AppData\Roaming\uTorrent
[2009/07/14 06:08:49 | 000,012,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A819A132

< End of report >
 
Now the Extras file:

OTL Extras logfile created on: 18/10/2010 23:54:59 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ChrisDesktop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 25.67 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
Drive D: | 872.92 Gb Total Space | 568.94 Gb Free Space | 65.18% Space Free | Partition Type: NTFS

Computer Name: CHRISDESKTOP-PC | User Name: ChrisDesktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DF49D66D-D2D3-46DA-878B-F0BFC7795276}" = Flip
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alt.Binz" = Alt.Binz 0.25.0
"avast5" = avast! Internet Security
"ESET Online Scanner" = ESET Online Scanner v3
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"ImgBurn" = ImgBurn
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RUNAWAY: A TWIST OF FATE (en)" = RUNAWAY: A TWIST OF FATE (English)
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Loxley Designer PRO" = Loxley Designer PRO
"Loxley ROES" = Loxley ROES

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2010 08:27:08 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "d:\web downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 10/10/2010 09:07:56 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 11/10/2010 07:58:40 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 11/10/2010 09:58:32 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\Web Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 12/10/2010 10:43:11 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 13/10/2010 06:02:36 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\Web Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 14/10/2010 10:23:17 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 15/10/2010 12:52:21 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 17/10/2010 09:30:01 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 18/10/2010 16:23:59 | Computer Name = ChrisDesktop-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ System Events ]
Error - 18/10/2010 05:34:14 | Computer Name = ChrisDesktop-PC | Source = DCOM | ID = 10010
Description =

Error - 18/10/2010 11:38:27 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 18/10/2010 11:38:28 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 18/10/2010 11:38:28 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 18/10/2010 11:38:29 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 18/10/2010 14:09:33 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 18/10/2010 14:09:34 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 18/10/2010 14:09:34 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 18/10/2010 14:09:35 | Computer Name = ChrisDesktop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 18/10/2010 18:34:52 | Computer Name = ChrisDesktop-PC | Source = bowser | ID = 8003
Description =


< End of report >
 
Broni brought my attention back to this as I missed it. OE is messed up and I must have deleted your feedback. If your patience can last a little bit longer, I will return with some script to run in OTL.

Please accept my apology for this delay.

Has there been any change with the system?
 
No change. System still appears to be running fine. Avast isn't showing any warnings about anything still.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
Cal Jeffrey
Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions...
Replies
0
Views
134
Cal Jeffrey
Cal Jeffrey
R
iTunes Issues
Replies
0
Views
988
R Henderson
R

Latest posts

Back