Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Long Hangs/temp freeze on Loading anything


  • This topic is locked This topic is locked

#16
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Looking forward for the AVP log. :)

Nothing is standing out in the logs except for these two which I don't recognize.

[2011/09/21 15:22:40 | 000,013,312 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\vde4odkz.sys
[2011/09/21 15:22:36 | 000,011,264 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\uze4odkz.sys


Can you remember when has all this problem (i.e. hangs) started?
  • 0

Advertisements


#17
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Well, I been having problems, they just keep changing over the past months. I get rid of one thing and something else comes up. The hang seems to be the last of them though. But, no I don't know exactly.
  • 0

#18
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts

Well, I been having problems, they just keep changing over the past months. I get rid of one thing and something else comes up. The hang seems to be the last of them though. But, no I don't know exactly.


Ok, we'll just wait for AVP to finish its thing and see if it finds nasties lurking. My plan is to do a clean boot next to prevent incompatible drivers loading from startup as you can see in the event logs.

Error - 10/7/2011 10:21:18 PM | Computer Name = USER-14D1B69C21 | Source = Application Popup | ID = 1060
Description = \??\C:\WINDOWS\SysWow64\Drivers\vde4odkz.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/7/2011 10:21:18 PM | Computer Name = USER-14D1B69C21 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


:)
  • 0

#19
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Links below to AVP stuff and OTL copy and pasted w/ extras this time.

*****************************OTL:

OTL logfile created on: 10/17/2011 2:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.25 Gb Available Physical Memory | 81.23% Memory free
12.26 Gb Paging File | 11.82 Gb Available in Paging File | 96.43% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 422.36 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive D: | 697.65 Gb Total Space | 491.83 Gb Free Space | 70.50% Space Free | Partition Type: NTFS

Computer Name: USER-14D1B69C21 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/17 14:14:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 00:35:26 | 001,597,440 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11101700\algo.dll
MOD - [2011/10/14 13:21:40 | 000,272,416 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11101700\aswRep.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/25 01:38:33 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 05:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011/09/21 15:22:40 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\vde4odkz.sys -- (vde4odkz)
DRV - [2011/09/21 15:22:36 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\uze4odkz.sys -- (uze4odkz)
DRV - [2011/03/18 09:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/12/21 16:50:47 | 000,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/02/22 12:28:46 | 000,021,200 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASTRA32\astra64.sys -- (ASTRA64)
DRV - [2007/02/18 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [1997/12/22 19:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWow64\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/12 04:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 01:57:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/02 03:18:21 | 000,000,000 | ---D | M]

[2011/09/24 12:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/16 16:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wvtvti0j.default\extensions
[2011/09/24 12:59:52 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wvtvti0j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/24 12:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WVTVTI0J.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WVTVTI0J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/01 01:57:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9079FF4C-5EF8-40FC-9DC6-5DCE577D106F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/03 19:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - File not found
Drivers32:64bit: aux4 - File not found
Drivers32:64bit: aux5 - File not found
Drivers32:64bit: midi - File not found
Drivers32:64bit: midi4 - File not found
Drivers32:64bit: midi5 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer4 - File not found
Drivers32:64bit: mixer5 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: vidc.iyuv - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: vidc.uyvy - File not found
Drivers32:64bit: vidc.yuy2 - File not found
Drivers32:64bit: vidc.yvu9 - File not found
Drivers32:64bit: vidc.yvyu - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave4 - File not found
Drivers32:64bit: wave5 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWow64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/17 14:14:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/17 13:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AVP Results
[2011/10/13 23:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2011/10/13 23:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpeedFan
[2011/10/13 01:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/06 17:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/06 17:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2011/10/01 16:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.swt
[2011/10/01 16:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/10/01 16:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vmntemplate
[2011/09/28 19:11:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/09/27 14:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\579000
[2011/09/26 12:10:44 | 000,615,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uiautomationcore.dll
[2011/09/26 12:06:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oleaccrc.dll
[2011/09/24 12:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/09/24 12:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2011/10/17 14:14:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/17 14:08:15 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1058093358-2681104663-2786989613-500.job
[2011/10/17 14:07:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/16 23:49:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/16 20:21:00 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 19:00:31 | 098,058,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_10_17_03_40.exe
[2011/10/16 18:47:17 | 001,541,014 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\tdsskiller.zip
[2011/10/14 02:26:32 | 000,733,770 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/10/14 02:16:10 | 000,000,984 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/13 23:56:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2011/10/13 23:56:19 | 000,000,045 | ---- | M] () -- C:\WINDOWS\SysWow64\initdebug.nfo
[2011/10/11 23:59:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1058093358-2681104663-2786989613-500.job
[2011/10/10 17:52:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2011/10/07 14:36:44 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/02 16:37:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2011/09/26 13:44:57 | 000,000,512 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/09/26 12:10:44 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uiautomationcore.dll
[2011/09/26 12:06:52 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oleaccrc.dll
[2011/09/24 12:57:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/24 12:54:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/24 12:54:52 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/24 12:49:32 | 000,212,016 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Firefox 6.0.2 (en-US) - 2011-09-24.pcv
[2011/09/23 20:39:19 | 000,065,536 | ---- | M] () -- C:\WINDOWS\TADSUINS.EXE
[2011/09/21 15:22:40 | 000,013,312 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\vde4odkz.sys
[2011/09/21 15:22:36 | 000,011,264 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\uze4odkz.sys
[2011/09/20 22:16:56 | 000,000,008 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rtkhdaud.dat

========== Files Created - No Company Name ==========

[2011/10/16 18:55:07 | 098,058,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_10_17_03_40.exe
[2011/10/16 18:47:02 | 001,541,014 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\tdsskiller.zip
[2011/10/14 02:15:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/13 23:56:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2011/10/13 23:56:18 | 000,000,045 | ---- | C] () -- C:\WINDOWS\SysWow64\initdebug.nfo
[2011/09/24 12:54:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/24 12:54:52 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 12:54:52 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/24 12:49:32 | 000,212,016 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Firefox 6.0.2 (en-US) - 2011-09-24.pcv
[2011/09/21 15:22:40 | 000,013,312 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\vde4odkz.sys
[2011/09/21 15:22:36 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\uze4odkz.sys
[2011/09/20 22:16:56 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rtkhdaud.dat
[2011/09/17 22:38:53 | 000,000,512 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/09/06 15:41:37 | 000,017,408 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/09/03 02:44:22 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunrar36.dll
[2011/09/03 02:44:22 | 000,153,088 | ---- | C] () -- C:\WINDOWS\SysWow64\UNRAR3.dll
[2011/09/03 02:44:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunace26.dll
[2011/09/03 02:44:22 | 000,075,264 | ---- | C] () -- C:\WINDOWS\SysWow64\unacev2.dll
[2011/09/01 02:18:05 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/08/30 01:14:14 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 17:45:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2011/08/01 17:44:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/02/08 17:50:59 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/02/08 17:50:55 | 000,020,783 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/02/08 17:50:53 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2010/12/09 11:54:17 | 000,733,770 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010/12/08 20:21:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/08 17:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/08 17:08:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/12/07 20:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/07 20:21:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI
[2010/12/06 02:49:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/03 21:09:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll
[2010/12/03 21:07:49 | 000,044,136 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2010/12/03 19:11:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 20:13:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/18 05:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 05:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007/02/18 05:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 05:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 05:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 05:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 05:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 05:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 05:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 05:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 05:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 05:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 05:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 05:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 05:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 05:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007/02/18 05:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 05:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007/02/18 05:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 05:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== LOP Check ==========

[2011/10/02 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/09/08 17:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2010/12/16 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeStone Group
[2010/12/09 17:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/08/30 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2011/07/29 00:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rags
[2011/09/08 00:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2011/10/17 14:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/01 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vmntemplate
[2010/12/21 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/12/03 23:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/12 04:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/09 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2011/09/03 01:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/09/07 22:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/03 02:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/02 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
[2011/09/02 15:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2011/10/17 14:05:29 | 000,032,606 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/03 19:08:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/16 17:12:29 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2010/12/03 19:08:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/03 19:08:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/03 19:08:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/02/18 05:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2007/02/18 05:00:00 | 000,297,072 | RHS- | M] () -- C:\ntldr
[2011/10/17 14:07:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >


***************************OTL Extras:
OTL Extras logfile created on: 10/17/2011 2:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.25 Gb Available Physical Memory | 81.23% Memory free
12.26 Gb Paging File | 11.82 Gb Available in Paging File | 96.43% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 422.36 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive D: | 697.65 Gb Total Space | 491.83 Gb Free Space | 70.50% Space Free | Partition Type: NTFS

Computer Name: USER-14D1B69C21 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\World of Warcraft\Launcher.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files (x86)\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\7YTR5RRK.POP\EDC96J7Z.OZV\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\7YTR5RRK.POP\EDC96J7Z.OZV\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0
"C:\Program Files (x86)\Vuze\Azureus.exe" = C:\Program Files (x86)\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\World of Warcraft\Launcher.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files (x86)\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\7YTR5RRK.POP\EDC96J7Z.OZV\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\7YTR5RRK.POP\EDC96J7Z.OZV\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0
"C:\Program Files (x86)\Vuze\Azureus.exe" = C:\Program Files (x86)\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{4C1EF0B0-35DF-AF86-35FD-A72B878F262F}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java™ SE Development Kit 6 Update 27 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E0975B9F-E068-FDA2-A859-FE9A96E33784}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCA4AC-CC2A-ED92-7DF1-97ADB429FD71}" = Catalyst Control Center InstallProxy
"{09F82DF9-24B5-2662-2BF8-1E69792FF8E5}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F71A399-9C4E-43EF-CAC1-714353FB6660}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{46E21083-D598-4217-99B0-2ED3E4152759}" = CyberPower PowerPanel Personal Edition 1.2.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{75B8A4E1-D766-BD6D-4B46-D18EDA0C20B5}" = ccc-core-static
"{7F8A7B44-F41F-3C30-81C5-A6ABCF0B3A8F}" = Catalyst Control Center Localization All
"{8680699B-8A72-C987-76D4-8A49F77C5478}" = CCC Help Italian
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{BD8E745B-4F00-3B9A-AFBC-4F5772EACB49}" = CCC Help Portuguese
"{C8AC0FA5-2988-D26B-D3ED-6A344D0F767B}" = CCC Help English
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D9C35DCB-963B-7C3F-8CF1-8F62EC69F5D1}" = CCC Help Spanish
"{E7809AE1-F51C-0351-44E9-23F310A3C566}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 1.53
"avast" = avast! Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PowerDVD" = PowerDVD
"SpeedFan" = SpeedFan (remove only)
"uTorrent" = µTorrent
"Video Card Stability Test" = Video Card Stability Test
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2011 8:10:40 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error - 10/17/2011 8:10:40 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error - 10/17/2011 8:10:41 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error - 10/17/2011 8:10:41 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error - 10/17/2011 8:11:16 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80131f06

Error - 10/17/2011 8:11:19 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80131f06

Error - 10/17/2011 8:11:20 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80131f06

Error - 10/17/2011 8:11:20 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80131f06

Error - 10/17/2011 8:11:21 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80131f06

Error - 10/17/2011 8:11:21 AM | Computer Name = USER-14D1B69C21 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80131f06

[ System Events ]
Error - 10/16/2011 6:34:14 PM | Computer Name = USER-14D1B69C21 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/16/2011 6:35:03 PM | Computer Name = USER-14D1B69C21 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1275

Error - 10/17/2011 4:41:29 PM | Computer Name = USER-14D1B69C21 | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/17/2011 4:44:42 PM | Computer Name = USER-14D1B69C21 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/17/2011 4:44:48 PM | Computer Name = USER-14D1B69C21 | Source = Service Control Manager | ID = 7034
Description = The Error Reporting Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/17/2011 4:44:51 PM | Computer Name = USER-14D1B69C21 | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly. It has done this 1
time(s).

Error - 10/17/2011 5:07:59 PM | Computer Name = USER-14D1B69C21 | Source = Application Popup | ID = 1060
Description = \??\C:\WINDOWS\SysWow64\Drivers\uze4odkz.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/17/2011 5:07:59 PM | Computer Name = USER-14D1B69C21 | Source = Application Popup | ID = 1060
Description = \??\C:\WINDOWS\SysWow64\Drivers\vde4odkz.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/17/2011 5:08:07 PM | Computer Name = USER-14D1B69C21 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/17/2011 5:08:52 PM | Computer Name = USER-14D1B69C21 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1275


< End of report >



**************AVP Auto Scan log:
http://www.mediafire...otwseqegoe075mp

**************AVPtool sysinfo.zip:
http://www.mediafire...sfs7cg7tce3ixhz

Thanks again.
  • 0

#20
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Also, I have adjusted the start up programs in the past, so maybe I disabled a program that was needed, something that we could look into, just thought I would mention it.
  • 0

#21
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi Teros,

There are some files I need you to upload for checking

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window

C:\Documents and Settings\Administrator\Local Settings\Temp\0676876\0735453.exe

Click Submit/Send File
Please post back, to let me know the results.

Next

What are we going to do is start your computer by using a minimal set of drivers and startup programs so that you can determine whether a background program is interfering with your game or program. This kind of startup is known as a "clean boot."

Log on to the computer by using an account that has administrator rights.
  • Click Start, type msconfig.exe in the Start Search box, and then press ENTER to start the System Configuration Utility.
  • If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  • On the General tab, click Selective Startup, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
  • On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.
  • Click OK, and then click Restart.

Test the machine afterwards for performance issues.
  • 0

#22
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
hmmm, it could not find when copy and pasted, so I looked it up manual, not there..
  • 0

#23
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Ok. Please proceed to the next step. :)
  • 0

#24
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I tested it, but still not sure what the cause is. Really was hard to tell if it was better or not to be honest.


UPDATE: Well, seems to be getting hanged out again... Not as bad yet though.

Edited by Teros, 18 October 2011 - 04:11 AM.

  • 0

#25
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts

Really was hard to tell if it was better or not to be honest.


Still sluggish?

Step One

We're going to clean temp files and utilities left by previous tools.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/09/21 15:22:40 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\vde4odkz.sys -- (vde4odkz)
    DRV - [2011/09/21 15:22:36 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\uze4odkz.sys -- (uze4odkz)
    [2011/09/21 15:22:40 | 000,013,312 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\vde4odkz.sys
    [2011/09/21 15:22:36 | 000,011,264 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\uze4odkz.sys
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

This next step simply check the harddisk drive for errors.

Go to
Start and then to Run
Type in Chkdsk /r Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click YIf the window doesn't shutdown on its own then reboot the system manually. On reboot the system will start the chkdsk operation

This one will take longer then chkdsk /f
Note... there are 5 stages...
It may appear to hang at a certain percent for a hour or more or even back up and go over the same area...this is normal...

DO NOT SHUT YOUR COMPUTER DOWN WHILE CHKDSK IS RUNNING OR YOU CAN HAVE SEVERE PROBLEMS

This can take several hours to complete.
When completed it will boot the system back into windows.

Reboot after your done running chkdsk /r...
then Go to Start...Run and type: eventvwr.msc press Enter
When Event Viewer opens, click on Applications... then scroll down to Winlogon and double-click on it. This is the log created after running Checkdisk...copy and paste the log back here

Tell me how the machine behaves afterwards. :)
  • 0

Advertisements


#26
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Well, check disk is risky, since I have had problems with it in the past and it it will make my computer unusable for quite some time. Here is the OTL and the after reboot log from the fix I put in.

OTL: http://www.mediafire...uhragas6nic36qc

After Reboot OTL fix log: http://www.mediafire...zjcxhqv7o4az7sx


Anything else I can do besides the check disk, I really would rather not risk it...
  • 0

#27
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi Teros,

Get the HDTune free version and install it.
Right click the HDTune icon, select Run as administrator then accept the UAC prompt.
Click the Health tab, then click the Copy information button right next to your drive's temperature, then paste it here.
Do NOT do ANY scan, such as benchmark, error scan (including chkdsk) or hard drive recovery.
  • 0

#28
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
here you go.

HD Tune: WDC WD6400AAKS-65A7B Health

ID Current Worst ThresholdData Status
(01) Raw Read Error Rate 200 200 51 0 Ok
(03) Spin Up Time 154 152 21 5300 Ok
(04) Start/Stop Count 100 100 0 741 Ok
(05) Reallocated Sector Count 200 200 140 0 Ok
(07) Seek Error Rate 200 200 51 0 Ok
(09) Power On Hours Count 91 91 0 6716 Ok
(0A) Spin Retry Count 100 100 51 0 Ok
(0B) Calibration Retry Count 100 100 51 0 Ok
(0C) Power Cycle Count 99 99 0 1284 Ok
(C0) Power Off Retract Count 200 200 0 93 Ok
(C1) Load Cycle Count 200 200 0 1284 Ok
(C2) Temperature 97 91 0 50 Ok
(C4) Reallocated Event Count 200 200 0 0 Ok
(C5) Current Pending Sector 200 200 0 0 Ok
(C6) Offline Uncorrectable 200 200 0 0 Ok
(C7) Ultra DMA CRC Error Count 200 200 0 0 Ok
(C8) Write Error Rate 200 200 51 0 Ok

Power On Time : 6716
Health Status : Ok
  • 0

#29
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Harddrive looks ok.

What application/program are you using/running when these hangings occur?
  • 0

#30
Teros

Teros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
well, I cut down on some of the startups and the ones I have running when we did the clean boot. Right now I only have Utorrent, avast, windows update that won't go away, volume, and safely remove hardware. It has been running a bit better since then, went from 32-34 process to around 24-28 processes running.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP