Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Run DLL Error loading C:\Windows\system32\xxhqs.dll

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 2nd, 2011, 11:24 am

So every time i boot up i get this message. Run DLL Error loading C:\Windows\system32\xxhqs.dll I have Vista
I believe it is malware related. here is my DDS the other file, CKS scanner and diagnostic report .

thanks brian


DDS NOTEPAD
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Thompson at 13:33:58.94 on Thu 04/14/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.2400 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Steam\1\Steam.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\notepad.exe
C:\Windows\explorer.exe
C:\Users\Thompson\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mDefault_Page_URL = hxxp://www.yahoo.com
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [5a143dc3a13a948fccfbceaefece1364] C:\Users\Public\DOWNLO~1\COHSET~2.EXE /r
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [uPc+kt0NtdJsiv] rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer
uRun: [Lvhveiejl+1wmpson\AppData\Local\Temp\1682678023.exe] C:\Users\Thompson\AppData\Local\Temp\1682678023.exe
uRun: [Lvhveiejlqse] C:\Users\Thompson\AppData\Local\Temp\winlogon.exe
uRun: [Lvhveiejlqvc] C:\Users\Thompson\AppData\Local\Temp\svchost.exe
uRun: [LvhveiejlsPc] C:\Users\Thompson\AppData\Local\Temp\nvsvc32.exe
uRun: [Lvhveiejlhb] C:\Users\Thompson\AppData\Local\Temp\debug.exe
uRun: [Lvhveiejlud] C:\Users\Thompson\AppData\Local\Temp\system.exe
uRun: [Lvhveiejlora] C:\Users\Thompson\AppData\Local\Temp\iexplarer.exe
uRun: [Lvhveiejlqc] C:\Users\Thompson\AppData\Local\Temp\win.exe
uRun: [Lvhveiejlotc] C:\Users\Thompson\AppData\Local\Temp\hexdump.exe
uRun: [Lvhveiejlmc] C:\Users\Thompson\AppData\Local\Temp\mdm.exe
uRun: [Lvhveiejlo+] C:\Users\Thompson\AppData\Local\Temp\avp32.exe
uRun: [Lvhveiejlpe] C:\Users\Thompson\AppData\Local\Temp\csrss.exe
uRun: [Lvhveiejlna] C:\Users\Thompson\AppData\Local\Temp\login.exe
uRun: [Lvhveiejlpsc] C:\Users\Thompson\AppData\Local\Temp\taskmgr.exe
uRun: [Lvhveiejlqb] C:\Users\Thompson\AppData\Local\Temp\winamp.exe
uRun: [Lvhveiejlkc] C:\Users\Thompson\AppData\Local\Temp\cmd.exe
uRun: [Lvhveiejlppf] C:\Users\Thompson\AppData\Local\Temp\services.exe
uRun: [Lvhveiejlrf] C:\Users\Thompson\AppData\Local\Temp\smss.exe
uRun: [Lvhveiejl/0zmpson\AppData\Local\Temp\3496091952.exe] C:\Users\Thompson\AppData\Local\Temp\3496091952.exe
uRun: [Mquxe] C:\Windows\system.exe
uRun: [MqpSc] C:\Windows\avp32.exe
uRun: [Mquse] C:\Windows\svchost.exe
uRun: [Mqqsc] C:\Windows\drweb.exe
uRun: [Mqsuc] C:\Windows\lsass.exe
uRun: [Mque] C:\Windows\user.exe
uRun: [MqvPc] C:\Windows\win32.exe
uRun: [Lvhveiejlqf] C:\Users\Thompson\AppData\Local\Temp\user.exe
uRun: [LvhveiejlqW] C:\Users\Thompson\AppData\Local\Temp\drweb.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\1\Steam.exe" -silent
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce

"Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce

"SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Vyikofudocayewid] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\wiatodC.dll",Startup
dRun: [uPc+kt0NtdJsiv] rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/ ... ontrol.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
LSA: Notification Packages = scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: QueryExplorer: {27E679CC-6AAB-4B2A-BB87-096FE4178464} - C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: XULRunner: {4045810D-51E7-44A0-8F7E-30C4237B2268} - C:\Windows\system32\config\systemprofile\AppData\Local\{4045810D-51E7-44A0-8F7E-30C4237B2268}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.brc, BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2008-12-15 38416]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-5-15 26640]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-8-27 14904]
R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-7-3 311680]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2009-8-27 59392]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-5-16 21008]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-28 4745216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca8f757c6158f0;Google Update Service (gupdate1ca8f757c6158f0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-27 93184]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-04-07 18:02:57 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-04-07 18:00:12 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-04-07 17:52:49 -------- d-----w- C:\NVIDIA
2011-04-07 17:42:38 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-03-27 01:35:31 -------- d-----w- C:\Users\Thompson\AppData\Local\Ubisoft Game Launcher
2011-03-26 23:26:58 -------- d-----w- C:\Users\Thompson\AppData\Local\World in Conflict
2011-03-26 22:39:17 -------- d-----w- C:\Program Files (x86)\Steam
.
==================== Find3M ====================
.
2011-03-12 02:52:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-03-12 02:52:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-02-10 19:10:56 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-02-03 01:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 13:37:13.77 ===============

.ATTACH NOTEPAD
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2009 9:50:46 PM
System Uptime: 4/14/2011 12:54:00 PM (1 hours ago)
.
Motherboard: PEGATRON Corp. | | G60VX
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | Socket 478 | 800/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 122.975 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.4
Amazon Unbox Video
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Autodesk 3ds Max 2010 32-bit
Autodesk Backburner 2008.1
Bing Bar
Bing Rewards Client Installer
Capitalism II
Choice Guard
Civilization V CODE (remove only)
Commandos Behind Enemy Lines
Company of Heroes
Company of Heroes - FAKEMSI
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink LabelPrint
CyberLink Power2Go
Dawn of Discovery
deskPDF 2.5 Standard Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Setup
Express Gate
Galapago
Gangsters
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPGNet
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
ITECIR
Java Auto Updater
Java(TM) 6 Update 24
Kaspersky Anti-Virus 2010
LoJack Factory Installer
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OverDrive Media Console
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
RealUpgrade 1.1
Rise of Nations Thrones and Patriots
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
Sid Meier's Railroads!
SimCity 4 Deluxe
StarCraft II
Steam
Supreme Commander
System Requirements Lab
The Settlers 7 - Paths to a Kingdom
The Settlers IV (remove only)
Total Annihilation
Tropico 3 1.00
ubi.com
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
Wireless Console 2
World in Conflict: Soviet Assault
Xvid 1.2.1 final uninstall
.
==== End Of File ===========================

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-4JJQP-TP64Y-RPFFV
Windows Product Key Hash: W7I5PeTN2iJuvTTU9QmIXc6iQqY=
Windows Product ID: 89583-OEM-7332157-00043
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {F11EAA32-189F-4D74-A43A-BEF58D9A4626}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F11EAA32-189F-4D74-A43A-BEF58D9A4626}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RPFFV</PKey><PID>89583-OEM-7332157-00043</PID><PIDType>2</PIDType><SID>S-1-5-21-3090070989-868362510-393952071</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc. </Manufacturer><Model>G60VX </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>203 </Version><SMBIOSVersion major="2" minor="5"/><Date>20090527000000.000000+000</Date></BIOS><HWID>69303507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>8D8472FDDE63738</Val><Hash>ypmDfjT+awjHZ2e/vpdITkmyiuI=</Hash><Pid>81602-924-3452086-68161</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89583-00146-321-500043-02-1033-6001.0000-2692009
Installation ID: 105652687803999723838231172820165293083465804742732140
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: RPFFV
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEA6GG8HdYLPuVmUPDr6MPsajwP8vQSZVw2pmGsVkbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 052709 APIC1358
FACP 052709 FACP1358
DBGP 052709 DBGP1358
HPET 052709 OEMHPET
BOOT 052709 BOOT1358
MCFG 052709 OEMMCFG
SLIC _ASUS_ Notebook
ECDT 052709 OEMECDT
OEMB 052709 OEMB1358
SSDT PmRef CpuPm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\2k games\firaxis games\sid meier's railroads!\assets\terrain\textures\crackeddesertground.dds
c:\program files (x86)\2k games\firaxis games\sid meier's railroads!\assets\terrain\textures\crackeddesertground2.dds
c:\program files (x86)\2k games\firaxis games\sid meier's railroads!\assets\terrain\textures\crackeddesertground2_normal.dds
c:\program files (x86)\2k games\firaxis games\sid meier's railroads!\assets\terrain\textures\crackeddesertground_normal.dds
scanner sequence 3.CA.11
----- EOF -----
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm
Advertisement
Register to Remove

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 3rd, 2011, 5:27 pm

Looking at your log.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 3rd, 2011, 5:41 pm

Hi thomba24,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
(We will replace it later)
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.3.4

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    wiatodC.dll
    Vyikofudocayewid
    xxhqs.dll
    uPc+kt0NtdJsiv
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies
---------------------------------------------------
So, In Your Reply, we will be looking for the following contents :
  • Systemlook.txt
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 4th, 2011, 11:43 pm

thanks, askey127. I had trouble with the first part. "Remove Programs Using Control Panel" Adobe Reader 9.3.4 did not exists.
but heres the rest

SystemLook 04.09.10 by jpshortstuff
Log created at 23:14 on 04/05/2011 by Thompson
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "wiatodC.dll"



OTL Extras logfile created on: 5/4/2011 11:24:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Thompson\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 125.37 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: THOMPSON-PC | User Name: Thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A32CEC-1BBB-4E1B-A7C5-3FA2B78B8674}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{194AF436-6D87-4454-AE21-5AE4B36EF137}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{22C2092A-7EE9-4D66-B70E-2936B4C1EB6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{2DB6E79D-3B92-4F12-BCC1-AE0268B02D6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CFF517B-F31A-4EEC-A35F-9FC37584AAB6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FAA1581-626E-4CD7-A32A-56144F6C92FA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{59C6A5B6-0619-46B7-AECF-DA41296361CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B025087-E843-4337-B245-83F338B66DBB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5BC9F722-8BBE-4BB5-AB37-D0CD0411257E}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BDB249A-FA47-4F80-90C0-8B7ECC39C8B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7B7A92-CE45-4115-ABA3-37D103867532}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FDA432B-D6C2-4ED4-969C-97385548F22C}" = lport=138 | protocol=17 | dir=in | app=system |
"{870F74CC-E69E-41DE-8524-0814E9D998D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{8BAC2E36-46AE-46DC-847A-38560719919E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD1FA124-1AAB-4D34-8E6F-C68AD93991F9}" = lport=51268 | protocol=6 | dir=in | name=akamai netsession interface |
"{AD4BC338-DE5C-447E-95D1-DAC81132B6E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B9E60546-0C69-493A-A4BA-D280EFF63BF7}" = rport=139 | protocol=6 | dir=out | app=system |
"{C05F03F5-16BB-412F-BBAC-31716C2FE1A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5BA9D48-E6F8-49CD-AF43-3F0BFA5802E7}" = lport=49607 | protocol=6 | dir=in | name=akamai netsession interface |
"{C680AC3B-944B-4C2F-8D06-6CA87DA37DB0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CEDB2CA0-6409-43E7-9CCC-9DA8EB381F26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FA3A3BE1-0778-4549-9493-7B17146D55EA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04228F60-C055-46C9-B460-61381C334D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{07803B28-0039-4C08-BCF8-6762A401351E}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{09539A49-FE3A-4C61-A4CA-EC94EA5AA591}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{0BAD15F0-0113-4375-A0BA-7E2B7A0C4E93}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{0C224A6E-2471-4BC9-B80E-9A3ECF82661A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13C30D06-788C-41A8-9E98-2FE354337FE3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe |
"{154DFC76-6E13-4436-B282-5CE5E56C6D35}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\anno4.exe |
"{1AF83DA9-BA83-4A47-AD06-16C11363EB61}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\anno4.exe |
"{1FFBC60F-CCDB-462C-BFEC-ACB989A24343}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{207B47F4-DEBE-40EA-9D03-46DEFF778C97}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{289D995D-C335-42C2-8A55-8252426083B0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{2997D0C0-1B79-48B8-9002-59CA2D594CF9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\benchmark.exe |
"{340E1C97-7278-4845-A437-0A070AF38E65}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{39DA40B1-E85A-4C36-A645-1B1ABF0439F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\1\steamapps\common\sid meier's civilization v\launcher.exe |
"{3D020F39-75A5-4CDF-8239-70564FC2FC82}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3D2AE5F6-1CFA-415D-8861-0BEC97665B16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{42EC02C9-D411-4B19-B7A8-15A05994908D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{448E4D90-F7D9-436E-8F00-9A3F6FE81091}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{4F63B269-79B0-4D61-B5C1-C9721C0A5A78}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{514C3D51-027A-4DA3-B0D9-A06DC363102F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{58F5A504-3974-4412-94C8-FA3CA25C1B97}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe |
"{5E259D7C-1B54-4D3A-90A4-1E8924840270}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{5EEBA778-6FB0-45DC-B61E-63008807B7FF}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{62C396BD-79C8-46F3-89AF-68CA964DC8A3}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{67767F81-7146-4E29-ABE6-81F62AE941E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\1\steamapps\common\sid meier's civilization v\launcher.exe |
"{6AE00214-7A23-41BE-8585-0F32FCAB442E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{6B12509E-56E2-446D-B3DF-3C529AF60251}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{73726D8A-9009-4EAC-B813-E84B881FF5AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\1\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{78C9FC06-995A-45EC-A967-98956CEF0FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C08406F-80BE-4431-8937-D9D02540FAA4}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{7E6F18A1-9E41-47D4-BB9F-91CB9F0D08FD}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |
"{81A1DCC6-C349-4B9A-8A95-06389F8D9AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{93A8FB71-F421-4D6D-A79D-EEDEA2F32289}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\1\steam.exe |
"{95A6B02F-AAA6-4E27-8924-95B620DC53DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9C87C776-CE81-4674-837B-9A6D223333B7}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |
"{A1DC2D77-A22B-49EF-8762-4ACDCE3EF343}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{A3CFF6F1-6145-4A2C-8B9E-267387FBDE3D}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{AAD2B45F-59BA-4F60-BA6D-F6F72DB56416}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{AB5FADCD-4E6B-466D-8277-D76F4E530AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\benchmark.exe |
"{ACAD0135-4E81-467F-B18C-8CEA2251CB6F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{B52DCD61-0147-45B7-816E-3306D1670ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{BBAE6673-DAD0-4849-B5C0-97DC83A05CD4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BE1BEFD1-2A09-4CA0-B167-08EF2B41D528}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{BFD8974E-B9D5-4ED5-88E0-8C14F15E3E5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6688B7D-C6ED-40DC-9CBC-955169AD8E20}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{C6C22D74-9C9F-4045-BA6E-01DF90E157CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{C8CBFE82-EAAB-4E37-A63F-1BADC5C892E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D5F91C65-1706-4EED-B338-FA13699136AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\1\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{DCAA2EAA-4D31-479B-BC47-2C684163CC03}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{DE4D7046-C1E0-4D50-AB9D-AAC8B71AD98C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\anno4web.exe |
"{DF5CF03A-0199-4E7A-B0A8-67B5189552BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4CC0011-1CFD-40E2-91CC-B89A1F4340EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\1\steam.exe |
"{E532275F-2D6A-4231-8372-248B0FF47637}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{E6CD14D3-DED5-4E79-9C3C-6D645FFBE265}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{E9BBC659-922C-4273-9E12-CBE908A3A1ED}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{EA46A8A2-3E49-4341-8FAE-B5E580DEB75C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{EB07C63D-369D-4D4E-B242-F7F44EE55E3A}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{F05A7D42-90EB-400A-80DB-B0803DFC2663}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{F394A55D-59DF-4459-AD64-80DB17038CBB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\anno4web.exe |
"TCP Query User{2E43880B-4C32-4B38-A431-95F8CC03D345}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{31C45383-CF7C-43C1-8738-187360F13DD7}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{3AE370A9-591A-4762-88F8-42AB645FAAC7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{415C7D9E-058E-4791-BF2B-47A54B7AEAEA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{4655DF6F-11D4-435D-BDFF-5D70F4867BB8}C:\program files (x86)\the settlers iv\exe\s4_main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the settlers iv\exe\s4_main.exe |
"TCP Query User{4E4233C5-4022-4F65-A17D-FC3B0E7072C2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{9060E532-7F48-4B57-AF9B-57D38C187F61}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{B9B7DD70-38F0-456B-B263-C9AB190EA66F}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{C5A8C77A-74AA-44F8-9A70-D1481CDF1337}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{C6C847ED-1132-410B-8FBF-1AFDCD1A9AA7}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{FECE8928-C3B3-4316-9730-431BECA98E12}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{106919A1-CAB1-4369-8BDA-490FDB17EE72}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{1453CCA7-FD7B-46E9-BF46-266525DFB064}C:\program files (x86)\the settlers iv\exe\s4_main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the settlers iv\exe\s4_main.exe |
"UDP Query User{1F1E53EF-337C-44EC-BE52-1B59F7906AC9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{606150AF-5423-4316-9788-14176A2CFE10}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{75FA5BC6-76C0-4BD3-9A53-AD71C11E6F61}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{8C80F716-F192-4DB8-8A75-3FAB8044E075}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{9B2D1619-B66B-4392-8FF2-0026CC5C8A53}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{9B85EF7C-0418-4840-AE4B-11282D9B2A0F}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{D8B71E6C-E98B-48D1-8631-FBE24310708D}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{D923BEE5-2622-417C-9EBE-C8E7AE231759}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{EB56F341-D65A-43EE-906A-0EA5A5C4DA7E}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"USB 2.0 UVC 1.3M WebCam" = USB 2.0 UVC 1.3M WebCam
"Win2PDF_is1" = Win2PDF 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A1BE00C-EADB-B80B-0D97-40D64418793D}" = Commandos Behind Enemy Lines
"{141154CC-B23D-40E0-8242-1A747CA9B482}" = Sid Meier's Railroads!
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A143DC3-A13A-948F-CCFB-CEAEFECE1364}" = Company of Heroes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = The Settlers 7 - Paths to a Kingdom
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6A09EC92-016B-4032-8CF1-6840B20C254A}" = Dawn of Discovery
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112596253}" = Galapago
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB2286A-EFAA-4B73-AE16-FAD46AD32011}" = Dawn of Discovery
"{9E692034-4EB2-49A3-9A02-D370B925BCC1}" = Supreme Commander
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Civilization V CODE" = Civilization V CODE (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX Setup
"Gangsters" = Gangsters
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealPlayer 12.0" = RealPlayer
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Search Toolbar" = Search Toolbar
"StarCraft II" = StarCraft II
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"The Settlers IV" = The Settlers IV (remove only)
"Total Annihilation" = Total Annihilation
"Tropico3" = Tropico 3 1.00
"VLC media player" = VLC media player 1.0.1
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


OTL logfile created on: 5/4/2011 11:24:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Thompson\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 125.37 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: THOMPSON-PC | User Name: Thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
PRC - [2011/05/04 23:13:40 | 000,075,264 | ---- | M] () -- C:\Users\Thompson\Desktop\SystemLook.exe
PRC - [2011/04/30 17:00:24 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/03/27 15:57:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\1\Steam.exe
PRC - [2011/03/11 22:52:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:59:34 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/27 22:52:39 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/04 13:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 12:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 18:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 13:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 19:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 02:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/04/30 17:00:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 22:11:55 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 00:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 21:19:47 | 000,330,768 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/12 20:41:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/12 20:41:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/15 15:01:06 | 000,156,688 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/02/11 05:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2008/10/08 23:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/28 11:57:23 | 004,745,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/08/06 20:26:07 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 16:50:00 | 000,065,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 10:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3090070989-868362510-393952071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z039&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{4045810D-51E7-44A0-8F7E-30C4237B2268}: C:\Windows\system32\config\systemprofile\AppData\Local\{4045810D-51E7-44A0-8F7E-30C4237B2268}\ [2010/11/15 23:54:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/11 22:52:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/31 13:46:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 22:33:22 | 000,000,000 | ---D | M]

[2010/08/08 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Extensions
[2011/04/14 13:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions
[2010/08/08 22:57:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/15 15:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/17 20:50:12 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\searchtoolbar@zugo.com
[2011/02/17 20:50:12 | 000,001,919 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\bing-zugo.xml
[2010/08/09 12:03:09 | 000,009,949 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\mywebsearch.xml
[2011/04/14 13:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/08 19:35:58 | 000,000,000 | ---D | M] (QueryExplorer) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
[2010/08/15 15:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/28 18:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/20 21:21:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/03/11 22:52:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/06 21:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/06 21:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/11/16 20:54:10 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/11/08 07:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-3090070989-868362510-393952071-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3090070989-868362510-393952071-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3090070989-868362510-393952071-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [DisableS3S4] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\.DEFAULT..\Run: [uPc+kt0NtdJsiv] File not found
O4 - HKU\.DEFAULT..\Run: [Vyikofudocayewid] File not found
O4 - HKU\S-1-5-18..\Run: [uPc+kt0NtdJsiv] File not found
O4 - HKU\S-1-5-18..\Run: [Vyikofudocayewid] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [5a143dc3a13a948fccfbceaefece1364] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejl/0zmpson\AppData\Local\Temp\3496091952.exe] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejl+1wmpson\AppData\Local\Temp\1682678023.exe] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlhb] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlkc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlmc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlna] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlo+] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlora] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlotc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlpe] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlppf] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlpsc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlqb] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlqc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlqf] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlqse] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlqvc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [LvhveiejlqW] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlrf] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [LvhveiejlsPc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Lvhveiejlud] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [MqpSc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Mqqsc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Mqsuc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Mque] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Mquse] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Mquxe] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [MqvPc] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Search Protection] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [Steam] C:\Program Files (x86)\Steam\1\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [uPc+kt0NtdJsiv] File not found
O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 18:19:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Fireiles - (C:\Windows\system32\cmstalua.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 22:38:39 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/04/30 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/04/28 14:53:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/04/28 14:53:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/04/14 18:27:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/14 18:26:03 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 18:26:02 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 18:26:00 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 18:26:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 18:25:48 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/14 18:25:47 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/14 18:25:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/14 18:25:44 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/14 18:25:43 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/14 18:25:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/14 18:25:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/14 18:25:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011/04/14 18:25:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/07 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/04/07 14:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/04/07 14:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/04/07 13:54:55 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/04/07 13:54:54 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/04/07 13:54:54 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/04/07 13:54:54 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/04/07 13:54:54 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/04/07 13:54:54 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/04/07 13:54:53 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/04/07 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/04/07 13:52:49 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/04/07 13:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 22:49:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 22:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 22:34:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 19:37:38 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/04 19:37:38 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/04 19:37:38 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/04 19:35:26 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job
[2011/05/04 19:30:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 19:30:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 19:30:07 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 11:07:46 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/04/15 18:40:29 | 000,304,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/07 13:11:56 | 000,094,708 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/07 13:11:36 | 000,094,708 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 14:53:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/28 14:53:58 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/14 18:27:18 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/04/14 18:27:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/14 18:27:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/04/14 18:27:16 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/04/14 18:27:09 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/04/14 18:27:08 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/04/14 18:27:08 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/04/14 18:27:08 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/04/14 18:27:08 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 18:27:08 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 18:27:08 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 18:27:06 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/04/14 18:27:06 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 18:27:04 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/04/14 18:27:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/04/14 18:27:04 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/04/14 18:27:04 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/04/14 18:27:00 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/04/14 18:26:04 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 18:26:03 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 18:26:00 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 18:26:00 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 18:25:54 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/04/14 18:25:49 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/04/14 18:25:48 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/04/14 18:25:46 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/04/14 18:25:45 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/04/14 18:25:45 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/04/14 18:25:44 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/04/14 18:25:44 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/04/14 18:25:44 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/04/14 18:25:44 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011/04/14 18:25:44 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/04/14 18:25:43 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/04/14 18:25:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/04/14 18:25:43 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011/04/14 18:25:43 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/04/14 18:25:42 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/04/14 18:25:42 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/14 18:25:36 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 18:25:36 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/04/14 18:25:36 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/07 13:54:55 | 007,729,256 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/04/07 13:54:54 | 020,471,912 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll
[2011/04/07 13:54:54 | 018,580,072 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2011/04/07 13:54:54 | 012,961,640 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys
[2011/04/07 13:54:54 | 006,604,904 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll
[2011/04/07 13:54:54 | 003,112,040 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll
[2011/04/07 13:54:54 | 002,479,720 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll
[2011/04/07 13:54:54 | 001,614,440 | ---- | C] () -- C:\Windows\SysNative\nvdispco642090.dll
[2011/04/07 13:54:54 | 001,359,976 | ---- | C] () -- C:\Windows\SysNative\nvgenco642040.dll
[2011/04/07 13:54:54 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/04/07 13:54:53 | 000,067,176 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll
[2011/04/07 13:54:53 | 000,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011/03/11 22:55:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/11 22:55:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/13 19:51:56 | 000,000,680 | ---- | C] () -- C:\Users\Thompson\AppData\Local\d3d9caps.dat
[2010/03/09 15:03:15 | 000,000,245 | ---- | C] () -- C:\Windows\SysWow64\regupdate.ini
[2010/01/07 04:46:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/05 13:33:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/03 21:24:56 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2010/01/03 21:24:53 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/10/13 14:58:25 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/13 13:54:59 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/13 13:07:26 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/02 00:56:13 | 000,000,102 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\wklnhst.dat
[2009/10/01 17:51:12 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/09/27 00:53:00 | 000,007,168 | ---- | C] () -- C:\Users\Thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 21:14:02 | 000,002,029 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\install.dat
[2009/08/27 22:52:39 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/08/27 22:52:19 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/08/27 21:56:01 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/27 21:56:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 23:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:10 | 000,049,156 | ---- | C] () -- C:\Windows\SysWow64\certstore.dat
[2007/10/18 21:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\deskMenu2.dll
[2007/08/06 13:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/08/09 19:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe

========== LOP Check ==========

[2010/01/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Autodesk
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Dev-Cpp
[2010/08/05 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\OverDrive
[2009/10/02 00:56:15 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Template
[2010/08/21 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Tropico 3
[2010/09/12 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Ubisoft
[2011/05/03 22:18:43 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/04 19:35:26 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 5th, 2011, 7:12 am

thomba24,
Let's use the 64-bit version of SystemLook.
Delete the SystemLook.exe file from your desktop.
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror
  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    xxhqs.dll
    wiatodC.dll
    
    :regfind
    wiatodC.dll
    Vyikofudocayewid
    xxhqs.dll
    uPc+kt0NtdJsiv
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator")
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O4 - HKU\S-1-5-21-3090070989-868362510-393952071-1000..\Run: [uPc+kt0NtdJsiv] File not found
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-21-3090070989-868362510-393952071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O4 - HKU\.DEFAULT..\Run: [uPc+kt0NtdJsiv] File not found
    O4 - HKU\.DEFAULT..\Run: [Vyikofudocayewid] File not found
    O4 - HKU\S-1-5-18..\Run: [uPc+kt0NtdJsiv] File not found
    O4 - HKU\S-1-5-18..\Run: [Vyikofudocayewid] File not found
    O3 - HKU\S-1-5-21-3090070989-868362510-393952071-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2010/11/08 07:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml
    [2010/10/06 21:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2010/10/06 21:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/09/08 19:35:58 | 000,000,000 | ---D | M] (QueryExplorer) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again (check the box at the top, labeled Include 64 bit scans) and click the Quick Scan button.
    Post the log it produces in your next reply.

Looking for SystemLook.txt from your desktop, and the contents of OTL.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 7th, 2011, 10:34 pm

thanks for all the help. a quick update : it did not read Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll when i rebooted for the OTL. i hope i have the right OTL file as it did freeze that file when completed.

OTL logfile created on: 5/7/2011 10:13:33 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Thompson\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 129.70 Gb Free Space | 45.44% Space Free | Partition Type: NTFS

Computer Name: THOMPSON-PC | User Name: Thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
PRC - [2011/04/30 17:00:24 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/03/27 15:57:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\1\Steam.exe
PRC - [2011/03/11 22:52:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:59:34 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/27 22:52:39 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/04 13:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 12:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 18:01:10 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2008/12/09 18:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 13:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 19:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 02:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/04/30 17:00:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 22:11:55 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 00:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 21:19:47 | 000,330,768 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/12 20:41:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/12 20:41:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/15 15:01:06 | 000,156,688 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/02/11 05:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2008/10/08 23:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/28 11:57:23 | 004,745,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/08/06 20:26:07 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 16:50:00 | 000,065,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 10:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z039&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{4045810D-51E7-44A0-8F7E-30C4237B2268}: C:\Windows\system32\config\systemprofile\AppData\Local\{4045810D-51E7-44A0-8F7E-30C4237B2268}\ [2010/11/15 23:54:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/11 22:52:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/31 13:46:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/07 21:53:16 | 000,000,000 | ---D | M]

[2010/08/08 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Extensions
[2011/04/14 13:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions
[2010/08/08 22:57:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/15 15:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/17 20:50:12 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\searchtoolbar@zugo.com
[2011/02/17 20:50:12 | 000,001,919 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\bing-zugo.xml
[2010/08/09 12:03:09 | 000,009,949 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\mywebsearch.xml
[2011/05/07 21:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/15 15:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/28 18:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/20 21:21:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
[2011/03/11 22:52:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/16 20:54:10 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DisableS3S4] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [5a143dc3a13a948fccfbceaefece1364] File not found
O4 - HKCU..\Run: [Lvhveiejl/0zmpson\AppData\Local\Temp\3496091952.exe] File not found
O4 - HKCU..\Run: [Lvhveiejl+1wmpson\AppData\Local\Temp\1682678023.exe] File not found
O4 - HKCU..\Run: [Lvhveiejlhb] File not found
O4 - HKCU..\Run: [Lvhveiejlkc] File not found
O4 - HKCU..\Run: [Lvhveiejlmc] File not found
O4 - HKCU..\Run: [Lvhveiejlna] File not found
O4 - HKCU..\Run: [Lvhveiejlo+] File not found
O4 - HKCU..\Run: [Lvhveiejlora] File not found
O4 - HKCU..\Run: [Lvhveiejlotc] File not found
O4 - HKCU..\Run: [Lvhveiejlpe] File not found
O4 - HKCU..\Run: [Lvhveiejlppf] File not found
O4 - HKCU..\Run: [Lvhveiejlpsc] File not found
O4 - HKCU..\Run: [Lvhveiejlqb] File not found
O4 - HKCU..\Run: [Lvhveiejlqc] File not found
O4 - HKCU..\Run: [Lvhveiejlqf] File not found
O4 - HKCU..\Run: [Lvhveiejlqse] File not found
O4 - HKCU..\Run: [Lvhveiejlqvc] File not found
O4 - HKCU..\Run: [LvhveiejlqW] File not found
O4 - HKCU..\Run: [Lvhveiejlrf] File not found
O4 - HKCU..\Run: [LvhveiejlsPc] File not found
O4 - HKCU..\Run: [Lvhveiejlud] File not found
O4 - HKCU..\Run: [MqpSc] File not found
O4 - HKCU..\Run: [Mqqsc] File not found
O4 - HKCU..\Run: [Mqsuc] File not found
O4 - HKCU..\Run: [Mque] File not found
O4 - HKCU..\Run: [Mquse] File not found
O4 - HKCU..\Run: [Mquxe] File not found
O4 - HKCU..\Run: [MqvPc] File not found
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\1\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 18:19:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Fireiles - (C:\Windows\system32\cmstalua.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 21:52:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 22:38:39 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/04/30 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 22:17:08 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/07 22:17:08 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/07 22:17:08 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/07 22:09:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 22:09:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 22:09:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 22:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 22:08:49 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 21:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 19:36:12 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job
[2011/05/02 11:07:46 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/04/15 18:40:29 | 000,304,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 14:53:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/28 14:53:58 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/14 18:27:18 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/04/14 18:27:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/14 18:27:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/04/14 18:27:16 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/04/14 18:27:09 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/04/14 18:27:08 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/04/14 18:27:08 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/04/14 18:27:08 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/04/14 18:27:08 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 18:27:08 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 18:27:08 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 18:27:06 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/04/14 18:27:06 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 18:27:04 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/04/14 18:27:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/04/14 18:27:04 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/04/14 18:27:04 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/04/14 18:27:00 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/04/14 18:26:04 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 18:26:03 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 18:26:00 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 18:26:00 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 18:25:54 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/04/14 18:25:49 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/04/14 18:25:48 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/04/14 18:25:46 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/04/14 18:25:45 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/04/14 18:25:45 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/04/14 18:25:44 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/04/14 18:25:44 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/04/14 18:25:44 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/04/14 18:25:44 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011/04/14 18:25:44 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/04/14 18:25:43 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/04/14 18:25:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/04/14 18:25:43 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011/04/14 18:25:43 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/04/14 18:25:42 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/04/14 18:25:42 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/14 18:25:36 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 18:25:36 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/04/14 18:25:36 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/03/11 22:55:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/11 22:55:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/13 19:51:56 | 000,000,680 | ---- | C] () -- C:\Users\Thompson\AppData\Local\d3d9caps.dat
[2010/03/09 15:03:15 | 000,000,245 | ---- | C] () -- C:\Windows\SysWow64\regupdate.ini
[2010/01/07 04:46:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/05 13:33:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/03 21:24:56 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2010/01/03 21:24:53 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/10/13 14:58:25 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/13 13:54:59 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/13 13:07:26 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/02 00:56:13 | 000,000,102 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\wklnhst.dat
[2009/10/01 17:51:12 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/09/27 00:53:00 | 000,007,168 | ---- | C] () -- C:\Users\Thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 21:14:02 | 000,002,029 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\install.dat
[2009/08/27 22:52:39 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/08/27 22:52:19 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/08/27 21:56:01 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/27 21:56:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 23:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:10 | 000,049,156 | ---- | C] () -- C:\Windows\SysWow64\certstore.dat
[2007/10/18 21:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\deskMenu2.dll
[2007/08/06 13:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/08/09 19:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe

========== LOP Check ==========

[2010/01/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Autodesk
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Dev-Cpp
[2010/08/05 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\OverDrive
[2009/10/02 00:56:15 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Template
[2010/08/21 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Tropico 3
[2010/09/12 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Ubisoft
[2011/05/07 22:07:36 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/07 19:36:12 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >




SystemLook 04.09.10 by jpshortstuff
Log created at 21:33 on 07/05/2011 by Thompson
Administrator - Elevation successful

========== filefind ==========

Searching for "xxhqs.dll"
No files found.

Searching for "wiatodC.dll"
No files found.

========== regfind ==========

Searching for "wiatodC.dll"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Vyikofudocayewid"="rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\wiatodC.dll",Startup"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Vyikofudocayewid"="rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\wiatodC.dll",Startup"

Searching for "Vyikofudocayewid"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Vyikofudocayewid"="rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\wiatodC.dll",Startup"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Vyikofudocayewid"="rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\wiatodC.dll",Startup"

Searching for "xxhqs.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"
[HKEY_USERS\S-1-5-21-3090070989-868362510-393952071-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"

Searching for "uPc+kt0NtdJsiv"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"
[HKEY_USERS\S-1-5-21-3090070989-868362510-393952071-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NtdJsiv"="rundll32.exe C:\Windows\system32\xxhqs.dll, SystemServer"

-= EOF =-
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 8th, 2011, 7:12 am

thomba24,
Your machine goes to an unregistered IP address for TCPIP.
Do you know what it is?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1

----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O4 - HKCU..\Run: [5a143dc3a13a948fccfbceaefece1364] File not found
    O4 - HKCU..\Run: [Lvhveiejl/0zmpson\AppData\Local\Temp\3496091952.exe] File not found
    O4 - HKCU..\Run: [Lvhveiejl+1wmpson\AppData\Local\Temp\1682678023.exe] File not found
    [2010/08/09 12:03:09 | 000,009,949 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\mywebsearch.xml
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4045810D-51E7-44A0-8F7E-30C4237B2268}: C:\Windows\system32\config\systemprofile\AppData\Local\{4045810D-51E7-44A0-8F7E-30C4237B2268}\ [2010/11/15 23:54:43 | 000,000,000 | ---D | M]
    FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
    
    :Reg
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Vyikofudocayewid"=-
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "Vyikofudocayewid"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "uPc+kt0NtdJsiv"=-
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "uPc+kt0NtdJsiv"=-
    
    [HKEY_USERS\S-1-5-21-3090070989-868362510-393952071-1000\Software\Microsoft\Windows\CurrentVersion\Run]
    "uPc+kt0NtdJsiv"=-
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "uPc+kt0NtdJsiv"=-
    
    :Files
    C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 9th, 2011, 9:16 pm

askey127, i have no clue about that IP address. I must say, i appreciate this help very much. just keep telling me what to do. thanks, thomba


OTL logfile created on: 5/9/2011 8:59:16 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Thompson\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 129.59 Gb Free Space | 45.41% Space Free | Partition Type: NTFS

Computer Name: THOMPSON-PC | User Name: Thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
PRC - [2011/04/30 17:00:24 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/03/27 15:57:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\1\Steam.exe
PRC - [2011/03/11 22:52:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/02/25 10:59:34 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/27 22:52:39 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/04 13:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 12:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 18:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 13:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 19:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 02:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/04/30 17:00:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 22:11:55 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 00:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 21:19:47 | 000,330,768 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/12 20:41:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/12 20:41:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/15 15:01:06 | 000,156,688 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/02/11 05:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2008/10/08 23:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/28 11:57:23 | 004,745,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/08/06 20:26:07 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 16:50:00 | 000,065,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 10:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z039&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/11 22:52:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/31 13:46:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/07 21:53:16 | 000,000,000 | ---D | M]

[2010/08/08 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Extensions
[2011/04/14 13:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions
[2010/08/08 22:57:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/15 15:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/17 20:50:12 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\searchtoolbar@zugo.com
[2011/02/17 20:50:12 | 000,001,919 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\bing-zugo.xml
[2011/05/07 21:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/15 15:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/28 18:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/20 21:21:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
[2011/03/11 22:52:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/16 20:54:10 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DisableS3S4] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Lvhveiejlhb] File not found
O4 - HKCU..\Run: [Lvhveiejlkc] File not found
O4 - HKCU..\Run: [Lvhveiejlmc] File not found
O4 - HKCU..\Run: [Lvhveiejlna] File not found
O4 - HKCU..\Run: [Lvhveiejlo+] File not found
O4 - HKCU..\Run: [Lvhveiejlora] File not found
O4 - HKCU..\Run: [Lvhveiejlotc] File not found
O4 - HKCU..\Run: [Lvhveiejlpe] File not found
O4 - HKCU..\Run: [Lvhveiejlppf] File not found
O4 - HKCU..\Run: [Lvhveiejlpsc] File not found
O4 - HKCU..\Run: [Lvhveiejlqb] File not found
O4 - HKCU..\Run: [Lvhveiejlqc] File not found
O4 - HKCU..\Run: [Lvhveiejlqf] File not found
O4 - HKCU..\Run: [Lvhveiejlqse] File not found
O4 - HKCU..\Run: [Lvhveiejlqvc] File not found
O4 - HKCU..\Run: [LvhveiejlqW] File not found
O4 - HKCU..\Run: [Lvhveiejlrf] File not found
O4 - HKCU..\Run: [LvhveiejlsPc] File not found
O4 - HKCU..\Run: [Lvhveiejlud] File not found
O4 - HKCU..\Run: [MqpSc] File not found
O4 - HKCU..\Run: [Mqqsc] File not found
O4 - HKCU..\Run: [Mqsuc] File not found
O4 - HKCU..\Run: [Mque] File not found
O4 - HKCU..\Run: [Mquse] File not found
O4 - HKCU..\Run: [Mquxe] File not found
O4 - HKCU..\Run: [MqvPc] File not found
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\1\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 18:19:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Fireiles - (C:\Windows\system32\cmstalua.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 21:52:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 22:38:39 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/04/30 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

========== Files - Modified Within 30 Days ==========

[2011/05/09 20:54:39 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/05/09 20:54:28 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 20:54:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 20:54:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 20:54:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 20:54:00 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 20:36:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/08 20:42:12 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job
[2011/05/08 20:31:01 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/08 20:31:01 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/08 20:31:01 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/15 18:40:29 | 000,304,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/04/28 14:53:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/28 14:53:58 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/14 18:27:18 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/04/14 18:27:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/14 18:27:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/04/14 18:27:16 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/04/14 18:27:09 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/04/14 18:27:08 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/04/14 18:27:08 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/04/14 18:27:08 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/04/14 18:27:08 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 18:27:08 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 18:27:08 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 18:27:06 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/04/14 18:27:06 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 18:27:04 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/04/14 18:27:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/04/14 18:27:04 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/04/14 18:27:04 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/04/14 18:27:00 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/04/14 18:26:04 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 18:26:03 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 18:26:00 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 18:26:00 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 18:25:54 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/04/14 18:25:49 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/04/14 18:25:48 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/04/14 18:25:46 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/04/14 18:25:45 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/04/14 18:25:45 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/04/14 18:25:44 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/04/14 18:25:44 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/04/14 18:25:44 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/04/14 18:25:44 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011/04/14 18:25:44 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/04/14 18:25:43 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/04/14 18:25:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/04/14 18:25:43 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011/04/14 18:25:43 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/04/14 18:25:42 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/04/14 18:25:42 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/14 18:25:36 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 18:25:36 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/04/14 18:25:36 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/03/11 22:55:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/11 22:55:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/13 19:51:56 | 000,000,680 | ---- | C] () -- C:\Users\Thompson\AppData\Local\d3d9caps.dat
[2010/03/09 15:03:15 | 000,000,245 | ---- | C] () -- C:\Windows\SysWow64\regupdate.ini
[2010/01/07 04:46:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/05 13:33:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/03 21:24:56 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2010/01/03 21:24:53 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/10/13 14:58:25 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/13 13:54:59 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/13 13:07:26 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/02 00:56:13 | 000,000,102 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\wklnhst.dat
[2009/10/01 17:51:12 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/09/27 00:53:00 | 000,007,168 | ---- | C] () -- C:\Users\Thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 21:14:02 | 000,002,029 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\install.dat
[2009/08/27 22:52:39 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/08/27 22:52:19 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/08/27 21:56:01 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/27 21:56:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 23:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:10 | 000,049,156 | ---- | C] () -- C:\Windows\SysWow64\certstore.dat
[2007/10/18 21:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\deskMenu2.dll
[2007/08/06 13:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/08/09 19:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe

========== LOP Check ==========

[2010/01/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Autodesk
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Dev-Cpp
[2010/08/05 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\OverDrive
[2009/10/02 00:56:15 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Template
[2010/08/21 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Tropico 3
[2010/09/12 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Ubisoft
[2011/05/09 20:53:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/09 21:08:06 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 10th, 2011, 7:40 am

thomba24,
-----------------------------------------------------------
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath.
Copy and paste this filepath:
C:\WINDOWS\system32\acovcnt.exe

Then hit Submit or Upload, depending on the scanner.
The scan will take a while before the result comes up so please be patient.
Then copy and/or save the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html
or virus.org here: http://scanner.virus.org/

----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator")
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O4 - HKCU..\Run: [Lvhveiejlhb] File not found
    O4 - HKCU..\Run: [Lvhveiejlkc] File not found
    O4 - HKCU..\Run: [Lvhveiejlmc] File not found
    O4 - HKCU..\Run: [Lvhveiejlna] File not found
    O4 - HKCU..\Run: [Lvhveiejlo+] File not found
    O4 - HKCU..\Run: [Lvhveiejlora] File not found
    O4 - HKCU..\Run: [Lvhveiejlotc] File not found
    O4 - HKCU..\Run: [Lvhveiejlpe] File not found
    O4 - HKCU..\Run: [Lvhveiejlppf] File not found
    O4 - HKCU..\Run: [Lvhveiejlpsc] File not found
    O4 - HKCU..\Run: [Lvhveiejlqb] File not found
    O4 - HKCU..\Run: [Lvhveiejlqc] File not found
    O4 - HKCU..\Run: [Lvhveiejlqf] File not found
    O4 - HKCU..\Run: [Lvhveiejlqse] File not found
    O4 - HKCU..\Run: [Lvhveiejlqvc] File not found
    O4 - HKCU..\Run: [LvhveiejlqW] File not found
    O4 - HKCU..\Run: [Lvhveiejlrf] File not found
    O4 - HKCU..\Run: [LvhveiejlsPc] File not found
    O4 - HKCU..\Run: [Lvhveiejlud] File not found
    O4 - HKCU..\Run: [MqpSc] File not found
    O4 - HKCU..\Run: [Mqqsc] File not found
    O4 - HKCU..\Run: [Mqsuc] File not found
    O4 - HKCU..\Run: [Mque] File not found
    O4 - HKCU..\Run: [Mquse] File not found
    O4 - HKCU..\Run: [Mquxe] File not found
    O4 - HKCU..\Run: [MqvPc] File not found
    O4 - HKCU..\Run: [msnmsgr] File not found
    O4 - HKCU..\Run: [Search Protection] File not found
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please post the results from Jotti or Virus total, the latest OTL.txt log from your desktop, and tell me the name of your Internet Provider.
Is it a private business, or what company do you pay for Internet access?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 12th, 2011, 8:20 pm

hello, I use roadrunner internet service from Time Warner Cable. Now, at Jotti's malware scan, when i entered the filepath I received this -- Status: File is empty (0 bytes)! -- I waited at least an hour and nothing happened. the upload progress never changed. The service load is low green. at http://www.virustotal.com/xhtml/index_en.html i posted the filepath and hit the send file button. nothing happened. maybe i did not wait long enough. i will note, that i was on http://www.virustotal.com/xhtml/index.html the _en was not in the link. I believe i was in the right spot at upload a file, though.
http://scanner.virus.org/ is under construction.




--OTL logfile created on: 5/12/2011 7:54:10 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Thompson\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 128.03 Gb Free Space | 44.86% Space Free | Partition Type: NTFS

Computer Name: THOMPSON-PC | User Name: Thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 19:51:24 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
PRC - [2011/03/27 15:57:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\1\Steam.exe
PRC - [2011/03/11 22:52:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:59:34 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/27 22:52:39 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/04 13:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 12:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 18:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 13:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 19:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 02:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/05/12 19:51:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 22:11:55 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 00:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 21:19:47 | 000,330,768 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/12 20:41:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/12 20:41:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/15 15:01:06 | 000,156,688 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/02/11 05:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2008/10/08 23:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/28 11:57:23 | 004,745,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/08/06 20:26:07 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 16:50:00 | 000,065,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 10:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z039&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/11 22:52:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/31 13:46:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/07 21:53:16 | 000,000,000 | ---D | M]

[2010/08/08 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Extensions
[2011/04/14 13:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions
[2010/08/08 22:57:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/15 15:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/17 20:50:12 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\searchtoolbar@zugo.com
[2011/02/17 20:50:12 | 000,001,919 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\bing-zugo.xml
[2011/05/07 21:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/15 15:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/28 18:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/20 21:21:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
[2011/03/11 22:52:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/16 20:54:10 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DisableS3S4] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\1\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 18:19:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Fireiles - (C:\Windows\system32\cmstalua.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 21:52:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 22:38:39 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/04/30 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

========== Files - Modified Within 30 Days ==========

[2011/05/12 19:49:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/05/12 19:49:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 19:49:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 19:49:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 19:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/12 19:49:17 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/12 19:46:18 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job
[2011/05/12 19:34:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/08 20:31:01 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/08 20:31:01 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/08 20:31:01 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/15 18:40:29 | 000,304,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/04/28 14:53:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/28 14:53:58 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/14 18:27:18 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/04/14 18:27:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/14 18:27:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/04/14 18:27:16 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/04/14 18:27:09 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/04/14 18:27:08 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/04/14 18:27:08 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/04/14 18:27:08 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/04/14 18:27:08 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 18:27:08 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 18:27:08 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 18:27:06 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/04/14 18:27:06 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 18:27:04 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/04/14 18:27:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/04/14 18:27:04 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/04/14 18:27:04 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/04/14 18:27:00 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/04/14 18:26:04 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 18:26:03 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 18:26:00 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 18:26:00 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 18:25:54 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/04/14 18:25:49 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/04/14 18:25:48 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/04/14 18:25:46 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/04/14 18:25:45 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/04/14 18:25:45 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/04/14 18:25:44 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/04/14 18:25:44 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/04/14 18:25:44 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/04/14 18:25:44 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011/04/14 18:25:44 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/04/14 18:25:43 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/04/14 18:25:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/04/14 18:25:43 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011/04/14 18:25:43 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/04/14 18:25:42 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/04/14 18:25:42 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/14 18:25:36 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 18:25:36 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/04/14 18:25:36 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/03/11 22:55:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/11 22:55:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/13 19:51:56 | 000,000,680 | ---- | C] () -- C:\Users\Thompson\AppData\Local\d3d9caps.dat
[2010/03/09 15:03:15 | 000,000,245 | ---- | C] () -- C:\Windows\SysWow64\regupdate.ini
[2010/01/07 04:46:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/05 13:33:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/03 21:24:56 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2010/01/03 21:24:53 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/10/13 14:58:25 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/13 13:54:59 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/13 13:07:26 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/02 00:56:13 | 000,000,102 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\wklnhst.dat
[2009/10/01 17:51:12 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/09/27 00:53:00 | 000,007,168 | ---- | C] () -- C:\Users\Thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 21:14:02 | 000,002,029 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\install.dat
[2009/08/27 22:52:39 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/08/27 22:52:19 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/08/27 21:56:01 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/27 21:56:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 23:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:10 | 000,049,156 | ---- | C] () -- C:\Windows\SysWow64\certstore.dat
[2007/10/18 21:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\deskMenu2.dll
[2007/08/06 13:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/08/09 19:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe

========== LOP Check ==========

[2010/01/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Autodesk
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Dev-Cpp
[2010/08/05 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\OverDrive
[2009/10/02 00:56:15 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Template
[2010/08/21 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Tropico 3
[2010/09/12 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Ubisoft
[2011/05/12 19:48:27 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/12 19:46:18 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 13th, 2011, 9:26 am

thomba24,
Using Bing for searches is OK, but using a Search toolbar from zugo.com is not the best idea, even if the two are loosely affiliated.
See here: http://hosts-file.net/default.asp?s=zugo.com
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    [2011/02/17 20:50:12 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\searchtoolbar@zugo.com
    [2011/02/17 20:50:12 | 000,001,919 | ---- | M] () -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\bing-zugo.xml
    [2010/11/16 20:54:10 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
    
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    
    :Files
    C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
    C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\searchplugins\bing-zugo.xml
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
----------------------------------------------

Please run a full scan with your kaspersky Anti-virus, and have it remove anything it finds.

Let me know how the machine is running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 14th, 2011, 7:22 pm

hello. I removed the Zugo toolbar. I have noticed the computer is running slower than the last post. I am running the Kaspersky now. It says it will be done in ten hours so i decided to post now. I hope this is alright.

its 9.34, this is a update, tthe computer is very quick i said it was slow around 7:00 but it has changed. I will keep you updated working great. pages are coming up very quick.

OTL logfile created on: 5/14/2011 6:29:22 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Thompson\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 127.33 Gb Free Space | 44.61% Space Free | Partition Type: NTFS

Computer Name: THOMPSON-PC | User Name: Thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 19:51:24 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
PRC - [2011/03/27 15:57:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\1\Steam.exe
PRC - [2011/03/11 22:52:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/27 22:52:39 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/04 13:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 12:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 18:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 13:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 19:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 02:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 23:22:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/05/12 19:51:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 22:11:55 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 00:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 21:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 21:19:47 | 000,330,768 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/12 20:41:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/12 20:41:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/15 15:01:06 | 000,156,688 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/02/11 05:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2008/10/08 23:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/28 11:57:23 | 004,745,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/08/06 20:26:07 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 16:50:00 | 000,065,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 10:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z039&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/11 22:52:48 | 000,000,000 | ---D | M]

[2010/08/08 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Extensions
[2011/05/14 18:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions
[2010/08/08 22:57:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/15 15:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\8r41gnc5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/14 18:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/15 15:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/28 18:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/20 21:21:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
[2011/03/11 22:52:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\THOMPSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8R41GNC5.DEFAULT\EXTENSIONS\SEARCHTOOLBAR@ZUGO.COM
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DisableS3S4] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\1\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 18:19:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Fireiles - (C:\Windows\system32\cmstalua.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 18:16:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/07 21:52:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 22:38:39 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/04/30 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

========== Files - Modified Within 30 Days ==========

[2011/05/14 18:26:05 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/05/14 18:25:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 18:25:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 18:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/14 18:25:38 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 18:00:16 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job
[2011/05/08 20:31:01 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/08 20:31:01 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/08 20:31:01 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/15 18:40:29 | 000,304,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/04/28 14:53:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/28 14:53:58 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/03/11 22:55:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/11 22:55:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/13 19:51:56 | 000,000,680 | ---- | C] () -- C:\Users\Thompson\AppData\Local\d3d9caps.dat
[2010/03/09 15:03:15 | 000,000,245 | ---- | C] () -- C:\Windows\SysWow64\regupdate.ini
[2010/01/07 04:46:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/05 13:33:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/03 21:24:56 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2010/01/03 21:24:53 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/10/13 14:58:25 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/13 13:54:59 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/13 13:07:26 | 000,094,708 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/02 00:56:13 | 000,000,102 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\wklnhst.dat
[2009/10/01 17:51:12 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/09/27 00:53:00 | 000,007,168 | ---- | C] () -- C:\Users\Thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 21:14:02 | 000,002,029 | ---- | C] () -- C:\Users\Thompson\AppData\Roaming\install.dat
[2009/08/27 22:52:39 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/08/27 22:52:19 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/08/27 21:56:01 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/27 21:56:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 23:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:10 | 000,049,156 | ---- | C] () -- C:\Windows\SysWow64\certstore.dat
[2007/10/18 21:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\deskMenu2.dll
[2007/08/06 13:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/08/09 19:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe

========== LOP Check ==========

[2010/01/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Autodesk
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Dev-Cpp
[2010/08/05 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\OverDrive
[2009/10/02 00:56:15 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Template
[2010/08/21 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Tropico 3
[2010/09/12 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\Thompson\AppData\Roaming\Ubisoft
[2011/05/14 18:24:48 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/14 18:00:16 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{674963B1-2A24-43DF-AE9A-93B4DD0AA6C2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 15th, 2011, 6:38 pm

thomba24,
I think your machine is clean.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator")
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    File not found (No name found) -- C:\USERS\THOMPSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8R41GNC5.DEFAULT\EXTENSIONS\SEARCHTOOLBAR@ZUGO.COM
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
----------------------------------------------
After the Fix, you can run OTL again and click the CleanUp button to remove the tools we used.

Let me know if you have any further issues. Otherwise, Good Luck!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby thomba24 » May 19th, 2011, 1:00 pm

thanks for all the help askey127. Do you think Kaspersky is a good anti-virus? I mean should I go with a different security program or buy or add something different? I guess what iam getting at is, do you think my computer is vulnerable to future attacks?

once again, i appreciate the wonderful support

thanks,
thomba
thomba24
Active Member
 
Posts: 11
Joined: April 14th, 2011, 1:37 pm

Re: Run DLL Error loading C:\Windows\system32\xxhqs.dll

Unread postby askey127 » May 19th, 2011, 1:47 pm

thomba
Kaspersky is an excellent antivirus. I would keep it.
You should be in good shape.
Just be careful what you click on, and don't use any P2P file sharing.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware