re-chinese program via avast

joe134

waddler_8 wrote: »

• Double-click OTL.exe to start the program.
• Allow the UAC prompt
• Copy and Paste all the following code into the textbox. Do not include the word Code

  :otl
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0    
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
  [2012/03/24 11:37:08 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
  [2012/03/24 14:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com
  [2011/09/12 13:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@Facemoods.com
  [2012/06/12 17:00:35 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com
  
  :commands
  [EMPTYTEMP]
  [CREATERESTOREPOINT]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Click OK & allow it to do so if asked.
• The report should appear in Notepad after the reboot.
• Copy and Paste that report in your next reply.

You like me wadder , insomniac, didn,t realise you, All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
Folder move failed. C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com\content scheduled to be moved on reboot.
Folder move failed. C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com scheduled to be moved on reboot.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\images folder moved successfully.
Folder move failed. C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content scheduled to be moved on reboot.
Folder move failed. C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: joe
->Temp folder emptied: 18184308 bytes
->Temporary Internet Files folder emptied: 5455229 bytes
->Java cache emptied: 4071174 bytes
->FireFox cache emptied: 15786631 bytes
->Google Chrome cache emptied: 9603936 bytes
->Flash cache emptied: 57056 bytes

User: Journal

User: Public

User: RegBack

User: systemprofile

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8897996 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 11112012_083946

Files\Folders moved on Reboot...
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com folder moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000006B04D7B6AE4042C0B1 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...had returned, just done it, here goes.

waddler_8

Download AdwCleaner from the link & save it to your desktop/downloads.

LINK

• Right click AdwCleaner.exe & chosse "Run as Administrator" to run it.

• Click Search.
• A logfile will automatically open after the scan has finished.
• Close the adwCleaner window, click ok to the prompt.
• Post the contents of that logfile with your next reply.
• You can also find the logfile at C:\AdwCleaner[R1].txt.

joe134

waddler_8 wrote: »

Download AdwCleaner from the link & save it to your desktop/downloads.

LINK

• Right click AdwCleaner.exe & chosse "Run as Administrator" to run it.

• Click Search.
• A logfile will automatically open after the scan has finished.
• Close the adwCleaner window, click ok to the prompt.
• Post the contents of that logfile with your next reply.
• You can also find the logfile at C:\AdwCleaner[R1].txt.

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 11:25:24
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\joe\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\joe\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\joe\AppData\LocalLow\Funmoods
Folder Found : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Found : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com

***** [Registry] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4803 octets] - [11/11/2012 11:23:20]
AdwCleaner[R2].txt - [4734 octets] - [11/11/2012 11:25:24]

########## EOF - C:\AdwCleaner[R2].txt - [4794 octets] ##########

waddler_8

Good. Run it again as above but this time select the Delete option. Allow it to reboot.

joe134

waddler_8 wrote: »

Good. Run it again as above but this time select the Delete option. Allow it to reboot.

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 11:42:40
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\joe\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\joe\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\joe\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\extensions\ffxtlbr@funmoods.com

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\prefs.js

C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\earbh9qp.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4803 octets] - [11/11/2012 11:23:20]
AdwCleaner[R2].txt - [4863 octets] - [11/11/2012 11:25:24]
AdwCleaner[S1].txt - [4992 octets] - [11/11/2012 11:42:40]

########## EOF - C:\AdwCleaner[S1].txt - [5052 octets] ##########

waddler_8

Good. You can run it again and choose the uninstall function now.

Back to your original problem. I cant see a (malicious) reason for the behaviour. Acer is a Far East brand, so maybe it's Acer related.

Download Process Explorer. It has a tool for seeing which processes are behind an active window. There's a target icon which when you drag it over the window, shows the associated processes.

http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

joe134

waddler_8 wrote: »

Good. You can run it again and choose the uninstall function now.

Back to your original problem. I cant see a (malicious) reason for the behaviour. Acer is a Far East brand, so maybe it's Acer related.

Download Process Explorer. It has a tool for seeing which processes are behind an active window. There's a target icon which when you drag it over the window, shows the associated processes.

http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

Hi waddler, thanks very much, just downloaded it.All the processes that were running at the same time as the chinese one was, looked ok. nothing showing as chinese or other running above 1>2.
Could be Acer, but it shows Acer running in task manager always.
Appreciate everything you have done for me , and all the other advice in the past.really grateful.
I will uninstal it now,if that,s everything. Wierd how that crops up after avast update to new version:could be just coincidence ??
Enjoy rest of your day.:beer:

debitcardmayhem

waddler_8 wrote: »

Good. You can run it again and choose the uninstall function now.

Back to your original problem. I cant see a (malicious) reason for the behaviour. Acer is a Far East brand, so maybe it's Acer related.

Download Process Explorer. It has a tool for seeing which processes are behind an active window. There's a target icon which when you drag it over the window, shows the associated processes.

http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

I seem to remember seeing a similar problem where the PC was using a Search Domain on the Network adapter (related to the Router install disk ...piece of carp) It may be worth running ipconfig /all in a command prompt ? Mind you some of the stuff run above should have picked up in that though

waddler_8

debitcardmayhem wrote: »

...some of the stuff run above should have picked up in that though

Yes, OTL would have done.

Joe,

When/if it does it again, run ProcessExplorer and drag the target icon over the active window to see the process behind it - thay may give more clues. Have a play with it in the meantime to see how it works. I can help if need be.

• Double-click OTL.exe
• Click the CleanUp! button
• Select Yes when the Begin cleanup Process? Prompt appears
• If you are prompted to Reboot during the cleanup, select Yes
• The tool will delete itself once it finishes, if not delete it by yourself

Then clear all but the last restore point.

http://windows.microsoft.com/en-GB/windows-vista/Delete-a-restore-point

joe134

waddler_8 wrote: »

Yes, OTL would have done.

Joe,

When/if it does it again, run ProcessExplorer and drag the target icon over the active window to see the process behind it - thay may give more clues. Have a play with it in the meantime to see how it works. I can help if need be.

• Double-click OTL.exe
• Click the CleanUp! button
• Select Yes when the Begin cleanup Process? Prompt appears
• If you are prompted to Reboot during the cleanup, select Yes
• The tool will delete itself once it finishes, if not delete it by yourself

Then clear all but the last restore point.

http://windows.microsoft.com/en-GB/windows-vista/Delete-a-restore-point

I have just had a little look at it, and it,s surprising how many processes are running.
Hovered over all, and there are three that say,Path. "error opening process" Don,t know if that means anything/
One is Acer related.QtZgAcerEXE ?
there,s a couple similar.
Good tool, far superior to task manager.
done restore points, disc cleanup.
thanks again waddler, much appreciated