Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer randomly shutting down


  • This topic is locked This topic is locked
25 replies to this topic

#1 LTAB1

LTAB1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 08 June 2011 - 08:07 AM

Windows has often started telling me there is an error and shutting down the system. Fan on the computer constantly working overtime as well. Malwarebytes and eset have not found anything. Starting the computer in safe mode just to get on here. What's my next move? Thanks in advance.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 16 June 2011 - 04:16 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 June 2011 - 08:30 PM

Thanks is advance for the help. Sorry took so long to get back. Busy couple of days at work. Here are the OTL reports. Having trouble getting GMER.zip to open. When I right click it, there is no "extract all" prompt. Let me know what I should do or if I should just skip it. Thanks again.

OTL logfile created on: 6/17/2011 8:18:59 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Aaron B\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.31% Memory free
4.21 Gb Paging File | 2.88 Gb Available in Paging File | 68.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 106.61 Gb Free Space | 37.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: AARONB-PC | User Name: Aaron B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 19:41:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
PRC - [2011/06/08 07:32:25 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe
PRC - [2011/05/18 09:54:23 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/16 07:51:00 | 022,119,824 | ---- | M] (magicJack L.P.) -- C:\Users\Aaron B\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2011/05/06 11:03:10 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/05/06 11:03:10 | 000,259,848 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/08/27 17:59:24 | 000,398,672 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/07/21 17:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/04/11 01:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2007/05/11 08:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/03 03:53:38 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5200 Series\ezprint.exe
PRC - [2007/05/03 03:50:24 | 000,230,320 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
PRC - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbtcoms.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/23 15:13:38 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2006/11/08 14:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2005/11/30 11:43:00 | 000,058,952 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 19:41:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
MOD - [2011/06/16 03:04:42 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011/06/16 03:04:42 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/06/08 17:40:55 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/10/06 10:18:06 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/11/30 11:43:00 | 000,058,952 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (gearsec)


========== Driver Services (SafeList) ==========

DRV - [2011/06/02 20:08:20 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110615.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/05/19 14:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 19:16:03 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110617.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 19:16:03 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110617.020\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 18:37:09 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 18:37:09 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/01 22:07:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/09/29 21:30:56 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 16:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/10/19 16:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/16 11:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/02 08:28:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/01 22:08:32 | 000,000,000 | ---D | M]

[2010/02/10 20:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron B\AppData\Roaming\Mozilla\Extensions
[2010/02/10 20:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron B\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL ()
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [cdloader] C:\Users\Aaron B\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Aaron B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi2 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi7 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 19:41:09 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
[2011/06/16 08:16:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron B\AppData\Roaming\IObit
[2011/06/08 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/06/08 17:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/08 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Aaron B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/08 17:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/08 17:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/06/08 17:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/06 22:37:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron B\Dubstep Remixes
[2009/08/30 12:14:33 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2009/08/30 12:14:33 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2009/08/30 12:14:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2009/08/30 12:14:33 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2009/08/30 12:14:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2009/08/30 12:14:33 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2009/08/30 12:14:33 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbtih.exe
[2009/08/30 12:14:33 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2009/08/30 12:14:33 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2009/08/30 12:14:33 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2009/08/30 12:14:32 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2009/08/30 12:14:32 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2009/08/30 12:14:32 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbtcoms.exe
[2009/08/30 12:14:32 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2009/08/30 12:14:32 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbtcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 20:15:02 | 000,293,977 | ---- | M] () -- C:\Users\Aaron B\Desktop\gmer.zip
[2011/06/17 20:08:09 | 000,000,000 | ---- | M] () -- C:\Users\Aaron B\defogger_reenable
[2011/06/17 20:03:34 | 000,000,905 | ---- | M] () -- C:\Users\Aaron B\Desktop\magicJack.lnk
[2011/06/17 19:59:41 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 19:59:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 19:59:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 19:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 19:43:33 | 000,050,477 | ---- | M] () -- C:\Users\Aaron B\Desktop\Defogger.exe
[2011/06/17 19:41:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
[2011/06/17 18:46:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 18:38:11 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/06/16 08:16:24 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/15 17:40:49 | 007,284,509 | ---- | M] () -- C:\Users\Aaron B\Documents\Intergalactic (Fuzzy Logic Remix).mp3
[2011/06/15 17:39:50 | 000,008,994 | -HS- | M] () -- C:\Users\Aaron B\Documents\Folder.jpg
[2011/06/15 17:39:50 | 000,008,994 | -HS- | M] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Large.jpg
[2011/06/15 17:39:40 | 000,002,342 | -HS- | M] () -- C:\Users\Aaron B\Documents\AlbumArtSmall.jpg
[2011/06/15 17:39:40 | 000,002,342 | -HS- | M] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Small.jpg
[2011/06/08 18:02:57 | 000,002,487 | ---- | M] () -- C:\Users\Aaron B\Desktop\HiJackThis.lnk
[2011/06/08 17:56:13 | 001,402,880 | ---- | M] () -- C:\Users\Aaron B\Desktop\HiJackThis.msi
[2011/06/08 17:53:37 | 000,000,774 | ---- | M] () -- C:\Users\Aaron B\Desktop\SpywareBlaster.lnk
[2011/06/08 17:38:03 | 000,336,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/01 08:51:09 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 08:42:36 | 000,001,940 | ---- | M] () -- C:\Users\Aaron B\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 20:15:01 | 000,293,977 | ---- | C] () -- C:\Users\Aaron B\Desktop\gmer.zip
[2011/06/17 20:08:09 | 000,000,000 | ---- | C] () -- C:\Users\Aaron B\defogger_reenable
[2011/06/17 19:43:32 | 000,050,477 | ---- | C] () -- C:\Users\Aaron B\Desktop\Defogger.exe
[2011/06/15 17:39:58 | 000,008,994 | -HS- | C] () -- C:\Users\Aaron B\Documents\Folder.jpg
[2011/06/15 17:39:58 | 000,008,994 | -HS- | C] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Large.jpg
[2011/06/15 17:39:58 | 000,002,342 | -HS- | C] () -- C:\Users\Aaron B\Documents\AlbumArtSmall.jpg
[2011/06/15 17:39:58 | 000,002,342 | -HS- | C] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Small.jpg
[2011/06/08 17:57:42 | 000,002,487 | ---- | C] () -- C:\Users\Aaron B\Desktop\HiJackThis.lnk
[2011/06/08 17:56:09 | 001,402,880 | ---- | C] () -- C:\Users\Aaron B\Desktop\HiJackThis.msi
[2011/06/08 17:53:37 | 000,000,774 | ---- | C] () -- C:\Users\Aaron B\Desktop\SpywareBlaster.lnk
[2011/05/12 14:11:15 | 000,001,940 | ---- | C] () -- C:\Users\Aaron B\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/07 07:22:40 | 000,001,189 | ---- | C] () -- C:\Users\Aaron B\AppData\Roaming\vso_ts_preview.xml
[2011/04/06 20:45:22 | 000,000,056 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010/11/25 09:58:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 13:56:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 13:56:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/04 10:46:02 | 000,000,110 | ---- | C] () -- C:\Windows\{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}_WiseFW.ini
[2009/08/30 12:14:33 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbtinst.dll
[2009/07/29 10:15:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/29 03:01:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/22 16:00:44 | 000,002,650 | ---- | C] () -- C:\Windows\compedia.ini
[2008/11/01 16:34:43 | 000,001,280 | ---- | C] () -- C:\Users\Aaron B\AppData\Roaming\wklnhst.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/11 19:50:32 | 000,008,937 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/09/13 17:07:48 | 000,244,736 | ---- | C] () -- C:\Users\Aaron B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/11 11:52:37 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/11 11:52:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007/09/11 04:07:07 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2007/09/11 04:07:07 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,336,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/05/25 09:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbtcnv4.dll

========== LOP Check ==========

[2010/10/26 18:22:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Amazon
[2010/09/29 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Canneverbe Limited
[2011/02/07 18:57:29 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\FrostWire
[2011/06/08 21:09:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\IObit
[2010/06/23 17:30:38 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\M-Audio
[2011/06/17 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\mjusbsp
[2010/11/23 18:06:04 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\NCH Swift Sound
[2009/03/29 12:56:55 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\OpenOffice.org
[2009/04/11 09:36:21 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\SmartDraw
[2008/11/01 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Template
[2011/06/17 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\uTorrent
[2011/05/08 17:29:28 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Vso
[2010/09/08 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\W Photo Studio
[2010/09/08 16:58:23 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\W Photo Studio Viewer
[2009/08/19 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Walgreens
[2011/06/16 03:23:45 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 08:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/11 11:52:46 | 000,004,925 | RH-- | M] () -- C:\dell.sdr
[2005/02/02 15:33:48 | 000,225,280 | ---- | M] (GEAR Software Inc.) -- C:\GEARAspi64.dll
[2010/09/18 11:45:33 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/09/13 17:05:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/24 21:56:52 | 000,000,078 | ---- | M] () -- C:\lxbt.log
[2007/09/13 17:05:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/09 12:08:31 | 000,000,827 | ---- | M] () -- C:\net_save.dna
[2010/03/04 12:44:48 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/03/04 12:44:48 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2010/03/04 12:44:48 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2010/03/04 12:44:48 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{898345d9-2125-11df-b38f-001aa092902b}.TM.blf
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345d9-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345d9-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 12:44:48 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{898345dd-2125-11df-b38f-001aa092902b}.TM.blf
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345dd-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345dd-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000002.regtrans-ms
[2011/06/17 19:59:23 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys
[2008/12/10 17:35:37 | 000,000,959 | ---- | M] () -- C:\rollback.ini
[2008/02/26 10:19:11 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2011/04/06 20:45:33 | 000,008,734 | ---- | M] () -- C:\StarBurn.log
[2007/09/11 04:23:43 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2008/08/25 23:25:13 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/01/30 05:24:50 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxbtpp5c.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



Report #2

OTL Extras logfile created on: 6/17/2011 8:19:00 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Aaron B\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.31% Memory free
4.21 Gb Paging File | 2.88 Gb Available in Paging File | 68.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 106.61 Gb Free Space | 37.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: AARONB-PC | User Name: Aaron B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1950EA42-5A83-46CA-90ED-37349FF2D8C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21B737F0-D200-44BD-912D-6E277C644BA8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{244CEA72-961B-447F-B61E-F9E6A2F56687}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{298C2895-5B93-47AF-A308-B4231CBC4FD7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AC3B9CA-5B6F-4711-9A3C-63E3A748C51E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2DB5667C-930E-44D1-AF80-22D9F07D435F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{33B1ECC7-E8C9-402A-97AE-19D06EE04D4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49D9E091-0C99-4A4A-9A38-8097F879EEC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BFED7CA-5BD1-495E-95D3-4216C02BD766}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6921E383-BF51-4EAD-AC4A-2E4AD8570129}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6A2235EF-9D58-4B62-BCB5-861FA375953A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{712E4BFB-788E-4799-984C-BE33BFDA3A7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72E35EFE-82C3-494A-96E3-DCE8BE97E0F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{741DBAF6-7733-43C4-8647-4C96392FB88E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{86E67A4F-F4DA-44FD-A065-FADF11079EB6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97738A83-02B5-4C51-9531-2715E7403762}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A6007F8B-D4DF-41F2-AB5F-F030AE226812}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B0135EE3-364B-457A-BF23-E6B6713B8E05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1D53105-FB4B-4E59-967C-2E1A00195AD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD46F805-C4F2-44CC-AE07-A6E9811B5E2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C29512C8-F6BF-4317-9774-5AF853B1D6CE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CFCE6D32-3DE2-4701-9B8F-0F7E8BAACCBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE7C33B4-0939-4B8C-B4CF-40E1E2E02FD7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FBD5C774-4293-47A3-AE7B-261A2FE914B9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0299B504-0AF0-4FFD-9F7F-4F8320BD8480}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0495A13C-54F2-49B7-9EF3-5A1F571D54F4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0E7E03B9-7C1C-4794-85AE-007024F9A1BE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{132924A0-69A1-465A-A6D1-CDB57AA52C66}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{14E420D8-B630-41B5-92D4-9617F961CEA6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{177963A5-F309-4ED3-AAD3-DBA6FC02686D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{235F05CF-01B9-423A-914C-FE366824C21E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{25F46CC6-C5C3-4B08-B3BF-9A2AA59019A9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2CD5C874-47FB-4D14-9D93-C5F3EEC58299}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{330FC18D-772A-414C-A917-910FD6FCD569}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3D865E8E-939B-46B1-BBFA-5408D9F717DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44DDF9DC-8928-4BBE-A2EF-95BAF7257844}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{58DC5ECD-8272-4A52-AF3A-05A4408FEA96}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5DBF71FE-1FA1-4950-B393-80AB0A7A0F8D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6517DB06-5385-49C2-8585-29EBAD01170B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6772F417-1120-4D66-A35E-A608623DE4E8}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6952B584-D6E8-4FAF-89BE-2595BBD63F25}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{70C9F03E-BA74-44ED-A49D-3EE6FDBD7990}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{71E07B60-1CAA-47B0-A205-E388D0DFDD89}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{88C82327-69A1-40BE-A3E8-CC6B25CBFFBE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{8F3F2601-0597-448D-BE04-20F225ED94C2}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A21DF82B-B525-4799-B2E0-1995534664CA}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{A669FCB5-77CD-4DC6-9F33-57107BDF8FB1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B70F32B5-6B2A-4E37-B43D-7C006C047BD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BE204F25-5949-48E9-97A7-7B66477D76C5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C18E5B38-710F-4907-AEAC-689AC8201999}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C5FE8302-A82A-432E-A8DC-9BEFE7DF9611}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C746256F-0766-4E7C-B16C-72F2DA807229}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C99FDC53-3EB0-4AE4-A61B-C680F00C64B0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D759058B-A411-4322-AB37-0D04DD9B88F7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D8508E6B-7EDA-4680-852D-13A50F71DDF1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{D9BF1B5F-816A-4B0F-8F2E-2C8011F11C08}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DAE825AC-5C6E-427E-BC60-F06F6043397C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{DE5D7CE1-DA04-4E1C-A9BF-CC570A21DFE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king's quest collection\sierralauncher.exe |
"{DE7F3A89-DCCD-488A-9BB5-3DF8DD54DB0E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F221EFD4-7003-4C83-AD63-7B53F5213B5B}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{F56615F0-415D-4F6C-847C-EC74D0F8B269}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king's quest collection\sierralauncher.exe |
"{FA0387CD-07C2-4F1C-84A2-E72CC35B2741}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FC6C1D1B-CBC0-4F88-87A7-BBD1D49C4D31}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FF550072-F88C-4ABF-B8D5-C83475143A86}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{6BF452D8-A8CC-4EF8-84A9-3F30226F4EF8}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{B48A0FA7-30F4-4956-A353-F0E8E40405CE}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}" = LeapFrog Connect
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3AEEE100-8219-4097-B080-BA14E7072530}" = Creativity Workshop 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{6111D354-E5CA-814E-79F2-88030FFF4C39}" = Space Quest Collection
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99F9CF6-77FF-4133-82D3-401199797FFF}" = Memory & Puzzles
"{CBDF1A29-D7F6-4E65-89F5-3300D475D6B9}" = Bing Bar
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DA55E50A-8DE2-4AE2-AA81-E701E3EE23FD}" = MixMeister Fusion Demo
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.12.352
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD6E6368-D5FA-4824-B896-B4A589495156}" = LeapFrog Tag Plugin
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBE8D303-A690-4DA3-A181-771A1E9C1AE5}" = Vocabulary Booster 1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"023782E7-308A-4278-9762-947348D4DF34" = Polar Bowler from WildGames (remove only)
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"169E7C03-35E3-4E8A-855F-225246CE3E5E" = Polar Golfer from WildGames (remove only)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister
"FL Studio 9" = FL Studio 9
"Google Desktop" = Google Desktop
"Hardcore" = Hardcore
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{3AEEE100-8219-4097-B080-BA14E7072530}" = Creativity Workshop 2
"InstallShield_{C99F9CF6-77FF-4133-82D3-401199797FFF}" = Memory & Puzzles
"InstallShield_{EBE8D303-A690-4DA3-A181-771A1E9C1AE5}" = Vocabulary Booster 1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 5200 Series" = Lexmark 5200 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"M-Audio Key Rig_is1" = M-Audio Key Rig 1.0.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton Security Suite
"PoiZone" = PoiZone
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Sawer" = Sawer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 10100" = King's Quest Collection
"SystemRequirementsLab" = System Requirements Lab
"Torq LE_is1" = Torq LE 1.0.5 (Build001 -- Aug 30 2007)
"Toxic Biohazard" = Toxic Biohazard
"TVWiz" = Intel® TV Wizard
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"WildTangent CDA" = WildTangent Web Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMP Playlist_is1" = WMP Playlist 2.2.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1639883624-3534290113-4186776636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2010 8:16:39 PM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066739, process id 0x1480, application
start time 0x01cabd8b32a2cb90.

Error - 3/7/2010 12:05:30 AM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module IEShims.dll, version 8.0.6001.18882, time stamp 0x4b3ee8a8,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x638, application
start time 0x01cabdab6d1beb60.

Error - 3/14/2010 5:54:15 PM | Computer Name = AaronB-PC | Source = Application Hang | ID = 1002
Description = The program game3.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: d08 Start Time: 01cac3c070ca6550 Termination Time: 4

Error - 3/17/2010 7:57:33 AM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066739, process id 0xb80, application
start time 0x01cac5c7776286f0.

Error - 3/22/2010 10:46:08 AM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module IEShims.dll, version 8.0.6001.18882, time stamp 0x4b3ee8a8,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x1334, application
start time 0x01cac9ce67c3fd40.

Error - 3/22/2010 6:46:34 PM | Computer Name = AaronB-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 3/25/2010 7:29:49 AM | Computer Name = AaronB-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 3/27/2010 11:28:22 PM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module IEShims.dll, version 8.0.6001.18882, time stamp 0x4b3ee8a8,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x1320, application
start time 0x01cace26b739567c.

Error - 3/29/2010 7:50:29 PM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module IEShims.dll, version 8.0.6001.18882, time stamp 0x4b3ee8a8,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x1180, application
start time 0x01cacf9a9c35c050.

Error - 3/29/2010 7:55:26 PM | Computer Name = AaronB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066739, process id 0xc2c, application
start time 0x01cacf9ac29a9bd0.

[ Media Center Events ]
Error - 6/3/2008 10:14:33 AM | Computer Name = AaronB-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/25/2008 3:42:09 PM | Computer Name = AaronB-PC | Source = McrMgr | ID = 100
Description =

Error - 12/18/2008 11:50:56 PM | Computer Name = AaronB-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/21/2009 11:27:58 PM | Computer Name = AaronB-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/27/2009 11:30:07 PM | Computer Name = AaronB-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/16/2011 8:18:47 PM | Computer Name = AaronB-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:17:05 PM on 6/16/2011 was unexpected.

Error - 6/16/2011 8:18:49 PM | Computer Name = AARONB-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001AA092902B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/16/2011 8:20:34 PM | Computer Name = AaronB-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/17/2011 8:59:38 AM | Computer Name = AaronB-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001AA092902B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/17/2011 9:06:33 AM | Computer Name = AaronB-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001AA092902B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/17/2011 8:53:00 PM | Computer Name = AaronB-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:51:51 PM on 6/17/2011 was unexpected.

Error - 6/17/2011 8:53:01 PM | Computer Name = AARONB-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001AA092902B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/17/2011 8:55:30 PM | Computer Name = AaronB-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/17/2011 8:59:27 PM | Computer Name = AaronB-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:57:55 PM on 6/17/2011 was unexpected.

Error - 6/17/2011 9:01:06 PM | Computer Name = AaronB-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#4 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 18 June 2011 - 08:21 AM

Here is the GMER log.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-18 08:19:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.ADG
Running: h637z61y.exe; Driver: C:\Users\AARONB~1\AppData\Local\Temp\pwdiqpog.sys


---- System - GMER 1.0.15 ----

SSDT 87182110 ZwAlertResumeThread
SSDT 87173110 ZwAlertThread
SSDT 874B5B88 ZwAllocateVirtualMemory
SSDT 868F1C20 ZwAlpcConnectPort
SSDT 871B5158 ZwAssignProcessToJobObject
SSDT 874C9B00 ZwCreateMutant
SSDT 874CD210 ZwCreateSymbolicLinkObject
SSDT 874B4A88 ZwCreateThread
SSDT 871AF108 ZwDebugActiveProcess
SSDT 874B5DA0 ZwDuplicateObject
SSDT 874B5568 ZwFreeVirtualMemory
SSDT 87189128 ZwImpersonateAnonymousToken
SSDT 87185108 ZwImpersonateThread
SSDT 868F1200 ZwLoadDriver
SSDT 874B6F70 ZwMapViewOfSection
SSDT 8718BA58 ZwOpenEvent
SSDT 874B5FC0 ZwOpenProcess
SSDT 86B3C118 ZwOpenProcessToken
SSDT 8719F068 ZwOpenSection
SSDT 874B5EB0 ZwOpenThread
SSDT 874CDE80 ZwProtectVirtualMemory
SSDT 8716D118 ZwResumeThread
SSDT 87154068 ZwSetContextThread
SSDT 874B6D18 ZwSetInformationProcess
SSDT 871A2120 ZwSetSystemInformation
SSDT 87195120 ZwSuspendProcess
SSDT 87162118 ZwSuspendThread
SSDT 86B36110 ZwTerminateProcess
SSDT 87171110 ZwTerminateThread
SSDT 87148110 ZwUnmapViewOfSection
SSDT 874B5878 ZwWriteVirtualMemory
SSDT 874CD6E0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820EA8A0 8 Bytes [10, 21, 18, 87, 10, 31, 17, ...] {ADC [ECX], AH; SBB [EDI-0x78e8cef0], AL}
.text ntkrnlpa.exe!KeSetEvent + 131 820EA8B4 4 Bytes [88, 5B, 4B, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 820EA8C0 4 Bytes [20, 1C, 8F, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 820EA914 4 Bytes [58, 51, 1B, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820EA978 4 Bytes [00, 9B, 4C, 87]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!EnableWindow 761ACD8B 5 Bytes JMP 6D0598BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 761D10B0 5 Bytes JMP 6CFB15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 761D2EF5 5 Bytes JMP 6D1A5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 761E8152 5 Bytes JMP 6D1A5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 761E847D 5 Bytes JMP 6D1A5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 761FD4D9 5 Bytes JMP 6D1A5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 761FD5D3 5 Bytes JMP 6D1A5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 761FD639 5 Bytes JMP 6D1A5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 761FD65D 5 Bytes JMP 6D1A5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] kernel32.dll!CreateThread 759FC90E 5 Bytes JMP 6D0171CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateDialogParamW 761A72A2 5 Bytes JMP 6D1A61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!GetAsyncKeyState 761A863C 5 Bytes JMP 6CFFDC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetWindowsHookExW 761A87AD 5 Bytes JMP 6D05204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 761A8E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 761A8E3B 5 Bytes JMP 6D077A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!UnhookWindowsHookEx 761A98DB 5 Bytes JMP 6D09E9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!EnableWindow 761ACD8B 5 Bytes JMP 6D0598BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DefWindowProcA 761ADB88 7 Bytes JMP 6D0193F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExA 761ADC2A 2 Bytes JMP 6D023223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExA + 3 761ADC2D 2 Bytes [E7, F6] {OUT 0xf6, EAX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExW 761B1305 5 Bytes JMP 6D07FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!GetKeyState 761B8CB1 5 Bytes JMP 6CFFDB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DefWindowProcW 761C03B4 7 Bytes JMP 6D077AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!IsDialogMessageW 761C0745 5 Bytes JMP 6D1A6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateDialogParamA 761C17AA 5 Bytes JMP 6D1A61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!IsDialogMessage 761C1847 5 Bytes JMP 6D1A693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateDialogIndirectParamA 761C26F1 5 Bytes JMP 6D1A6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateDialogIndirectParamW 761C9A62 5 Bytes JMP 6D1A6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetKeyboardState 761D0987 5 Bytes JMP 6D1A722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamW 761D10B0 5 Bytes JMP 6CFB15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamW 761D2EF5 5 Bytes JMP 6D1A5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SendInput 761D2F75 5 Bytes JMP 6D1A71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!EndDialog 761D326E 5 Bytes JMP 6D1A6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetCursorPos 761E6FB2 5 Bytes JMP 6D1A72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamA 761E8152 5 Bytes JMP 6D1A5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamA 761E847D 5 Bytes JMP 6D1A5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectA 761FD4D9 5 Bytes JMP 6D1A5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectW 761FD5D3 5 Bytes JMP 6D1A5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExA 761FD639 5 Bytes JMP 6D1A5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExW 761FD65D 5 Bytes JMP 6D1A5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!keybd_event 761FD972 5 Bytes JMP 6D1A7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] SHELL32.dll!SHRestricted + D95 766589A8 4 Bytes [37, 01, 50, 6B] {AAA ; ADD [EAX+0x6b], EDX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] SHELL32.dll!SHRestricted + D9D 766589B0 8 Bytes [60, 61, 4F, 6B, E1, F6, 4F, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!OleLoadFromStream 764A1E80 5 Bytes JMP 6D1A666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!HttpOpenRequestA 77125539 5 Bytes JMP 6901F9CE C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WININET.dll!HttpOpenRequestW 77125DCB 5 Bytes JMP 6901FB32 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WS2_32.dll!closesocket 75BA330C 5 Bytes JMP 693A637A C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WS2_32.dll!recv 75BA343A 5 Bytes JMP 693A667E C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WS2_32.dll!socket 75BA36D1 5 Bytes JMP 693A56ED C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WS2_32.dll!connect 75BA40D9 5 Bytes JMP 693A577D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WS2_32.dll!getaddrinfo 75BA418A 5 Bytes JMP 693A58A5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] WS2_32.dll!send 75BA659B 5 Bytes JMP 693A5CF8 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] kernel32.dll!CreateThread 759FC90E 5 Bytes JMP 6D0171CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateDialogParamW 761A72A2 5 Bytes JMP 6D1A61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!GetAsyncKeyState 761A863C 5 Bytes JMP 6CFFDC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!SetWindowsHookExW 761A87AD 5 Bytes JMP 6D05204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CallNextHookEx 761A8E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CallNextHookEx 761A8E3B 5 Bytes JMP 6D077A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!UnhookWindowsHookEx 761A98DB 5 Bytes JMP 6D09E9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!EnableWindow 761ACD8B 5 Bytes JMP 6D0598BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DefWindowProcA 761ADB88 7 Bytes JMP 6D0193F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateWindowExA 761ADC2A 2 Bytes JMP 6D023223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateWindowExA + 3 761ADC2D 2 Bytes [E7, F6] {OUT 0xf6, EAX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateWindowExW 761B1305 5 Bytes JMP 6D07FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!GetKeyState 761B8CB1 5 Bytes JMP 6CFFDB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DefWindowProcW 761C03B4 7 Bytes JMP 6D077AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!IsDialogMessageW 761C0745 5 Bytes JMP 6D1A6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateDialogParamA 761C17AA 5 Bytes JMP 6D1A61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!IsDialogMessage 761C1847 5 Bytes JMP 6D1A693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateDialogIndirectParamA 761C26F1 5 Bytes JMP 6D1A6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateDialogIndirectParamW 761C9A62 5 Bytes JMP 6D1A6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!SetKeyboardState 761D0987 5 Bytes JMP 6D1A722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxParamW 761D10B0 5 Bytes JMP 6CFB15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxIndirectParamW 761D2EF5 5 Bytes JMP 6D1A5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!SendInput 761D2F75 5 Bytes JMP 6D1A71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!EndDialog 761D326E 5 Bytes JMP 6D1A6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!SetCursorPos 761E6FB2 5 Bytes JMP 6D1A72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxParamA 761E8152 5 Bytes JMP 6D1A5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxIndirectParamA 761E847D 5 Bytes JMP 6D1A5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxIndirectA 761FD4D9 5 Bytes JMP 6D1A5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxIndirectW 761FD5D3 5 Bytes JMP 6D1A5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxExA 761FD639 5 Bytes JMP 6D1A5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxExW 761FD65D 5 Bytes JMP 6D1A5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!keybd_event 761FD972 5 Bytes JMP 6D1A7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] SHELL32.dll!SHRestricted + D95 766589A8 4 Bytes [37, 01, 50, 6B] {AAA ; ADD [EAX+0x6b], EDX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] SHELL32.dll!SHRestricted + D9D 766589B0 8 Bytes [60, 61, 4F, 6B, E1, F6, 4F, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] ole32.dll!OleLoadFromStream 764A1E80 5 Bytes JMP 6D1A666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WININET.dll!HttpOpenRequestA 77125539 5 Bytes JMP 6901F9CE C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WININET.dll!HttpOpenRequestW 77125DCB 5 Bytes JMP 6901FB32 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WS2_32.dll!closesocket 75BA330C 5 Bytes JMP 693A637A C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WS2_32.dll!recv 75BA343A 5 Bytes JMP 693A667E C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WS2_32.dll!socket 75BA36D1 5 Bytes JMP 693A56ED C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WS2_32.dll!connect 75BA40D9 5 Bytes JMP 693A577D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WS2_32.dll!getaddrinfo 75BA418A 5 Bytes JMP 693A58A5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] WS2_32.dll!send 75BA659B 5 Bytes JMP 693A5CF8 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Aaron B\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{60DF040C-994B-11E0-97C2-001AA092902B}.dat 0 bytes

---- EOF - GMER 1.0.15 ----

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 18 June 2011 - 10:50 AM

Hello, LTAB1.

This may be as simple as overheating. What error do you get before it shuts down? I can see the unexpected shutdowns, but the error causing it is not recorded.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.















Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 18 June 2011 - 08:01 PM

Uninstalled the UTorrent. Also, here is the log from MBAM. If it is an overheating problem, what is the solution there?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6891

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/18/2011 7:59:10 PM
mbam-log-2011-06-18 (19-59-10).txt

Scan type: Quick scan
Objects scanned: 199894
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 19 June 2011 - 09:24 AM

Hello, LTAB1.

If it is overheating, the solution is to ensure it's properly cooled...don't block the fan exhaust, etc. You did say the fan was working hard, right? Let's do a few other things as well.





Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 20 June 2011 - 08:43 AM

OTL report

OTL logfile created on: 6/20/2011 7:47:57 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Aaron B\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.75% Memory free
4.21 Gb Paging File | 2.51 Gb Available in Paging File | 59.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 104.83 Gb Free Space | 36.39% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: AARONB-PC | User Name: Aaron B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 19:41:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
PRC - [2011/06/08 07:32:25 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe
PRC - [2011/05/18 09:54:23 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/16 07:51:00 | 022,119,824 | ---- | M] (magicJack L.P.) -- C:\Users\Aaron B\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2011/05/06 11:03:10 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/05/06 11:03:10 | 000,259,848 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/08/27 17:59:24 | 000,398,672 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/07/21 17:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2007/05/11 08:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/03 03:53:38 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5200 Series\ezprint.exe
PRC - [2007/05/03 03:50:24 | 000,230,320 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
PRC - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbtcoms.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/23 15:13:38 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2006/11/08 14:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2005/11/30 11:43:00 | 000,058,952 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 19:41:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
MOD - [2011/06/16 03:04:42 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011/06/16 03:04:42 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011/04/18 19:05:15 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/11 01:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/11 01:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/11 01:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2008/01/19 02:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/19 02:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008/01/19 02:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/06/08 17:40:55 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/10/06 10:18:06 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/11/30 11:43:00 | 000,058,952 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (gearsec)


========== Driver Services (SafeList) ==========

DRV - [2011/06/02 20:08:20 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110615.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/05/19 14:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 19:16:03 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110619.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 19:16:03 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110619.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 18:37:09 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 18:37:09 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/01 22:07:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/09/29 21:30:56 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 16:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/10/19 16:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/16 11:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1639883624-3534290113-4186776636-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/02 08:28:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/01 22:08:32 | 000,000,000 | ---D | M]

[2010/02/10 20:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron B\AppData\Roaming\Mozilla\Extensions
[2010/02/10 20:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron B\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL ()
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [cdloader] C:\Users\Aaron B\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1001..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1002..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Aaron B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1639883624-3534290113-4186776636-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi2 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi7 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 19:41:09 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
[2011/06/16 08:16:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/08 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron B\AppData\Roaming\IObit
[2011/06/08 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/06/08 17:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/08 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Aaron B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/08 17:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/08 17:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/06/08 17:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/06 22:37:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron B\Dubstep Remixes
[2009/08/30 12:14:33 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2009/08/30 12:14:33 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2009/08/30 12:14:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2009/08/30 12:14:33 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2009/08/30 12:14:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2009/08/30 12:14:33 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2009/08/30 12:14:33 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbtih.exe
[2009/08/30 12:14:33 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2009/08/30 12:14:33 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2009/08/30 12:14:33 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2009/08/30 12:14:32 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2009/08/30 12:14:32 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2009/08/30 12:14:32 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbtcoms.exe
[2009/08/30 12:14:32 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2009/08/30 12:14:32 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbtcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 07:48:11 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 07:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 06:01:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 06:01:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 20:08:09 | 000,000,000 | ---- | M] () -- C:\Users\Aaron B\defogger_reenable
[2011/06/17 20:03:34 | 000,000,905 | ---- | M] () -- C:\Users\Aaron B\Desktop\magicJack.lnk
[2011/06/17 19:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 19:43:33 | 000,050,477 | ---- | M] () -- C:\Users\Aaron B\Desktop\Defogger.exe
[2011/06/17 19:41:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron B\Desktop\OTL.exe
[2011/06/16 18:38:11 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/06/16 08:16:24 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/15 17:40:49 | 007,284,509 | ---- | M] () -- C:\Users\Aaron B\Documents\Intergalactic (Fuzzy Logic Remix).mp3
[2011/06/15 17:39:50 | 000,008,994 | -HS- | M] () -- C:\Users\Aaron B\Documents\Folder.jpg
[2011/06/15 17:39:50 | 000,008,994 | -HS- | M] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Large.jpg
[2011/06/15 17:39:40 | 000,002,342 | -HS- | M] () -- C:\Users\Aaron B\Documents\AlbumArtSmall.jpg
[2011/06/15 17:39:40 | 000,002,342 | -HS- | M] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Small.jpg
[2011/06/08 18:02:57 | 000,002,487 | ---- | M] () -- C:\Users\Aaron B\Desktop\HiJackThis.lnk
[2011/06/08 17:56:13 | 001,402,880 | ---- | M] () -- C:\Users\Aaron B\Desktop\HiJackThis.msi
[2011/06/08 17:53:37 | 000,000,774 | ---- | M] () -- C:\Users\Aaron B\Desktop\SpywareBlaster.lnk
[2011/06/08 17:38:03 | 000,336,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/01 08:51:09 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 08:42:36 | 000,001,940 | ---- | M] () -- C:\Users\Aaron B\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 20:08:09 | 000,000,000 | ---- | C] () -- C:\Users\Aaron B\defogger_reenable
[2011/06/17 19:43:32 | 000,050,477 | ---- | C] () -- C:\Users\Aaron B\Desktop\Defogger.exe
[2011/06/15 17:39:58 | 000,008,994 | -HS- | C] () -- C:\Users\Aaron B\Documents\Folder.jpg
[2011/06/15 17:39:58 | 000,008,994 | -HS- | C] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Large.jpg
[2011/06/15 17:39:58 | 000,002,342 | -HS- | C] () -- C:\Users\Aaron B\Documents\AlbumArtSmall.jpg
[2011/06/15 17:39:58 | 000,002,342 | -HS- | C] () -- C:\Users\Aaron B\Documents\AlbumArt_{45CDD393-944B-4895-A0AD-06B6492066A5}_Small.jpg
[2011/06/08 17:57:42 | 000,002,487 | ---- | C] () -- C:\Users\Aaron B\Desktop\HiJackThis.lnk
[2011/06/08 17:56:09 | 001,402,880 | ---- | C] () -- C:\Users\Aaron B\Desktop\HiJackThis.msi
[2011/06/08 17:53:37 | 000,000,774 | ---- | C] () -- C:\Users\Aaron B\Desktop\SpywareBlaster.lnk
[2011/05/12 14:11:15 | 000,001,940 | ---- | C] () -- C:\Users\Aaron B\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/07 07:22:40 | 000,001,189 | ---- | C] () -- C:\Users\Aaron B\AppData\Roaming\vso_ts_preview.xml
[2011/04/06 20:45:22 | 000,000,056 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010/11/25 09:58:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 13:56:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 13:56:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/04 10:46:02 | 000,000,110 | ---- | C] () -- C:\Windows\{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}_WiseFW.ini
[2009/08/30 12:14:33 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbtinst.dll
[2009/07/29 10:15:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/29 03:01:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/22 16:00:44 | 000,002,650 | ---- | C] () -- C:\Windows\compedia.ini
[2008/11/01 16:34:43 | 000,001,280 | ---- | C] () -- C:\Users\Aaron B\AppData\Roaming\wklnhst.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/11 19:50:32 | 000,008,937 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/09/13 17:07:48 | 000,244,736 | ---- | C] () -- C:\Users\Aaron B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/11 11:52:37 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/11 11:52:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007/09/11 04:07:07 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2007/09/11 04:07:07 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,336,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/05/25 09:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbtcnv4.dll

========== LOP Check ==========

[2010/10/26 18:22:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Amazon
[2010/09/29 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Canneverbe Limited
[2011/02/07 18:57:29 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\FrostWire
[2011/06/08 21:09:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\IObit
[2010/06/23 17:30:38 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\M-Audio
[2011/06/17 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\mjusbsp
[2010/11/23 18:06:04 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\NCH Swift Sound
[2009/03/29 12:56:55 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\OpenOffice.org
[2009/04/11 09:36:21 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\SmartDraw
[2008/11/01 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Template
[2011/06/18 19:52:22 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\uTorrent
[2011/05/08 17:29:28 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Vso
[2010/09/08 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\W Photo Studio
[2010/09/08 16:58:23 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\W Photo Studio Viewer
[2009/08/19 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Aaron B\AppData\Roaming\Walgreens
[2011/06/16 03:23:45 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 08:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/11 11:52:46 | 000,004,925 | RH-- | M] () -- C:\dell.sdr
[2005/02/02 15:33:48 | 000,225,280 | ---- | M] (GEAR Software Inc.) -- C:\GEARAspi64.dll
[2010/09/18 11:45:33 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/09/13 17:05:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/24 21:56:52 | 000,000,078 | ---- | M] () -- C:\lxbt.log
[2007/09/13 17:05:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/09 12:08:31 | 000,000,827 | ---- | M] () -- C:\net_save.dna
[2010/03/04 12:44:48 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/03/04 12:44:48 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2010/03/04 12:44:48 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2010/03/04 12:44:48 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{898345d9-2125-11df-b38f-001aa092902b}.TM.blf
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345d9-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345d9-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 12:44:48 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{898345dd-2125-11df-b38f-001aa092902b}.TM.blf
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345dd-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 12:44:48 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{898345dd-2125-11df-b38f-001aa092902b}.TMContainer00000000000000000002.regtrans-ms
[2011/06/17 19:59:23 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys
[2008/12/10 17:35:37 | 000,000,959 | ---- | M] () -- C:\rollback.ini
[2008/02/26 10:19:11 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2011/04/06 20:45:33 | 000,008,734 | ---- | M] () -- C:\StarBurn.log
[2007/09/11 04:23:43 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2008/08/25 23:25:13 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/01/30 05:24:50 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxbtpp5c.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/09/11 11:48:42 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/09/11 11:48:35 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/09/11 11:48:35 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/09/11 11:48:42 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/09/11 11:48:42 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2007/09/11 11:51:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Users\Aaron B\AppData\Local\Temp\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/09/11 11:51:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 02:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 04:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Users\Aaron B\AppData\Local\Temp\ws2_32.dll
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006/11/02 04:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/09/11 11:48:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/09/11 11:48:42 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/09/11 11:48:35 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/09/11 11:48:35 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/09/11 11:48:42 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/09/11 11:48:42 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/12 20:26:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2007/09/11 11:51:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Users\Aaron B\AppData\Local\Temp\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/09/11 11:51:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 02:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 04:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Users\Aaron B\AppData\Local\Temp\ws2_32.dll
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006/11/02 04:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


I will post the ESET in the next reply. Thanks again.

#9 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 20 June 2011 - 05:24 PM

No threats found in the ESET scan....

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 20 June 2011 - 06:02 PM

OK, when you boot up, is your system slow? Or is it very responsive, but the fan is working hard?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 20 June 2011 - 08:36 PM

System seems to be fairly responsive now, but the fan just seems to work overtime when there's not a whole lot going on. Not like I have a bunch of windows open. Sometimes have to reboot to get the fan to stop even after I've closed everything out that I'm working on.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 21 June 2011 - 06:01 PM

Hello, LTAB1.


Step 1


OK, when your fan is working hard, press Ctrl-Shift-Esc to bring up Task Manager. Make sure the Processes tab is selected. Then, click CPU to sort by CPU. That will sort by CPU usage. If zeros rise ot the top, click CPU again to invert it. Let me know if anything has a number >10 in the CPU column. (note, if there is a button to "show processes from all users" below the list of processes, please click that first.) Let me know what is > 10. Ignore System Idle Process...that is just 100 - the sum of all the other processes' CPU usage.

Also, if you hold your hand near the fan exhaust, is the airflow fairly warm? I'm guessing it will feel fairly warm/hot but want to confirm.



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 LTAB1

LTAB1
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 21 June 2011 - 08:50 PM

Doesn't really feel overly hot when the fan is working. Haven't been able to get it to kick on and stay on like it has been. If I can, I'll post the Ctrl-Shift-Esc report. Thanks again. Here is other log you requested.

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-21 20:28:12
-----------------------------
20:28:12.731 OS Version: Windows 6.0.6002 Service Pack 2
20:28:12.731 Number of processors: 2 586 0xF0B
20:28:12.731 ComputerName: AARONB-PC UserName: Aaron B
20:28:16.709 Initialize success
20:28:29.282 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:28:29.298 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
20:28:31.466 Disk 0 MBR read successfully
20:28:31.466 Disk 0 MBR scan
20:28:31.466 Disk 0 unknown MBR code
20:28:33.557 Disk 0 scanning sectors +625139712
20:28:33.744 Disk 0 scanning C:\Windows\system32\drivers
20:29:25.458 Service scanning
20:29:26.659 Disk 0 trace - called modules:
20:29:26.690
20:29:26.690 Scan finished successfully
20:30:08.007 Disk 0 MBR has been saved successfully to "C:\Users\Aaron B\Desktop\MBR.dat"
20:30:08.007 The log file has been saved successfully to "C:\Users\Aaron B\Desktop\aswMBR.txt"

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 22 June 2011 - 06:12 AM

That looks OK as well. Keep me posted...please reply back in a day or two and let me know if it is running OK or if the fan overheats again.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 25 June 2011 - 05:43 AM

Still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users