Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus, Malware Removal Help

Started by dude_tad , Jul 15 2011 01:50 AM

  • Please log in to reply

#1
dude_tad
Posted 15 July 2011 - 01:50 AM

dude_tad

    New Member

  • Member
  • Pip
  • 1 posts
I had my computer on all night when I got up and turned the screen on I had a blue screen saying there was some sort of porblem. I shut it down and restarted. When it came back on it seemed slower and my malware blocker keeps saying "blocked access to a potentialy dangerous site outgoing" followed by some numbers like 212.35.147 that change every time. I ran my computer on safe mode and did 2 scans with my malware and 2 scans with my norton antivirus but nothing. The malware blocker continues to pop up now and then with the same blurb as above. Please help.



OTL logfile created on: 7/15/2011 3:32:04 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Aaron\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 50.72% Memory free
7.50 Gb Paging File | 5.50 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.72 Gb Total Space | 778.27 Gb Free Space | 84.44% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 03:31:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Downloads\OTL.exe
PRC - [2011/07/03 21:25:42 | 004,771,184 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 16:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 10:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009/12/23 16:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 16:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/11/17 23:42:26 | 005,821,952 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/02/02 22:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 03:31:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Downloads\OTL.exe
MOD - [2011/03/24 23:42:37 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/10 10:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 10:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 16:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/22 00:00:18 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 20:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/25 23:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/01 15:41:12 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/30 04:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/10 09:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/27 21:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/10 12:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/07/16 07:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 00:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/05/18 04:47:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2011/07/07 17:01:40 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110714.034\IDSviA64.sys -- (IDSVia64)
DRV - [2011/06/22 00:00:02 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110714.022\EX64.SYS -- (NAVEX15)
DRV - [2011/06/22 00:00:02 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/22 00:00:02 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/22 00:00:02 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110714.022\ENG64.SYS -- (NAVENG)
DRV - [2011/06/16 01:56:18 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2008/01/04 16:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/07/06 17:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_0_8 [2011/07/13 23:22:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e357b57c-9a0c-11e0-b936-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e357b57c-9a0c-11e0-b936-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 08:50:13 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes
[2011/07/13 08:50:06 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/13 08:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/13 08:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/13 08:50:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/13 08:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/13 08:37:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2011/07/13 08:37:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0305000.017
[2011/07/13 08:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2011/07/13 08:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/07/13 08:31:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/07/13 08:17:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\NPE
[2011/07/13 07:38:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/06 20:54:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\vlc
[2011/07/06 20:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[2011/07/06 20:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011/07/06 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Ilivid Player
[2011/07/06 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandoo
[2011/07/06 20:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011/07/06 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/07/06 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\PackageAware
[2011/07/03 21:25:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Google
[2011/07/03 21:25:52 | 000,000,000 | ---D | C] -- C:\extensions
[2011/07/03 21:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/07/03 21:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/07/03 21:25:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Conduit
[2011/07/03 21:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrentBar
[2011/07/03 21:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011/07/03 21:24:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2011/06/24 10:53:35 | 009,136,678 | ---- | C] (UltimateWoWGuide.com) -- C:\Users\Aaron\Desktop\DugiGuides_1.0.2.exe
[2011/06/24 10:51:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\.duginstaller
[2011/06/24 10:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/24 10:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/24 10:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/22 11:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/22 11:57:39 | 000,000,000 | ---D | C] -- C:\1f5a533fa0cf5405351cf62efc03b3bd
[2011/06/22 11:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/06/22 03:21:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/22 03:21:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/22 00:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/06/22 00:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft.temp
[2011/06/22 00:00:17 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys
[2011/06/22 00:00:17 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011/06/22 00:00:17 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys
[2011/06/22 00:00:17 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011/06/22 00:00:17 | 000,171,128 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys
[2011/06/22 00:00:17 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011/06/22 00:00:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011/06/21 11:33:42 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2011/06/21 11:33:41 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2011/06/21 11:33:25 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2011/06/21 11:33:25 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2011/06/21 11:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/06/21 11:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2011/06/21 11:32:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\InstallShield
[2011/06/19 17:43:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Diagnostics
[2011/06/19 17:10:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Adobe
[2011/06/19 17:05:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Mozilla
[2011/06/19 16:42:20 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2011/06/19 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Macromedia
[2011/06/19 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Adobe
[2011/06/19 16:41:35 | 000,000,000 | ---D | C] -- C:\Netgear
[2011/06/19 16:36:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Best Buy pc app
[2011/06/18 21:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/18 21:51:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011/06/18 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/18 20:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011/06/18 20:53:30 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/18 20:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/18 20:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/06/18 20:53:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/06/18 20:53:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/06/18 20:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/06/18 20:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/18 20:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/18 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/06/18 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
[2011/06/18 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\ATI
[2011/06/18 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\ATI
[2011/06/18 20:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/06/18 20:48:08 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Apps
[2011/06/18 20:48:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Deployment
[2011/06/18 20:47:56 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Searches
[2011/06/18 20:47:56 | 000,000,000 | R--D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/18 20:47:56 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/18 20:47:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Identities
[2011/06/18 20:47:47 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Contacts
[2011/06/18 20:47:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\VirtualStore
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\AppData\Local\Temporary Internet Files
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Templates
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Start Menu
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\SendTo
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Recent
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\PrintHood
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\NetHood
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Documents\My Videos
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Documents\My Pictures
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Documents\My Music
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\My Documents
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Local Settings
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\AppData\Local\History
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Cookies
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\Application Data
[2011/06/18 20:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Aaron\AppData\Local\Application Data
[2011/06/18 20:46:27 | 000,000,000 | --SD | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Videos
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Saved Games
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Pictures
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Music
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Links
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Favorites
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Downloads
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Documents
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\Desktop
[2011/06/18 20:46:27 | 000,000,000 | R--D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/18 20:46:27 | 000,000,000 | -H-D | C] -- C:\Users\Aaron\AppData
[2011/06/18 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Temp
[2011/06/18 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Microsoft
[2011/06/18 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Media Center Programs
[2011/06/18 20:46:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/18 20:41:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 05:14:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 05:14:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/13 23:28:55 | 000,741,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/13 23:28:55 | 000,635,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/13 23:28:55 | 000,110,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/13 23:22:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/13 23:22:42 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 08:50:07 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 08:37:37 | 003,115,746 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/07/13 08:37:36 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/07/13 08:31:05 | 000,001,347 | ---- | M] () -- C:\Users\Aaron\Desktop\Norton Installation Files.lnk
[2011/07/13 07:38:16 | 513,662,325 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/13 03:19:25 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/03 21:25:42 | 000,000,995 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/07/03 21:25:42 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/06/27 13:58:07 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/26 20:50:50 | 000,001,445 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/26 20:44:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/26 20:44:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/24 10:53:39 | 009,136,678 | ---- | M] (UltimateWoWGuide.com) -- C:\Users\Aaron\Desktop\DugiGuides_1.0.2.exe
[2011/06/22 10:44:18 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/22 00:06:25 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp
[2011/06/22 00:02:15 | 000,002,493 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/06/22 00:00:18 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/22 00:00:18 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/22 00:00:18 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/21 11:39:34 | 000,001,179 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/06/21 11:39:34 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/06/21 11:36:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2011/06/18 21:45:11 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/18 21:45:11 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/18 20:48:21 | 000,000,398 | ---- | M] () -- C:\Users\Aaron\Desktop\pc app.appref-ms
[2011/06/18 20:47:42 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/13 08:50:06 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 08:37:36 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/07/13 08:37:19 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0305000.017\isolate.ini
[2011/07/13 08:31:05 | 000,001,347 | ---- | C] () -- C:\Users\Aaron\Desktop\Norton Installation Files.lnk
[2011/07/13 07:38:16 | 513,662,325 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:53:51 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011/07/03 21:25:42 | 000,000,995 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/07/03 21:25:42 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/06/26 20:44:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/26 20:44:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/22 10:44:18 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/22 00:06:25 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp
[2011/06/22 00:01:49 | 003,115,746 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/06/22 00:00:17 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011/06/22 00:00:17 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011/06/22 00:00:17 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.cat
[2011/06/22 00:00:17 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011/06/22 00:00:17 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011/06/22 00:00:17 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa.inf
[2011/06/22 00:00:17 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds.inf
[2011/06/22 00:00:17 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet.inf
[2011/06/22 00:00:17 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011/06/22 00:00:17 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011/06/22 00:00:17 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.inf
[2011/06/22 00:00:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.cat
[2011/06/22 00:00:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011/06/21 11:36:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2011/06/21 11:33:41 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/06/21 11:33:24 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/06/21 11:33:24 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/06/19 17:03:20 | 000,001,445 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/18 21:01:09 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/18 20:53:30 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/18 20:53:30 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/18 20:53:25 | 000,002,493 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/06/18 20:48:21 | 000,000,398 | ---- | C] () -- C:\Users\Aaron\Desktop\pc app.appref-ms
[2011/06/18 20:48:01 | 000,001,417 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/06/18 20:47:57 | 000,001,451 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/18 20:46:28 | 000,000,290 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/18 20:46:28 | 000,000,272 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/18 20:41:40 | 3019,247,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/24 23:39:57 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/24 23:10:55 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/03/24 23:10:24 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/03/24 23:07:06 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/03/24 23:06:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/24 23:06:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/03/24 23:06:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/03/24 23:02:59 | 000,024,728 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/24 23:02:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/24 23:02:57 | 000,017,894 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/24 23:02:57 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/03/24 23:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/15 03:33:36 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2009/07/14 01:08:49 | 000,014,856 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP