Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer keeps crashing and explorer stops working

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 14th, 2010, 3:00 am

I keep getting computer crashes when I am gaming, I keep getting an error box saying my windows explorer has stopped responding or something to that effect, and when I use my firefox to browse the internet, I type in something in my yahoo search and when I click on the link I get a redirect to another search engine or some off the wall site and never to the actual link. I think I have a malware or something. I ran the housecall and it came up with 16 Trojans, and when I clicked to fix them it crashed my computer with a blue screen and when my computer rebooted I went back into the program and it said the Trojans were not fixable. I ran my McAfee anti-virus and security suite and it found nothing. Here's the info from the hijack program. I hope you can help me. I recently did a complete hard drive reformat and clean install of windows 7. This computer is a MacBook Pro Intel Dual Core running both snow leopard mac osx and windows 7 through Apple's bootcamp software.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:48:22 AM, on 8/14/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/search?fr=mcafee&p=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {175BE066-6E7C-4842-B590-6C9EFD928363} - C:\Windows\system32\bderepair32.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: e294f7e7 - {AED26EA7-E06F-9162-50DC-D34B392432CA} - C:\Windows\system32\bthpanapi32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKCU\..\Run: [EPSON Artisan 800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\Windows\TEMP\E_S5FDE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Artisan 800(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\Windows\TEMP\E_S268E.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\system32\bthpanapi32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\apple_v50\wdm\STacSV.exe

--
End of file - 6881 bytes


_________________________________________
Uninstall List

Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
Bonjour
Boot Camp Services
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
HiJackThis
IDT Audio
iTunes
Java(TM) 6 Update 21
Macromedia Dreamweaver 8
Macromedia Extension Manager
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (3.6.8)
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VLC media player 1.0.5
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA
Advertisement
Register to Remove

Re: computer keeps crashing and explorer stops working

Unread postby Dakeyras » August 17th, 2010, 4:49 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
Hi h2ointollerant and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Next:

h2ointollerant wrote:I hope you can help me. I recently did a complete hard drive reformat and clean install of windows 7. This computer is a MacBook Pro Intel Dual Core running both snow leopard mac osx and windows 7 through Apple's bootcamp software.
OK and a interesting set-up you have, may be problematic but lets see how things go and please do bare in mind my prior advice - "Before we start".

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two or Three.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Right-click on Rkill and select Run as Administrator.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

Next:

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe and select Run as Administrator to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Rkill Log.
  • Malwarebytes' Anti-Malware Log.
  • A new HijackThis Log <-- Remember to right click on HijackThis.exe and select Run as Administrator.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 17th, 2010, 6:05 pm

Here's the Rkill Log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Angela on 08/17/2010 at 16:22:04.


Processes terminated by Rkill or while it was running:


C:\Users\Angela\Downloads\GamTextTriggers.exe
C:\Users\Angela\Downloads\rkill.exe


Rkill completed on 08/17/2010 at 16:22:18.
_____________________________________________________

Here's the Malwarebytes' Anti-Malware Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4441

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/17/2010 4:43:54 PM
mbam-log-2010-08-17 (16-43-54).txt

Scan type: Quick scan
Objects scanned: 139624
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\bthpanapi32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{aed26ea7-e06f-9162-50dc-d34b392432ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aed26ea7-e06f-9162-50dc-d34b392432ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aed26ea7-e06f-9162-50dc-d34b392432ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{175be066-6e7c-4842-b590-6c9efd928363} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{175be066-6e7c-4842-b590-6c9efd928363} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{175be066-6e7c-4842-b590-6c9efd928363} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{175be066-6e7c-4842-b590-6c9efd928363} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\bthpanapi32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\bthpanapi32.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\550879445 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\bthpanapi32.dll (Trojan.Tracur) -> Delete on reboot.
C:\ProgramData\cryptbase32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\d3d10_132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Roaming\27F7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Roaming\32B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Roaming\7A5.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Roaming\996F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Roaming\A280.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\bootstr32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\bderepair32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\bthserv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\cngprovider32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\CSVer32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\DeviceDisplayStatusManager32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\DevicePairingFolder32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\d3dx9_3532.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\D3DX9_3732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\capiprovider32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\atl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\BWContextHandler32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\4C0E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\8178.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\8228.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\9E0.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\A90B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\BD18.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\CADD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\DF5C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\E1D6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Angela\AppData\Local\Temp\F49B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
_____________________________________________________________________________________________

Here's the new HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:00:28 PM, on 8/17/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/search?fr=mcafee&p=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [RTHDBPL] C:\Users\Angela\AppData\Local\Temp\6BB5.tmp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EPSON Artisan 800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\Windows\TEMP\E_S5FDE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Artisan 800(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\Windows\TEMP\E_S268E.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\apple_v50\wdm\STacSV.exe

--
End of file - 6977 bytes
_______________________________________________________________________________________________________

I ran a new Malwarebytes' Anti-Malware quick scan after the reboot and it said there were no infections found so that is good. I'll let you know in a few days how my system is running and if there are any issues that come up. I hope this fixed everything. Thanks so much for you help! I'll talk to you soon!
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby Dakeyras » August 18th, 2010, 5:47 am

Hi. :)

I ran a new Malwarebytes' Anti-Malware quick scan after the reboot and it said there were no infections found so that is good. I'll let you know in a few days how my system is running and if there are any issues that come up.
Good to know but I actually I would prefer if you refrain from self fixes as this may hinder the malware removal process as I outlined in my first post, thank you.

I hope this fixed everything.
The malware removal process is not completed yet, so it would be for your own benefit to see this through.

Thanks so much for you help! I'll talk to you soon!
You're most welcome!

Scan with OTL:

Please download OTL and save it to your Desktop.

Make sure that OTL.exe is on the your Desktop before running the application!

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 18th, 2010, 7:44 pm

OTL logfile created on: 8/18/2010 6:25:50 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Angela\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.77 Gb Total Space | 30.32 Gb Free Space | 38.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 219.00 Gb Total Space | 50.88 Gb Free Space | 23.23% Space Free | Partition Type: HFS
F: Drive not present or media not loaded
Drive G: | 148.85 Gb Total Space | 140.48 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGELA-PC
Current User Name: Angela
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Angela\Downloads\OTL.exe File not found
PRC - C:\Program Files\Sony Online Entertainment\Installed Games\EverQuest\eqgame.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Sony Online Entertainment\Station Launcher\StationLauncher.exe ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Sony Online Entertainment\Installed Games\EverQuest\EQVoiceService.exe ()
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
PRC - C:\Windows\System32\AppleOSSMgr.exe ()
PRC - C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\Apple_v50\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\Apple_v50\WDM\stacsv.exe (IDT, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iSightUpdate) -- C:\Windows\System32\drivers\iSightUP.sys (Apple Inc.)
DRV - (DevUpper) -- C:\Windows\System32\drivers\iSightFT.sys (Apple Inc.)
DRV - (aapltp) -- C:\Windows\System32\drivers\aapltp.sys (Apple Inc.)
DRV - (aapltctp) -- C:\Windows\System32\drivers\aapltctp.sys (Apple Inc.)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (applebt) -- C:\Windows\System32\drivers\applebt.sys (Apple Inc.)
DRV - (BthKicker) -- C:\Windows\System32\drivers\BthKicker.sys (Apple Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 66 E0 5B 17 7C 6E 42 48 B5 90 6C 9E FD 92 83 63 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 66 E0 5B 17 7C 6E 42 48 B5 90 6C 9E FD 92 83 63 [binary data]

IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/search?fr=mcafee&p=
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 36 D2 67 68 37 CB 01 [binary data]
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 66 E0 5B 17 7C 6E 42 48 B5 90 6C 9E FD 92 83 63 [binary data]
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/12 13:13:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 12:48:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 16:47:14 | 000,000,000 | ---D | M]

[2010/08/08 21:16:12 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Mozilla\Extensions
[2010/08/17 20:38:22 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\extensions
[2010/08/08 21:18:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/17 15:32:03 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\extensions\{2c9dee38-8773-4b43-9d63-0fde131db125}
[2010/08/08 21:18:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\extensions\{4aa5a3cd-4ba3-4597-85c5-6655d5d389c5}
[2010/08/08 21:18:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/08 21:18:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\extensions\{75a56159-bd70-45e6-b89b-8bebd865951b}
[2010/02/05 23:35:32 | 000,001,244 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\smkaaw1t.default\searchplugins\winamp-search.xml
[2010/08/17 20:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/11 21:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RTHDBPL] C:\Users\Angela\AppData\Local\Temp\6BB5.tmp File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001..\Run: [EPSON Artisan 800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001..\Run: [EPSON Artisan 800(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fcc9fc6-a35b-11df-92bb-0017f2b863c0}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcc9fc6-a35b-11df-92bb-0017f2b863c0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/18 18:23:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
[2010/08/17 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Malwarebytes
[2010/08/17 16:27:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/17 16:27:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/17 16:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/17 16:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 15:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/17 15:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/17 15:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/17 15:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/17 15:37:18 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Adobe
[2010/08/17 15:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/17 12:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/16 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/08/15 01:40:15 | 002,261,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3dx9d_43.dll
[2010/08/15 01:40:15 | 000,954,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudioD2_7.dll
[2010/08/15 01:40:15 | 000,435,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineA3_7.dll
[2010/08/15 01:40:15 | 000,349,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineD3_7.dll
[2010/08/15 01:40:15 | 000,131,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFXD1_5.dll
[2010/08/15 01:40:15 | 000,045,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudioD1_7.dll
[2010/08/15 01:40:14 | 003,795,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9d_33.dll
[2010/08/15 01:40:14 | 002,719,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9d.dll
[2010/08/15 01:40:14 | 001,883,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCSXd_43.dll
[2010/08/15 01:40:14 | 000,514,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX10d_43.dll
[2010/08/15 01:40:14 | 000,496,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11SDKLayers.dll
[2010/08/15 01:40:14 | 000,348,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dref9.dll
[2010/08/15 01:40:14 | 000,268,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX11d_43.dll
[2010/08/15 01:40:13 | 000,525,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11Ref.dll
[2010/08/15 01:40:13 | 000,442,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10SDKLayers.DLL
[2010/08/15 01:40:13 | 000,367,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10Ref.DLL
[2010/08/15 00:35:03 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/08/15 00:35:03 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/08/15 00:35:01 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/08/15 00:09:43 | 000,111,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe
[2010/08/15 00:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (June 2010)
[2010/08/14 23:49:17 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/08/13 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/13 20:40:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/13 20:21:55 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/08/12 23:30:09 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\EPSON
[2010/08/12 23:28:23 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EEBAPI.dll
[2010/08/12 23:28:23 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EEBDSCVR.dll
[2010/08/12 23:28:23 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EBAPI.dll
[2010/08/12 23:28:23 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EEBUtil.dll
[2010/08/12 23:28:23 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EEBSDKIF.dll
[2010/08/12 23:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2010/08/12 23:28:05 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppmon.dll
[2010/08/12 23:28:05 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppui.dll
[2010/08/12 23:28:05 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enspres.dll
[2010/08/12 23:28:05 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enpres.dll
[2010/08/12 23:28:04 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppmon.dll
[2010/08/12 23:28:04 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppui.dll
[2010/08/12 23:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2010/08/12 23:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/08/12 23:04:23 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010/08/12 23:04:23 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010/08/12 23:04:23 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010/08/12 23:04:23 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010/08/12 23:04:23 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicMgr.dll
[2010/08/12 23:04:22 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\InstallShield
[2010/08/12 23:03:04 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2010/08/12 23:03:04 | 000,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2010/08/12 23:03:04 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escdev.dll
[2010/08/12 23:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/08/12 16:21:48 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBEMA.DLL
[2010/08/12 16:21:47 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BEMA.DLL
[2010/08/12 16:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/08/12 13:14:24 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\AskToolbar
[2010/08/12 04:19:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\LegendsOfNorrath
[2010/08/12 02:42:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\mozilla
[2010/08/12 01:34:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\voice
[2010/08/12 00:37:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\AudioTriggers
[2010/08/12 00:06:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atlas
[2010/08/11 23:57:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ActorEffects
[2010/08/11 23:53:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EnvEmitterEffects
[2010/08/11 23:44:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Resources
[2010/08/11 23:44:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\RenderEffects
[2010/08/11 23:23:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\sounds
[2010/08/11 23:16:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\maps
[2010/08/11 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\storyline
[2010/08/11 23:11:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SpellEffects
[2010/08/11 23:10:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\help
[2010/08/11 23:07:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\uifiles
[2010/08/11 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Apple Computer
[2010/08/11 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Apple Computer
[2010/08/11 22:15:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/08/11 22:15:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/11 22:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 22:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 22:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 22:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/11 22:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/11 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/11 22:02:34 | 005,550,145 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2010/08/11 22:02:34 | 002,469,888 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2010/08/11 22:02:34 | 000,512,000 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2010/08/11 22:02:34 | 000,221,239 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/08/11 22:01:53 | 000,580,608 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/08/11 22:01:53 | 000,404,480 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/08/11 22:01:53 | 000,344,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/08/11 22:01:41 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Programs
[2010/08/11 22:00:30 | 001,227,776 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010/08/11 21:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/11 21:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/11 21:42:07 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/11 21:42:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/11 21:42:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/11 21:42:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/11 21:26:37 | 000,000,000 | ---D | C] -- C:\Windows\Skins
[2010/08/11 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/08/11 21:15:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Skins
[2010/08/11 21:15:55 | 000,000,000 | ---D | C] -- C:\Temp
[2010/08/11 21:00:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/08/11 20:57:45 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/08/11 20:57:45 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/08/11 20:57:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/08/11 20:57:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/08/11 20:57:45 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/08/11 20:57:40 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/08/11 20:57:40 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/08/11 20:57:40 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/08/11 20:57:40 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/08/11 20:57:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/08/11 20:57:39 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/08/11 20:57:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/08/11 20:57:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/08/11 20:25:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/08/11 20:25:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/08/11 20:25:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/08/11 20:20:38 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/08/11 20:20:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/08/11 20:20:35 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/08/11 20:20:35 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/08/11 20:20:21 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/08/11 20:20:21 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/08/11 20:20:20 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/08/11 20:20:18 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/11 20:20:18 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 20:20:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 20:20:14 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/08/11 20:20:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/08/11 20:20:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 20:20:07 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 20:20:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 20:20:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 20:20:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 20:20:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 20:20:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 20:20:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 20:20:04 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/08/11 20:18:47 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 20:18:47 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 20:18:37 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/08/11 20:18:37 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/08/11 20:18:36 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/08/11 20:18:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/08/11 20:18:21 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/08/11 20:18:21 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/08/11 20:18:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/08/11 20:18:20 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 20:18:18 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/08/09 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\ElevatedDiagnostics
[2010/08/09 22:18:00 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\WinRAR
[2010/08/09 22:17:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/08/09 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\FrostWire
[2010/08/09 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\FrostWire
[2010/08/09 22:00:41 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Uniblue
[2010/08/09 16:27:49 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Audacity
[2010/08/09 16:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/08 23:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/08/08 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Adobe
[2010/08/08 23:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/08/08 23:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/08/08 22:43:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/08 22:41:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/08/08 22:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/08 22:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/08 22:34:25 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Macromedia
[2010/08/08 22:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2010/08/08 22:31:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/08/08 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2010/08/08 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2010/08/08 22:30:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/08/08 22:28:17 | 000,030,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2010/08/08 22:11:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010/08/08 22:11:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010/08/08 22:11:20 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010/08/08 22:11:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010/08/08 22:11:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/08/08 22:11:19 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010/08/08 22:11:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/08/08 22:11:19 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010/08/08 22:11:19 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010/08/08 22:11:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/08/08 22:11:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010/08/08 22:11:19 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010/08/08 22:11:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010/08/08 22:11:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/08/08 22:11:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010/08/08 22:11:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010/08/08 22:11:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/08/08 22:11:18 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/08/08 22:11:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/08/08 22:11:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/08/08 22:11:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/08/08 22:11:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/08/08 22:11:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/08/08 22:11:18 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/08/08 22:11:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/08/08 22:11:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/08/08 22:11:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/08/08 22:11:17 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/08/08 22:11:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/08/08 22:11:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/08/08 22:11:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/08/08 22:11:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/08/08 22:11:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/08/08 22:11:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/08/08 22:11:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/08/08 22:11:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/08/08 22:11:16 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/08/08 22:11:16 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/08/08 22:11:16 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/08/08 22:11:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/08/08 22:11:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/08/08 22:11:16 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/08/08 22:11:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/08/08 22:11:15 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/08/08 22:11:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/08/08 22:11:15 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/08/08 22:11:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/08/08 22:11:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/08/08 22:11:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/08/08 22:11:14 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/08/08 22:11:14 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/08/08 22:11:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/08/08 22:11:13 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/08/08 22:11:13 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/08/08 22:11:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/08/08 22:11:13 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/08/08 22:11:13 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/08/08 22:11:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/08/08 22:11:13 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/08/08 22:11:13 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/08/08 22:11:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/08/08 22:11:13 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/08/08 22:11:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/08/08 22:11:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/08/08 22:11:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/08/08 22:11:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/08/08 22:11:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/08/08 22:11:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/08/08 22:11:12 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/08/08 22:11:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/08/08 22:11:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/08/08 22:11:11 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/08/08 22:11:11 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/08/08 22:11:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/08/08 22:11:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/08/08 22:11:11 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/08/08 22:11:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/08/08 22:11:11 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/08/08 22:11:11 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/08/08 22:11:10 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/08/08 22:11:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/08/08 22:11:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010/08/08 22:11:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010/08/08 22:11:10 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010/08/08 22:11:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/08/08 22:11:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/08/08 22:11:09 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/08/08 22:11:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010/08/08 22:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/08 22:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/08/08 22:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/08 22:09:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/08 22:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/08 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Microsoft Help
[2010/08/08 22:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/08 22:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/08 22:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2010/08/08 22:06:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/08 22:04:21 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/08/08 22:04:21 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2010/08/08 22:04:21 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/08/08 22:04:18 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/08/08 22:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/08/08 22:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/08/08 22:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/08/08 21:59:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/08/08 21:59:23 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2010/08/08 21:57:44 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/08/08 21:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/08 21:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2010/08/08 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Mozilla
[2010/08/08 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Mozilla
[2010/08/08 21:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/08 21:04:40 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/08/08 21:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/08/08 21:04:19 | 000,033,280 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\aapltp.sys
[2010/08/08 21:04:19 | 000,004,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\aapltctp.sys
[2010/08/08 21:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Boot Camp
[2010/08/08 21:04:06 | 000,023,552 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\KeyMagic.sys
[2010/08/08 21:03:54 | 000,016,512 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\IRFilter.sys
[2010/08/08 21:03:43 | 000,007,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\BthKicker.sys
[2010/08/08 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/08/08 21:03:29 | 000,836,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/08/08 21:03:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/08/08 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/08/08 21:02:30 | 000,164,352 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/08/08 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/08/08 21:02:05 | 000,379,904 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/08/08 21:02:03 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/08/08 21:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/08/08 21:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/08 21:01:52 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010/08/08 21:01:30 | 004,235,776 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010/08/08 21:01:19 | 004,765,696 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll
[2010/08/08 21:01:19 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/08/08 21:01:18 | 003,963,392 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2010/08/08 21:01:16 | 000,348,160 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/08/08 21:01:14 | 011,247,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll
[2010/08/08 21:01:11 | 000,286,720 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2010/08/08 21:01:11 | 000,122,880 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2010/08/08 21:01:11 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010/08/08 21:01:11 | 000,050,688 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010/08/08 21:01:11 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/08/08 21:01:08 | 000,425,984 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010/08/08 21:00:17 | 000,009,088 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\applebt.sys
[2010/08/08 21:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/08/08 21:00:09 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2010/08/08 21:00:09 | 000,041,984 | ---- | C] (Apple Inc.) -- C:\Windows\System32\iSightCI.dll
[2010/08/08 21:00:09 | 000,017,664 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\iSightUP.sys
[2010/08/08 21:00:09 | 000,007,680 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\iSightFT.sys
[2010/08/08 20:59:50 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Apple
[2010/08/08 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/08 20:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/08 20:59:20 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/08/08 20:57:14 | 000,000,000 | R--D | C] -- C:\Users\Angela\Searches
[2010/08/08 20:57:14 | 000,000,000 | -H-D | C] -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/08 20:57:04 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Identities
[2010/08/08 20:57:02 | 000,000,000 | R--D | C] -- C:\Users\Angela\Contacts
[2010/08/08 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\VirtualStore
[2010/08/08 20:56:51 | 000,000,000 | --SD | C] -- C:\Users\Angela\AppData\Roaming\Microsoft
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Videos
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Saved Games
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Pictures
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Music
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Links
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Favorites
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Downloads
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\My Documents
[2010/08/08 20:56:51 | 000,000,000 | R--D | C] -- C:\Users\Angela\Desktop
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\Temporary Internet Files
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Templates
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Start Menu
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\SendTo
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Recent
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\PrintHood
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\NetHood
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Videos
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Pictures
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Music
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\My Documents
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Local Settings
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\History
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Cookies
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Application Data
[2010/08/08 20:56:51 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\Application Data
[2010/08/08 20:56:51 | 000,000,000 | -H-D | C] -- C:\Users\Angela\AppData
[2010/08/08 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Temp
[2010/08/08 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Microsoft
[2010/08/08 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Media Center Programs
[2010/08/08 20:56:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/08/08 17:59:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/06 23:01:44 | 000,000,000 | ---D | C] -- C:\Intel
[2010/08/06 18:29:31 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/08/06 17:35:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Angela\Desktop\*.tmp files -> C:\Users\Angela\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/18 18:27:08 | 001,310,720 | -HS- | M] () -- C:\Users\Angela\NTUSER.DAT
[2010/08/18 18:23:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
[2010/08/17 16:54:02 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/17 16:54:02 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/17 16:53:05 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/17 16:53:05 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/17 16:53:05 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/17 16:47:27 | 000,015,190 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/08/17 16:46:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/17 16:46:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/17 16:46:39 | 2403,688,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 16:27:42 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 16:22:22 | 000,004,058 | -HS- | M] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982P.manifest
[2010/08/17 16:22:22 | 000,000,138 | -HS- | M] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982O.manifest
[2010/08/17 16:22:22 | 000,000,051 | -HS- | M] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982C.manifest
[2010/08/17 16:22:22 | 000,000,011 | -HS- | M] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982S.manifest
[2010/08/17 16:16:37 | 000,000,817 | ---- | M] () -- C:\ProgramData\317171634
[2010/08/17 15:45:30 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/17 12:47:53 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/17 03:01:47 | 000,000,462 | -HS- | M] () -- C:\ProgramData\1119352802
[2010/08/16 16:35:18 | 000,302,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/16 16:33:24 | 001,767,576 | -H-- | M] () -- C:\Users\Angela\AppData\Local\IconCache.db
[2010/08/15 02:41:48 | 000,064,824 | ---- | M] () -- C:\Users\Angela\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/15 02:18:50 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/08/15 00:09:21 | 000,111,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe
[2010/08/14 23:47:40 | 000,000,058 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\4267a0b5
[2010/08/14 23:46:43 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/08/14 21:03:23 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/13 22:19:06 | 257,376,230 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/13 21:35:20 | 000,002,969 | ---- | M] () -- C:\Users\Angela\Desktop\HiJackThis.lnk
[2010/08/13 20:21:38 | 000,000,036 | ---- | M] () -- C:\Users\Angela\AppData\Local\housecall.guid.cache
[2010/08/13 15:20:03 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2010/08/13 03:35:50 | 000,001,921 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/13 03:35:50 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/12 23:13:11 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2010/08/12 23:03:05 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/08/11 22:15:51 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/11 21:35:45 | 000,000,951 | ---- | M] () -- C:\Windows\System32\eqp_config.xml
[2010/08/11 21:35:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\eqfecfg.cfg
[2010/08/11 21:27:55 | 000,249,856 | ---- | M] () -- C:\Windows\installerconfig.exe
[2010/08/11 21:27:51 | 000,081,920 | ---- | M] () -- C:\Windows\Win32Bitmap.dll
[2010/08/11 20:15:58 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/08/11 20:15:58 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/08/09 22:26:33 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/08/09 22:17:59 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl592864624
[2010/08/09 22:17:44 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/08/09 16:27:44 | 000,001,024 | ---- | M] () -- C:\Users\Angela\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/08/08 23:38:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/08 22:45:24 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/08/08 22:43:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/08 22:39:07 | 000,001,187 | ---- | M] () -- C:\Users\Angela\Desktop\FrostWire 4.18.6.lnk
[2010/08/08 22:33:04 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk
[2010/08/08 22:06:27 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/08/08 22:06:01 | 000,001,007 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk
[2010/08/08 22:06:01 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2010/08/08 21:13:01 | 000,001,419 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/08 21:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/08/08 21:08:06 | 000,524,288 | -HS- | M] () -- C:\Users\Angela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 21:08:06 | 000,524,288 | -HS- | M] () -- C:\Users\Angela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 21:08:06 | 000,065,536 | -HS- | M] () -- C:\Users\Angela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/08 20:56:51 | 000,000,020 | -HS- | M] () -- C:\Users\Angela\ntuser.ini
[2010/07/29 01:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/07/29 01:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Angela\Desktop\*.tmp files -> C:\Users\Angela\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 16:27:42 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 15:45:30 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/17 12:47:53 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/14 21:03:23 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/13 21:35:20 | 000,002,969 | ---- | C] () -- C:\Users\Angela\Desktop\HiJackThis.lnk
[2010/08/13 20:40:37 | 257,376,230 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/13 20:21:38 | 000,000,036 | ---- | C] () -- C:\Users\Angela\AppData\Local\housecall.guid.cache
[2010/08/13 15:20:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/08/13 03:35:50 | 000,001,921 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/13 03:35:50 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/12 23:13:11 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2010/08/12 23:04:23 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/12 23:04:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/12 23:04:23 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/12 23:04:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/12 23:04:23 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/12 23:04:23 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/12 23:04:23 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/12 23:04:23 | 000,012,669 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010/08/12 23:04:23 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/12 23:04:23 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010/08/12 23:04:23 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010/08/12 23:04:23 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/08/12 23:04:23 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010/08/12 23:04:23 | 000,006,226 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010/08/12 23:04:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/12 23:04:23 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/12 23:04:23 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/12 23:04:23 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/12 23:04:23 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/12 23:04:23 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/12 23:04:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/12 23:04:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/08/12 23:03:05 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/08/12 01:15:42 | 000,000,058 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\4267a0b5
[2010/08/11 22:15:51 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/11 21:35:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\eqfecfg.cfg
[2010/08/11 21:27:55 | 000,249,856 | ---- | C] () -- C:\Windows\installerconfig.exe
[2010/08/11 21:27:51 | 000,081,920 | ---- | C] () -- C:\Windows\Win32Bitmap.dll
[2010/08/11 21:15:56 | 000,000,951 | ---- | C] () -- C:\Windows\System32\eqp_config.xml
[2010/08/09 22:18:53 | 000,000,462 | -HS- | C] () -- C:\ProgramData\1119352802
[2010/08/09 22:18:52 | 000,000,817 | ---- | C] () -- C:\ProgramData\317171634
[2010/08/09 22:17:59 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl592864624
[2010/08/09 22:17:44 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/08/09 22:17:19 | 000,004,058 | -HS- | C] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982P.manifest
[2010/08/09 22:17:19 | 000,000,138 | -HS- | C] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982O.manifest
[2010/08/09 22:17:19 | 000,000,051 | -HS- | C] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982C.manifest
[2010/08/09 22:17:19 | 000,000,011 | -HS- | C] () -- C:\Users\Angela\AppData\Roaming\02000000e4644336982S.manifest
[2010/08/09 16:27:44 | 000,001,024 | ---- | C] () -- C:\Users\Angela\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/08/08 23:05:03 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/08/08 23:05:03 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/08/08 22:43:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/08 22:40:17 | 2403,688,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/08 22:39:07 | 000,001,187 | ---- | C] () -- C:\Users\Angela\Desktop\FrostWire 4.18.6.lnk
[2010/08/08 22:33:04 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk
[2010/08/08 22:13:09 | 000,015,190 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2010/08/08 22:06:27 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/08/08 22:06:01 | 000,001,007 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk
[2010/08/08 22:06:01 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2010/08/08 22:04:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/08/08 22:04:08 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/08/08 21:13:01 | 000,001,419 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/08 21:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/08 21:01:32 | 000,052,400 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2010/08/08 21:01:32 | 000,015,362 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/08/08 21:01:32 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2010/08/08 21:01:31 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
[2010/08/08 21:01:31 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
[2010/08/08 21:01:31 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
[2010/08/08 21:01:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010/08/08 21:01:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010/08/08 21:01:10 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
[2010/08/08 21:01:10 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/08/08 21:01:10 | 000,079,008 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010/08/08 20:56:51 | 001,310,720 | -HS- | C] () -- C:\Users\Angela\NTUSER.DAT
[2010/08/08 20:56:51 | 000,524,288 | -HS- | C] () -- C:\Users\Angela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 20:56:51 | 000,524,288 | -HS- | C] () -- C:\Users\Angela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 20:56:51 | 000,262,144 | -HS- | C] () -- C:\Users\Angela\ntuser.dat.LOG1
[2010/08/08 20:56:51 | 000,065,536 | -HS- | C] () -- C:\Users\Angela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/08 20:56:51 | 000,000,290 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/08 20:56:51 | 000,000,272 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/08 20:56:51 | 000,000,020 | -HS- | C] () -- C:\Users\Angela\ntuser.ini
[2010/08/08 20:56:51 | 000,000,000 | -HS- | C] () -- C:\Users\Angela\ntuser.dat.LOG2
[2010/08/06 18:29:33 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/08/06 18:29:31 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/07/05 19:12:21 | 000,023,774 | ---- | C] () -- C:\Windows\System32\sky.ini
[2007/06/29 13:10:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\eqmain.dll
[2007/06/29 11:50:25 | 001,298,432 | ---- | C] () -- C:\Windows\System32\EQGraphicsDX9.dll
[2007/04/30 12:18:55 | 006,459,392 | ---- | C] () -- C:\Windows\System32\xul.dll
[2007/03/14 14:54:43 | 000,028,007 | ---- | C] () -- C:\Windows\System32\defaults.ini
[2007/02/13 11:11:43 | 000,002,070 | ---- | C] () -- C:\Windows\System32\eqlsClient.ini
[2006/06/08 11:36:39 | 001,257,472 | ---- | C] () -- C:\Windows\System32\DXTest.dll
[2005/09/13 03:31:46 | 000,160,256 | ---- | C] () -- C:\Windows\System32\dpvs.dll
[2004/07/14 06:25:59 | 000,901,120 | ---- | C] () -- C:\Windows\System32\EQGfx_Dx8.dll
[2004/05/13 16:54:17 | 000,000,055 | ---- | C] () -- C:\Windows\System32\LoginSettings.ini
[2003/07/15 13:02:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Win32Bitmap.dll
[2002/09/04 03:35:39 | 000,349,696 | ---- | C] () -- C:\Windows\System32\mss32.dll
[1999/01/25 18:40:58 | 000,095,232 | ---- | C] () -- C:\Windows\System32\smackw32.dll
< End of report >
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 18th, 2010, 7:53 pm

OTL Extras logfile created on: 8/18/2010 6:25:50 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Angela\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.77 Gb Total Space | 30.32 Gb Free Space | 38.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 219.00 Gb Total Space | 50.88 Gb Free Space | 23.23% Space Free | Partition Type: HFS
F: Drive not present or media not loaded
Drive G: | 148.85 Gb Total Space | 140.48 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGELA-PC
Current User Name: Angela
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1422121787-4253495517-2781264236-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp Services
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"0A86889A63334895E2898E1C618451C13E8BEC74" = Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"2A220AD1D71245D60F803E0D8C463ABFFE7C6244" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"3A712FAD839A90C4CD37CE06FA695DCC4E91A52F" = Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5405F83664E016638462F8F8C1DAE59D04942778" = Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)
"5A42EC04483B9307C1A29CDA2199268A7A8FA52D" = Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
"DD660B87FBFA46A1E99C15466EA26AA41E678250" = Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"STANDARDR" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2010 1:22:30 PM | Computer Name = Angela-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3167

Error - 8/16/2010 1:22:30 PM | Computer Name = Angela-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3167

Error - 8/16/2010 1:42:19 PM | Computer Name = Angela-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/16/2010 1:42:20 PM | Computer Name = Angela-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1196902

Error - 8/16/2010 1:42:20 PM | Computer Name = Angela-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1196902

Error - 8/16/2010 3:28:49 PM | Computer Name = Angela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0005206e Faulting
process id: 0x964 Faulting application start time: 0x01cb3d6a672f87ad Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 7e5d5343-a96c-11df-a247-0017f2b863c0

Error - 8/16/2010 5:35:38 PM | Computer Name = Angela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: bthpanapi32.dll, version: 0.0.0.0, time
stamp: 0x4c5ba7fc Exception code: 0xc0000005 Fault offset: 0x00001ffc Faulting process
id: 0x840 Faulting application start time: 0x01cb3d8af181336d Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\bthpanapi32.dll
Report
Id: 35721dc6-a97e-11df-8cc8-0017f2b863c0

Error - 8/17/2010 4:01:29 AM | Computer Name = Angela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: msvcrt.dll, version: 7.0.7600.16385,
time stamp: 0x4a5bda6f Exception code: 0x40000015 Fault offset: 0x00056202 Faulting
process id: 0x8c4 Faulting application start time: 0x01cb3d8b99fd6689 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: a398c372-a9d5-11df-a846-0017f2b863c0

Error - 8/17/2010 5:22:22 PM | Computer Name = Angela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: bthpanapi32.dll, version: 0.0.0.0, time
stamp: 0x4c5ba7fc Exception code: 0xc0000005 Fault offset: 0x0001075b Faulting process
id: 0xeb8 Faulting application start time: 0x01cb3e5245f36f5a Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\system32\bthpanapi32.dll
Report
Id: 85a07544-aa45-11df-a846-0017f2b863c0

Error - 8/18/2010 3:25:13 PM | Computer Name = Angela-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3388 (0xd3c) Thread address : 0x773864F4 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\McAfee\VirusScan\DAT\6078.0\avvclean.dat

by C:\Windows\system32\SearchProtocolHost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 8/13/2010 11:19:16 PM | Computer Name = Angela-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:17:15 PM on ?8/?13/?2010 was unexpected.

Error - 8/13/2010 11:19:20 PM | Computer Name = ANGELA-PC | Source = BugCheck | ID = 1001
Description =

Error - 8/14/2010 6:26:23 AM | Computer Name = Angela-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 8/14/2010 6:18:18 PM | Computer Name = Angela-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 8/14/2010 9:05:03 PM | Computer Name = Angela-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:03:19 PM on ?8/?14/?2010 was unexpected.

Error - 8/15/2010 3:39:30 PM | Computer Name = Angela-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/16/2010 1:42:21 PM | Computer Name = Angela-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 8/16/2010 5:40:02 PM | Computer Name = Angela-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:38:58 PM on ?8/?16/?2010 was unexpected.

Error - 8/17/2010 5:46:47 PM | Computer Name = Angela-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:45:22 PM on ?8/?17/?2010 was unexpected.

Error - 8/18/2010 3:25:15 PM | Computer Name = Angela-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >
_______________________________________________________________________________________________________
I am having a crash error report

"The instruction at 0x7029ad03 referenced memory at 0x00000008. The memory could not be read. Click OK to terminate the Program."

It happens when I am playing my online game. Other than that, my system seems to be operating better.
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby Dakeyras » August 19th, 2010, 9:07 am

Hi. :)

I am having a crash error report

"The instruction at 0x7029ad03 referenced memory at 0x00000008. The memory could not be read. Click OK to terminate the Program."

It happens when I am playing my online game. Other than that, my system seems to be operating better.
Please let myself know if this occurs again after completing my instructions below, thank you.

Next:

Please move OTL to the desktop, at present it is residing within this folder here:-

C:\Users\Angela\Downloads

If unsure how to move the file:-

Click on Start(Windows 7 Orb) >> User Account Name >> Downloads >> click once on OTL to highlight >> Edit >> Move To Folder... >> click once on Desktop in the Move Window >> Move.

Note: If the toolbar with the Edit option is not visible depress the Alt key to reveal.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1422121787-4253495517-2781264236-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [RTHDBPL] C:\Users\Angela\AppData\Local\Temp\6BB5.tmp File not found
[2010/08/09 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\FrostWire
[2010/08/09 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\FrostWire
[2010/08/09 22:00:41 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Uniblue
[2010/08/17 16:16:37 | 000,000,817 | ---- | M] () -- C:\ProgramData\317171634
[2010/08/17 03:01:47 | 000,000,462 | -HS- | M] () -- C:\ProgramData\1119352802
[2010/08/14 23:47:40 | 000,000,058 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\4267a0b5
[2010/08/08 22:39:07 | 000,001,187 | ---- | M] () -- C:\Users\Angela\Desktop\FrostWire 4.18.6.lnk
[2010/08/09 22:17:59 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl592864624

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Reset IE8:

  • Please download this Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • OTL Log.
  • ESET Log.
  • A new HijackThis Log. <-- Remember to right-click on HiJackThis.exe and select Run as Administrator.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 20th, 2010, 8:28 pm

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1422121787-4253495517-2781264236-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDBPL deleted successfully.
C:\Users\Angela\Documents\FrostWire\Torrents folder moved successfully.
C:\Users\Angela\Documents\FrostWire\Store Purchased folder moved successfully.
C:\Users\Angela\Documents\FrostWire\Saved folder moved successfully.
C:\Users\Angela\Documents\FrostWire\Incomplete folder moved successfully.
C:\Users\Angela\Documents\FrostWire folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\hostilesUpdater\hostiles.txt.18.zip folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\hostilesUpdater folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Angela\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\Angela\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp folder moved successfully.
C:\Users\Angela\AppData\Roaming\Uniblue\SpeedUpMyPC folder moved successfully.
C:\Users\Angela\AppData\Roaming\Uniblue folder moved successfully.
C:\ProgramData\317171634 moved successfully.
C:\ProgramData\1119352802 moved successfully.
C:\Users\Angela\AppData\Roaming\4267a0b5 moved successfully.
C:\Users\Angela\Desktop\FrostWire 4.18.6.lnk moved successfully.
C:\ProgramData\sl592864624 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Angela
->Temp folder emptied: 7525727525 bytes
->Temporary Internet Files folder emptied: 1899531 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 88145111 bytes
->Flash cache emptied: 31710 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5120 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4671 bytes

Total Files Cleaned = 7,263.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08192010_174226
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 20th, 2010, 8:29 pm

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=948aa1afbb70bd478cd32a0eccec1eda
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-20 11:42:14
# local_time=2010-08-20 06:42:14 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776893 100 96 10902 34348430 0 0
# compatibility_mode=5893 16776574 100 94 99042 33888097 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=92424
# found=0
# cleaned=0
# scan_time=4429
______________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:25:09 PM, on 8/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Angela\Downloads\GamTextTriggers.exe
C:\Program Files\Sony Online Entertainment\Station Launcher\StationLauncher.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/search?fr=mcafee&p=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EPSON Artisan 800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\Windows\TEMP\E_S5FDE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Artisan 800(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE /FU "C:\Windows\TEMP\E_S268E.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\apple_v50\wdm\STacSV.exe

--
End of file - 6984 bytes
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 20th, 2010, 9:29 pm

I am getting an error "The instruction at 0x7037b0dd referenced memory at 0x0000000 could not be written. Click OK to terminate the program." This is the first time I have seen this error.

My game also crashed on this error "The instruction at 0x7037ad03 referenced memory at 0x0000008 could not be read. Click OK to terminate the program."


Other than that, the lag on my computer has improved.
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby Dakeyras » August 21st, 2010, 7:08 am

Hi. :)

I no longer think malware is a problem here and what you are describing:-
The instruction at 0x7037b0dd referenced memory at 0x0000000 could not be written. Click OK to terminate the program
Sounds to myself very much like a hardware problem, I'm afraid as primarily both myself and this forum only provide anti-malware support I unable to assist you with this matter.

I can however provide some referrals for reputable IT Software/Hardware support forums if you so wish, let myself know in your next reply please.

Any other issues remaining apart from the aforementioned?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: computer keeps crashing and explorer stops working

Unread postby h2ointollerant » August 21st, 2010, 12:41 pm

No, other than those issues, my computer seems to be working better. Could you please direct me to those forums you mentioned in your post? I would like to see if they could help me with my problem. Thank you for your help with removing the malware problem on my computer.
h2ointollerant
Active Member
 
Posts: 8
Joined: August 14th, 2010, 2:39 am
Location: Iowa, USA

Re: computer keeps crashing and explorer stops working

Unread postby Dakeyras » August 21st, 2010, 2:22 pm

Hi. :)

No, other than those issues, my computer seems to be working better.
OK.

Could you please direct me to those forums you mentioned in your post? I would like to see if they could help me with my problem.
By all means I will do so.

Thank you for your help with removing the malware problem on my computer.
You're most welcome!

Next:

Since you wish to seek assistance with a view to the aforementioned, create a account at one of the following forums and post in the appropriate section.

By all means include a link back to this topic:-
Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=52935
I am a member of both of the below myself and they have outstanding IT Tech Support Staff:

Specific Software/Hardware Support:


Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc. Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When done, click Apply >> OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Right click on Computer and select Properties >> System protection.
  • (untick) Vista C system box an click Turn off system restore then Apply >> OK.
  • Restart your computer.
  • Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, McAfee SecurityCenter automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above.

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: computer keeps crashing and explorer stops working

Unread postby Dakeyras » August 22nd, 2010, 6:13 pm

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware