Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows anti virus 2011


  • This topic is locked This topic is locked

#1
Felita

Felita

    Member

  • Member
  • PipPip
  • 11 posts
I seem to have got the Windows anti virus 2011. I use info from here to get rid of it but I still have the Windows security alert in my icons at the bottom of the screen and my pc is running slowly.

I use Avast! and have Malwarebytes.

Thank you in adavance
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Felita! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following Steps for me please, then get back to me with the logs that they create.



1)
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.




2)
OTL Quick Scan
Download OTL to your Desktop
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic




In your next reply
Please post the contents of...
RogueKiller log
OTL logs

  • 0

#3
Felita

Felita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is my rkill


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/17/2011 at 18:37:23.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Rar$EX00.609\pbsetup.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Alwil Software\Avast5\defs\11061701\Sf.bin


Rkill completed on 06/17/2011 at 18:38:00.


And my otl
OTL logfile created on: 6/16/2011 4:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Daniel Morton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.78% Memory free
4.84 Gb Paging File | 3.62 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 122.70 Gb Free Space | 52.69% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 887.07 Gb Free Space | 95.23% Space Free | Partition Type: NTFS

Computer Name: DANIEL-7F9F3285 | User Name: Daniel Morton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Daniel Morton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
PRC - C:\Documents and Settings\Daniel Morton\Local Settings\Temp\Rar$EX00.609\pbsetup.exe ()
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Daniel Morton\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (XENFilt) -- C:\WINDOWS\system32\drivers\XENFilt.sys (Creative Technology Ltd.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (JmtFltr) -- C:\WINDOWS\system32\drivers\JmtFltr.sys ()
DRV - (vhidmini) -- C:\WINDOWS\system32\drivers\vhidmini.sys (Windows ® Codename Longhorn DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (uisp) -- C:\WINDOWS\system32\drivers\USBICP.sys (Motorola)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7000b6ca-4388-4d95-893d-6659c2d4d1ce}:3.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/16 22:07:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/18 14:10:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 11:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 11:29:34 | 000,000,000 | ---D | M]

[2010/06/07 18:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Extensions
[2010/06/07 18:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/16 12:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions
[2010/06/17 16:20:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 12:31:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/22 15:11:17 | 000,000,000 | ---D | M] (Xfinity.com Toolbar) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}
[2011/04/30 16:40:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/12/27 10:43:09 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/04/30 16:40:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\[email protected]
[2011/04/30 16:40:37 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\searchplugins\conduit.xml
[2011/05/16 08:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/16 11:29:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/18 14:11:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010/06/18 14:10:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/16 11:29:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/24 02:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/06/18 14:10:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/08/13 06:58:22 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/24 18:00:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/05/16 11:29:29 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/06/29 16:24:42 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/26 22:28:37 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2011/05/16 11:29:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/06/29 16:24:42 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/05/16 11:29:29 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/05/16 11:29:29 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/05/16 11:29:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/10 12:53:34 | 000,003,249 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xfinitylcsearch.xml
[2011/05/16 11:29:29 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Xfinity.com Toolbar) - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll ()
O2 - BHO: (Updater For Xfinity.com Toolbar 3.1) - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll (Visicom Media)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Xfinity.com Toolbar) - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\Sound Blaster Tactic(3D) Alpha\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Daniel Morton\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/06 05:59:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/07 01:03:54 | 000,000,036 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 06:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/10 06:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/10 06:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/10 06:40:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/07 07:08:57 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Morton\Desktop\OTL.exe
[2011/06/06 06:48:31 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/01 13:37:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daniel Morton\Recent
[2011/06/01 12:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/01 10:46:45 | 016,068,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/06/01 10:46:45 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/01 10:46:45 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/05/31 12:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Morton\Application Data\Malwarebytes
[2011/05/31 12:54:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 12:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 12:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/31 12:54:16 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/31 12:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/27 22:09:56 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/25 19:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
[2011/05/25 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2011/05/23 10:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\BitTorrentBar
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 16:12:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 17:12:18 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 16:45:18 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/06/15 13:19:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/15 13:19:06 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/15 13:19:06 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/15 00:02:05 | 000,138,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/06/15 00:01:37 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 09:43:31 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/06/10 06:44:15 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/09 23:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/07 07:09:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Morton\Desktop\OTL.exe
[2011/06/07 06:54:51 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Desktop\rkill.com
[2011/06/06 06:48:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/01 22:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 10:47:27 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/01 10:47:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/01 10:47:23 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/01 01:21:24 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 13:59:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/31 13:55:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 12:54:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 22:11:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/27 22:04:02 | 000,001,426 | -HS- | M] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011/05/27 22:04:02 | 000,001,426 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011/05/25 19:21:05 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Desktop\PC Pitstop Optimize.lnk
[2011/05/24 23:09:23 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/05/24 23:09:23 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/05/24 23:09:22 | 013,895,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/05/24 23:09:21 | 016,068,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/05/24 23:09:21 | 002,808,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/05/24 23:09:21 | 002,123,582 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/24 23:09:21 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/05/24 23:09:21 | 000,899,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/05/24 23:09:21 | 000,865,896 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/05/24 23:09:21 | 000,543,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\easyupdatusapiu.dll
[2011/05/24 23:09:21 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/05/24 23:09:21 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/24 23:09:21 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/24 23:09:20 | 013,004,800 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/05/24 23:09:20 | 012,753,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/05/24 23:09:20 | 005,332,992 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/05/24 23:09:20 | 004,198,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/05/24 23:09:20 | 002,328,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/05/23 16:14:14 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 06:44:15 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/07 06:54:43 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Desktop\rkill.com
[2011/06/01 10:46:45 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/31 12:54:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 22:03:26 | 000,001,426 | -HS- | C] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011/05/27 22:03:26 | 000,001,426 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011/05/25 19:21:05 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Desktop\PC Pitstop Optimize.lnk
[2011/05/09 10:15:12 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/09 10:15:07 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/05/09 10:15:00 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/30 20:18:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 20:18:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/17 12:57:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/02/21 17:38:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/26 15:44:09 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010/12/07 20:46:16 | 000,032,288 | ---- | C] () -- C:\WINDOWS\System32\xfiXen.ini
[2010/12/07 20:45:54 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\XETSPI32.dll
[2010/12/06 23:37:54 | 000,001,138 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Application Data\wklnhst.dat
[2010/11/02 16:57:27 | 009,079,808 | ---- | C] () -- C:\WINDOWS\System32\alltoall.exe
[2010/10/28 17:49:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/10/27 20:03:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/27 19:58:12 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/27 19:54:07 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/27 19:54:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/27 19:50:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/07 20:45:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/30 16:26:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/23 03:17:32 | 001,138,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 17:42:42 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 00:58:14 | 000,029,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 18:20:02 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/07 20:57:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\prvlcl.dat
[2010/06/07 20:56:22 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2010/06/07 18:29:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/07 18:25:34 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/06/07 18:25:34 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/06/07 18:25:28 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/06/07 18:25:28 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/06/07 06:24:48 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/07 06:18:00 | 000,039,164 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/06/07 06:16:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/07 06:16:53 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/07 06:16:50 | 000,031,600 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/07 06:16:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/07 01:47:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/07 01:45:29 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/06 06:00:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 05:57:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,433,038 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,067,688 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/04 22:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/25 19:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/12/23 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/02 21:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/13 00:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/05 12:44:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/17 19:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\Acreon
[2011/05/27 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\BitComet
[2011/05/23 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\BitTorrent
[2011/05/23 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\CallingID
[2010/12/26 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\DisplayTune
[2010/06/21 20:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\Leadertech
[2010/06/07 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\n52te
[2011/05/25 10:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\RIFT
[2011/04/21 13:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\spiral
[2011/03/30 13:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\SystemRequirementsLab
[2010/12/06 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\Template
[2011/05/23 16:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\xfinitytb
[2011/06/15 13:19:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >







OTL Extras logfile created on: 6/16/2011 4:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Daniel Morton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.78% Memory free
4.84 Gb Paging File | 3.62 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 122.70 Gb Free Space | 52.69% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 887.07 Gb Free Space | 95.23% Space Free | Partition Type: NTFS

Computer Name: DANIEL-7F9F3285 | User Name: Daniel Morton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"19677:TCP" = 19677:TCP:*:Enabled:BitComet 19677 TCP
"19677:UDP" = 19677:UDP:*:Enabled:BitComet 19677 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Daniel Morton\Local Settings\Temp\Blizzard Installer Bootstrap - 000cbf1f\Installer.exe" = C:\Documents and Settings\Daniel Morton\Local Settings\Temp\Blizzard Installer Bootstrap - 000cbf1f\Installer.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe:*:Enabled:Call of Duty 4: Modern Warfare -- ()
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty 4: Modern Warfare -- ()
"C:\Program Files\Steam\steamapps\common\company of heroes\help.htm" = C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes
"C:\Program Files\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- (THQ Canada Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe" = C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"C:\Documents and Settings\Daniel Morton\Local Settings\Apps\2.0\1CHRK132.MNZ\5BZOJZWN.Q10\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Daniel Morton\Local Settings\Apps\2.0\1CHRK132.MNZ\5BZOJZWN.Q10\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" =
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{700932B3-A964-4878-82A2-96054622A1F7}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88B1984E-36F0-47B8-B8DC-728966807A9C}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD7AC19-8199-47C9-ABB7-C67995BB0167}" =
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2478658" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
"{C151CE54-E7EA-4804-854B-F515368B0798}" =
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"Ad-Aware" = Ad-Aware
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"B3F2F39D9A48AD78A74BA5D236210A6E48B1333C" = Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
"BitComet" = BitComet 1.25
"Branding" =
"CADI" =
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Connection Manager" =
"Creative Software AutoUpdate" =
"DirectAnimation" =
"DirectDrawEx" =
"DivX Setup.divx.com" = DivX Setup
"DXM_Runtime" =
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"Fontcore" =
"Google Chrome" = Google Chrome
"ICW" =
"IDNMitigationAPIs" =
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" =
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"MobileOptionPack" =
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPlayer2" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OutlookExpress" =
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SBT3DCP" =
"SchedulingAgent" =
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"Sound Blaster Tactic(3D) Alpha" =
"Sound Blaster Tactic(3D) Alpha Windows Drivers" =
"SP6" = Logitech SetPoint 6.1
"StarCraft II" = StarCraft II
"Steam App 4560" = Company of Heroes
"Steam App 7940" = Call of Duty 4: Modern Warfare
"SystemRequirementsLab" = System Requirements Lab
"Video Free Files Convert" = Video Free Files Convert 1.1
"Wdf01000" =
"Wdf01001" =
"Wdf01005" =
"Wdf01007" =
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xfinitytb" = Xfinity.com Toolbar 3.5
"Xfire" = Xfire (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2011 3:51:12 AM | Computer Name = DANIEL-7F9F3285 | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60129.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D256
(79150000) with exit code 8013150a.

Error - 4/15/2011 3:51:13 AM | Computer Name = DANIEL-7F9F3285 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module coreclr.dll, version 4.0.60129.0, fault address 0x0013d256.

Error - 4/21/2011 4:32:33 PM | Computer Name = DANIEL-7F9F3285 | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 6.0.200.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 4:44:53 PM | Computer Name = DANIEL-7F9F3285 | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 6.0.200.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 4:44:55 PM | Computer Name = DANIEL-7F9F3285 | Source = Application Hang | ID = 1001
Description = Fault bucket 1811441627.

Error - 4/21/2011 5:32:46 PM | Computer Name = DANIEL-7F9F3285 | Source = AntiSpywareService | ID = 0
Description =

Error - 4/26/2011 3:01:08 PM | Computer Name = DANIEL-7F9F3285 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1850018593-QkxaMDAwMjFERjM5MWEucGEwREY5KDBDODV1NTE5._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/26/2011 3:44:46 PM | Computer Name = DANIEL-7F9F3285 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1850018593-QkxaMDAwMjFERjM5MWEucGEwREY5KDBDODV1NTE5._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/30/2011 7:41:49 PM | Computer Name = DANIEL-7F9F3285 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2011 9:02:13 PM | Computer Name = DANIEL-7F9F3285 | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.968.628, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/7/2011 12:21:34 AM | Computer Name = DANIEL-7F9F3285 | Source = Dhcp | ID = 1002
Description = The IP address lease 67.182.184.126 for the Network Card with network
address 485B390A1CBE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/7/2011 12:22:19 AM | Computer Name = DANIEL-7F9F3285 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 485B390A1CBE has been denied by the DHCP server 68.87.76.10 (The DHCP Server
sent a DHCPNACK message).

Error - 5/18/2011 1:12:10 AM | Computer Name = DANIEL-7F9F3285 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.


< End of report >
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Can you go through the following steps please. We'll get rid of a couple of files found within the OTL log, then we'll do a fresh scan with MBAM to check whether it is clear. We'll also have a check for any signs of a modified MBR or Rootkit :)



1)
OTL Custom Scan

Delete you current copy of OTL which is on the Desktop

Download the new OTL file to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes
    killallprocesses
    
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
    C:\Documents and Settings\All Users\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again, Make sure Standard Output is selected at the top, then click the Quick Scan button. Post the log it produces in your next reply.




2)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




3)
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image




In your next reply
Please post the contents of...
OTL log
MBAM log
aswMBR log

  • 0

#5
Felita

Felita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 6/18/2011 7:29:37 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Daniel Morton\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.24% Memory free
4.84 Gb Paging File | 4.14 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 119.25 Gb Free Space | 51.21% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 887.07 Gb Free Space | 95.23% Space Free | Partition Type: NTFS

Computer Name: DANIEL-7F9F3285 | User Name: Daniel Morton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/18 18:37:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Morton\My Documents\Downloads\OTL.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/24 23:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/16 11:29:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/30 17:55:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/06/30 17:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/05/20 11:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/08/20 22:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/06/18 18:37:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Morton\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/24 23:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/30 17:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/05/20 11:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/05/06 02:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/04 07:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/12 05:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/24 15:52:26 | 002,016,640 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\XENFilt.sys -- (XENFilt)
DRV - [2010/04/16 16:34:10 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/03/18 02:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 02:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 02:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 02:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/08/17 20:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/30 11:15:54 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2009/05/26 00:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/17 18:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/09/27 14:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 17:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/22 03:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBICP.sys -- (uisp)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7000b6ca-4388-4d95-893d-6659c2d4d1ce}:3.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 11:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 11:29:34 | 000,000,000 | ---D | M]

[2010/06/07 18:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Extensions
[2011/06/16 12:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions
[2010/06/17 16:20:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 12:31:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/22 15:11:17 | 000,000,000 | ---D | M] (Xfinity.com Toolbar) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}
[2011/04/30 16:40:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/12/27 10:43:09 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/04/30 16:40:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\extensions\[email protected]
[2011/04/30 16:40:37 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\searchplugins\conduit.xml
[2011/05/16 08:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/18 14:11:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010/06/18 14:10:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/16 11:29:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/24 02:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/06/18 14:10:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/16 11:29:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/02/10 12:53:34 | 000,003,249 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xfinitylcsearch.xml

O1 HOSTS File: ([2011/06/18 18:40:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Xfinity.com Toolbar) - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll ()
O2 - BHO: (Updater For Xfinity.com Toolbar 3.1) - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Xfinity.com Toolbar) - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\Sound Blaster Tactic(3D) Alpha\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Daniel Morton\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/06 05:59:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/07 01:03:54 | 000,000,036 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 18:40:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 06:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/10 06:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/10 06:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/01 13:37:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daniel Morton\Recent
[2011/06/01 12:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/31 12:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Morton\Application Data\Malwarebytes
[2011/05/31 12:54:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 12:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 12:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/31 12:54:16 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/31 12:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/27 22:09:56 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/25 19:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
[2011/05/25 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2011/05/23 10:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\BitTorrentBar
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 19:12:04 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 19:02:26 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/18 19:01:03 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 19:00:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 18:59:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 18:42:45 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/18 18:42:45 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/18 18:40:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/17 21:15:46 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Desktop\Forsaken World.url
[2011/06/16 23:45:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 16:45:18 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/06/15 00:02:05 | 000,138,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/06/15 00:01:37 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 09:43:31 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/06/10 06:44:15 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/07 06:54:51 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Desktop\rkill.com
[2011/06/01 10:47:27 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/01 10:47:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/01 10:47:23 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/01 01:21:24 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 13:59:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/31 12:54:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 22:11:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/25 19:21:05 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Daniel Morton\Desktop\PC Pitstop Optimize.lnk
[2011/05/24 23:09:21 | 002,123,582 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/24 23:09:21 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/24 23:09:21 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/23 16:14:14 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 21:15:46 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Desktop\Forsaken World.url
[2011/06/10 06:44:15 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/07 06:54:43 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Desktop\rkill.com
[2011/06/01 10:46:45 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/31 12:54:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 19:21:05 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Desktop\PC Pitstop Optimize.lnk
[2011/05/09 10:15:12 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/09 10:15:07 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/05/09 10:15:00 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/30 20:18:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 20:18:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/17 12:57:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/02/21 17:38:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/26 15:44:09 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010/12/07 20:46:16 | 000,032,288 | ---- | C] () -- C:\WINDOWS\System32\xfiXen.ini
[2010/12/07 20:45:54 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\XETSPI32.dll
[2010/12/06 23:37:54 | 000,001,138 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Application Data\wklnhst.dat
[2010/11/02 16:57:27 | 009,079,808 | ---- | C] () -- C:\WINDOWS\System32\alltoall.exe
[2010/10/28 17:49:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/10/27 20:03:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/27 19:58:12 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/27 19:54:07 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/27 19:54:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/27 19:50:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/07 20:45:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/30 16:26:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/23 03:17:32 | 001,138,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 17:42:42 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 00:58:14 | 000,029,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 18:20:02 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/07 20:57:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel Morton\Local Settings\Application Data\prvlcl.dat
[2010/06/07 20:56:22 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2010/06/07 18:29:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/07 18:25:34 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/06/07 18:25:34 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/06/07 18:25:28 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/06/07 18:25:28 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/06/07 06:24:48 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/07 06:18:00 | 000,039,164 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/06/07 06:16:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/07 06:16:53 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/07 06:16:50 | 000,031,600 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/07 06:16:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/07 01:47:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/07 01:45:29 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/06 06:00:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 05:57:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,433,038 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,067,688 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/04 22:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/25 19:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/12/23 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/02 21:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/13 00:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/05 12:44:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/17 19:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\Acreon
[2011/05/27 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\BitComet
[2011/05/23 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\BitTorrent
[2011/05/23 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\CallingID
[2010/12/26 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\DisplayTune
[2010/06/21 20:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\Leadertech
[2010/06/07 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\n52te
[2011/05/25 10:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\RIFT
[2011/04/21 13:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\spiral
[2011/03/30 13:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\SystemRequirementsLab
[2010/12/06 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\Template
[2011/05/23 16:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Morton\Application Data\xfinitytb
[2011/06/18 19:02:26 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >





Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6892

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2011 7:35:20 PM
mbam-log-2011-06-18 (19-35-20).txt

Scan type: Quick scan
Objects scanned: 159730
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-18 19:36:01
-----------------------------
19:36:01.191 OS Version: Windows 5.1.2600 Service Pack 3
19:36:01.191 Number of processors: 2 586 0x4303
19:36:01.191 ComputerName: DANIEL-7F9F3285 UserName: Daniel Morton
19:36:01.863 AVAST engine 6.0.1125 defs: 11061801
19:36:01.863 Initialize success
19:37:08.488 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:37:08.488 Disk 0 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3
19:37:10.488 Disk 0 MBR read successfully
19:37:10.488 Disk 0 MBR scan
19:37:10.488 Disk 0 Windows XP default MBR code
19:37:12.488 Disk 0 scanning sectors +488392065
19:37:12.504 Disk 0 scanning C:\WINDOWS\system32\drivers
19:37:20.863 Service scanning
19:37:22.051 Disk 0 trace - called modules:
19:37:22.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:37:22.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4d7ab8]
19:37:22.066 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8a4b2f18]
19:37:22.066 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4ac940]
19:37:22.566 AVAST engine scan C:\WINDOWS\system32
19:38:32.988 Scan finished successfully
19:38:51.988 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel Morton\Desktop\MBR.dat"
19:38:51.988 The log file has been saved successfully to "C:\Documents and Settings\Daniel Morton\Desktop\aswMBR.txt"
  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. The aswMBR log looks clean. Can you let me know whether you are still having a Windows security alert at the bottom of the screen? If you are, what is the alert message saying?
  • 0

#7
Felita

Felita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It shows as a red shield with an x on it. When I click on it I am taken to the windows security center where it shows that my firewall is not monitored and my automatic updates are turned off. When I got to my control panel my updates are turned on.
  • 0

#8
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey dokey, thanks for the info. Can you run ComboFix for me please, then get back to me with the log that it creates.

Can you also let me know whether you have access to a Full Windows XP CD (not a manufacturers recovery disc).




Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.





In your next reply
Please post the contents of...
ComboFix log
Let me know whether you have access to an XP CD

  • 0

#9
Felita

Felita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I cant seem to locate my XP cd. after a few moves and such it has gone missing.

Here is the log
ComboFix 11-06-19.0r1 - Daniel Morton 06/20/2011 18:38:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1896 [GMT -7:00]
Running from: c:\documents and settings\Daniel Morton\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Daniel Morton\Templates\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-19 01:40 . 2011-06-19 01:40 -------- d-----w- C:\_OTL
2011-06-10 13:43 . 2011-06-10 13:43 -------- d-----w- c:\program files\iPod
2011-06-10 13:43 . 2011-06-10 13:44 -------- d-----w- c:\program files\iTunes
2011-06-06 13:48 . 2011-06-06 13:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 17:46 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-01 17:46 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-01 17:46 . 2011-05-25 06:09 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-31 19:54 . 2011-05-31 19:54 -------- d-----w- c:\documents and settings\Daniel Morton\Application Data\Malwarebytes
2011-05-31 19:54 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 19:54 . 2011-05-31 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-31 19:54 . 2011-06-07 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-31 19:54 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 05:09 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-26 02:14 . 2011-05-26 06:54 -------- d-----w- c:\program files\PCPitstop
2011-05-23 17:47 . 2011-05-23 17:47 -------- d-----w- c:\documents and settings\Daniel Morton\Local Settings\Application Data\BitTorrentBar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 07:02 . 2011-05-09 17:15 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 07:01 . 2011-05-09 17:15 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-15 07:01 . 2011-05-09 17:15 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-12 16:43 . 2011-05-09 17:15 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-25 06:09 . 2011-04-08 05:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-04-08 05:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-08 05:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-04-08 05:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-04-08 05:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-04-08 05:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2010-10-28 02:53 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2010-10-28 02:53 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2010-10-28 02:53 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2010-10-28 02:53 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2010-10-28 02:53 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2010-10-27 01:24 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2010-06-08 01:31 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-25 06:09 . 2010-06-08 01:31 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-10 15:06 . 2010-06-13 07:49 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06 . 2010-06-13 07:49 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 12:10 . 2010-11-05 05:52 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-11-05 05:52 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-11-05 05:52 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-11-05 05:52 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-11-05 05:52 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-11-05 05:52 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-11-05 05:52 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-11-05 05:52 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-11-05 05:52 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-09 17:15 . 2011-05-09 17:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-18 10:23 . 2010-09-08 03:45 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-08 05:15 . 2011-04-08 05:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 05:14 . 2011-05-15 19:29 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-15 19:29 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-05-16 18:29 . 2011-05-16 18:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcc70a83-e184-40a3-906b-779af5e941c4}]
2010-07-30 17:33 87512 ----a-w- c:\program files\xfinitytb\xfinitydx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]
2010-07-30 17:34 259584 ----a-w- c:\program files\xfinitytb\auxi\xfinityAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dcc70a83-e184-40a3-906b-779af5e941c4}"= "c:\program files\xfinitytb\xfinitydx.dll" [2010-07-30 87512]
.
[HKEY_CLASSES_ROOT\clsid\{dcc70a83-e184-40a3-906b-779af5e941c4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-05-01 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-08-21 5782528]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTAPR2"="c:\program files\Creative\Sound Blaster Tactic(3D) Alpha\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe" [2009-11-11 65642]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-27 2577120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
.
c:\documents and settings\Daniel Morton\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-4-26 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Daniel Morton^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Daniel Morton\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2010-12-08 12:42 10811696 ----a-w- c:\program files\BitComet\BitComet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 21:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT ACR]
2010-07-01 00:46 121456 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jomantha]
2008-06-13 18:19 159744 ----a-w- c:\program files\n52te\n52teHid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 06:09 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 20:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Documents and Settings\\Daniel Morton\\Local Settings\\Apps\\2.0\\1CHRK132.MNZ\\5BZOJZWN.Q10\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"19677:TCP"= 19677:TCP:BitComet 19677 TCP
"19677:UDP"= 19677:UDP:BitComet 19677 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/5/2010 1:17 PM 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/27/2011 10:09 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2010 10:52 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2010 10:52 PM 19544]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/21/2010 8:38 PM 10448]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/15/2011 12:30 PM 2214504]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [12/26/2010 3:43 PM 109168]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/7/2010 6:25 PM 1390976]
R3 XENFilt;XENFilt;c:\windows\system32\drivers\XENFilt.sys [12/7/2010 8:45 PM 2016640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2010 10:52 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 2151128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2010 10:52 PM 136176]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [6/7/2010 8:56 PM 48896]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - aswMBR
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 09:11]
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 05:52]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 05:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
FF - ProfilePath - c:\documents and settings\Daniel Morton\Application Data\Mozilla\Firefox\Profiles\zlo7p4t9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c0da298&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\docume~1\DANIEL~1\LOCALS~1\Temp\catchme.dll
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c01e\6&10d64f3f&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-06-20 18:54:53
ComboFix-quarantined-files.txt 2011-06-21 01:54
.
Pre-Run: 127,859,372,032 bytes free
Post-Run: 127,928,016,896 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 00869157930D059D0C82D369ED40393D
  • 0

#10
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No worries, we'll try and sort the Automatic Updates problem without using the CD. Hopefully we'll be able to :)


1)
You do appear to be running two Anti Virus programs, Lavasoft Ad-Watch Live! Anti-Virus and Avast.

With Anti-Virus programs I would highly recommend only having one installed at any given time :unsure:

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

To uninstall one of the two, just go into Control Panel, then Add or Remove programs, select the one you wish to uninstall and click Remove.




2)
Click here to go to a Microsoft page detailing a fix on the Windows Updates. Use the "Fix It" Utility listed on that page. Choose the Default option first, but if this does not solve the Automatic Updates message, choose the Aggressive mode.




Let me know if the above has sorted the Updates issue or not.
  • 0

#11
Felita

Felita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
That was it. Thank you for your help.
  • 0

#12
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, great to hear that's done the trick.

If you have any other queries or problems, just let me know.




Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR and RogueKiller from the Desktop (if present)

2)
Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :unsure:
BlackOxide

  • 0

#13
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP