Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Security 2012 [Closed] [Solved]

Started by jlk69 , Dec 22 2011 03:31 AM

  • This topic is locked This topic is locked

#1
jlk69
Posted 22 December 2011 - 03:31 AM

jlk69

    Member

  • Member
  • PipPip
  • 97 posts
Here is my OTL Log: OTL logfile created on: 12/22/2011 1:20:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 76.44% Memory free
5.08 Gb Paging File | 4.54 Gb Available in Paging File | 89.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 48.78 Gb Free Space | 17.45% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 15.63 Gb Free Space | 1.12% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 0.34 Gb Free Space | 0.30% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 6.49 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 280.13 Gb Free Space | 93.98% Space Free | Partition Type: NTFS
Drive H: | 3.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 149.04 Gb Total Space | 53.85 Gb Free Space | 36.13% Space Free | Partition Type: NTFS
Drive J: | 375.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 298.09 Gb Total Space | 206.57 Gb Free Space | 69.30% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.75 Mb Free Space | 34.34% Space Free | Partition Type: NTFS
Drive R: | 93.16 Gb Total Space | 7.15 Gb Free Space | 7.67% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 01:19:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011/12/22 01:06:35 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe
PRC - [2011/12/21 20:29:36 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/07/02 17:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 20:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/03/18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/15 04:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/06/15 04:00:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2006/08/03 10:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 10:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\DVDAudio\CTDVDDET.exe
PRC - [2001/10/21 18:12:28 | 000,045,056 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\LXAMSP32.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/21 20:29:36 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/12/21 12:58:21 | 001,655,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122102\algo.dll
MOD - [2011/12/19 15:49:56 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122102\aswRep.dll
MOD - [2011/11/14 03:56:41 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/14 15:40:28 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 14:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2006/08/03 10:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/26 01:57:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/04/07 21:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (MRxSmb)
DRV - File not found [Kernel | On_Demand | Running] -- -- (IesDrv)
DRV - File not found [Kernel | On_Demand | Running] -- -- (AsrOcDrv)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/10/14 15:27:16 | 000,016,448 | ---- | M] (Shaul Eizikovich) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vjoy.sys -- (vjoy)
DRV - [2011/10/14 15:21:08 | 000,009,664 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2011/07/26 09:26:47 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2011/07/26 07:53:47 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/03/03 07:59:20 | 000,119,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/06/22 01:59:58 | 006,060,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/17 00:13:20 | 000,261,672 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv91xx.sys -- (mv91xx)
DRV - [2010/03/08 02:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/01/22 11:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 11:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/17 15:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 15:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/03 19:03:56 | 000,031,808 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2009/11/03 19:03:56 | 000,015,936 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/08/03 10:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 10:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 10:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\KMW_KBD.sys -- (KMW_KBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.8
FF - prefs.js..extensions.enabledItems: showmemore@suskind:1.3
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:4.24.0.0
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.97
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..keyword.URL: "http://search.yahoo....type=971163&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/05 16:41:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 20:29:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 20:29:38 | 000,000,000 | ---D | M]

[2011/04/02 15:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2011/12/21 15:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions
[2011/04/03 12:52:29 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/04/24 10:26:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/05 13:08:26 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2011/06/25 11:41:20 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2011/04/03 12:52:28 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2011/10/15 12:08:42 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/11/11 08:26:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/03 13:00:53 | 000,000,000 | ---D | M] (Custom Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\[email protected]
[2011/04/03 12:52:27 | 000,000,000 | ---D | M] (Show Me More) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\showmemore@suskind
[2011/06/11 16:00:26 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\searchplugins\youtube.xml
[2011/12/21 15:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/03 14:26:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/05 16:41:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/03 11:49:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/25 20:06:22 | 000,000,801 | -HS- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [lxamsp32.exe] C:\WINDOWS\System32\LXAMSP32.EXE (Lexmark International)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKCU..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKCU..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{813A0D76-BE99-43B5-B9AD-6D1316EDC5EF}: NameServer = 208.67.222.222,206.67.222.208
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 15:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 20:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 17:07:22 | 000,000,000 | R--D | M] - J:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2004/11/09 14:47:19 | 000,000,033 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6dbbba1f-5d37-11e0-b8c6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dbbba1f-5d37-11e0-b8c6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dbbba1f-5d37-11e0-b8c6-806d6172696f}\Shell\AutoRun\command - "" = T:\ASRSetup.exe
O33 - MountPoints2\{e2ddd9c6-7788-11e0-b3b2-00252282622a}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ddd9c6-7788-11e0-b3b2-00252282622a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2ddd9c6-7788-11e0-b3b2-00252282622a}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = m3] -- "C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2011/12/22 01:06:35 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe
[2011/11/24 15:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Flying Model Simulator
[2011/11/24 15:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\FMS
[2011/11/24 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartPropoPlus
[2011/11/24 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPropoPlus
[2011/11/24 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\PPJoy Joystick Driver
[2011/11/24 14:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PPJoy Joystick Driver
[2011/11/24 00:53:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/11/23 11:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/11/23 11:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/11/23 11:14:34 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011/11/23 11:14:33 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011/11/23 11:14:25 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011/11/23 11:14:24 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011/09/07 15:30:28 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaserv.dll
[2011/09/07 15:30:28 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbausb1.dll
[2011/09/07 15:30:28 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbahbn3.dll
[2011/09/07 15:30:28 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomc.dll
[2011/09/07 15:30:28 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapmui.dll
[2011/09/07 15:30:28 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbalmpm.dll
[2011/09/07 15:30:28 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacoms.exe
[2011/09/07 15:30:28 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomm.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbainpa.dll
[2011/09/07 15:30:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaiesc.dll
[2011/09/07 15:30:28 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaih.exe
[2011/09/07 15:30:28 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacfg.exe
[2011/09/07 15:30:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXBAhcp.dll
[2011/09/07 15:30:28 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaprox.dll
[2011/09/07 15:30:28 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapplc.dll
[2011/04/23 20:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[2010/03/18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2011/12/22 01:19:58 | 000,013,648 | -HS- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/12/22 01:19:58 | 000,013,648 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\805830a1r786f880a626n8tpa5l6
[2011/12/22 00:57:01 | 000,648,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/22 00:57:01 | 000,135,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/22 00:53:13 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/22 00:51:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 22:05:27 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2011/12/21 22:05:27 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2011/12/21 22:05:27 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2011/12/21 22:05:27 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2011/12/21 22:05:27 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2011/12/21 22:05:20 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.CDF
[2011/12/21 22:05:20 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.BAK
[2011/12/05 16:42:00 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 10:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 09:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/24 15:00:07 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\FMS.lnk
[2011/11/24 14:54:08 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartPropoPlus.lnk
[2011/11/24 09:17:03 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/24 01:07:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/23 18:39:30 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2011/11/23 18:39:29 | 000,119,248 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111123_162741.pdf
[2011/11/23 11:53:28 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\My Documents\Turnigy 9x.ini
[2011/11/23 11:22:01 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/11/23 11:22:01 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/23 17:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2011/12/22 01:06:37 | 000,013,648 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/12/22 01:06:37 | 000,013,648 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\805830a1r786f880a626n8tpa5l6
[2011/11/24 15:00:07 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\FMS.lnk
[2011/11/24 14:54:08 | 000,131,072 | ---- | C] () -- C:\PPJoyEx.dll
[2011/11/24 14:54:08 | 000,019,456 | ---- | C] () -- C:\AudioStudy.exe
[2011/11/24 14:54:08 | 000,012,288 | ---- | C] () -- C:\JsChPostProc.dll
[2011/11/24 14:54:08 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartPropoPlus.lnk
[2011/11/24 14:54:07 | 000,081,920 | ---- | C] () -- C:\SppConsole.exe
[2011/11/24 00:55:14 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/11/23 18:39:29 | 000,119,248 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111123_162741.pdf
[2011/11/23 11:53:28 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\My Documents\Turnigy 9x.ini
[2011/11/23 11:22:01 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/11/23 11:22:00 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/10/28 21:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 21:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 14:03:30 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/09/07 15:30:40 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.dll
[2011/09/07 15:30:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbavs.dll
[2011/09/07 15:30:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxbacnv4.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxbautil.dll
[2011/09/07 15:30:28 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXBAinst.dll
[2011/07/26 10:02:04 | 000,001,794 | ---- | C] () -- C:\WINDOWS\System32\epid2110.dll
[2011/07/26 10:02:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sysgen76.dll
[2011/07/26 07:53:46 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3613.sys
[2011/07/12 21:34:55 | 000,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/07/12 21:34:55 | 000,025,054 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/06/11 18:57:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/05/06 14:45:43 | 000,260,444 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/06 14:45:43 | 000,260,444 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/06 14:45:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/05 23:12:48 | 001,760,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2011/05/05 23:12:44 | 000,116,862 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/05 22:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2011/04/28 23:32:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/28 23:31:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/04/28 23:31:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/28 14:49:38 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2011/04/24 13:16:45 | 000,177,861 | ---- | C] () -- C:\WINDOWS\Addictive Pitts Uninstaller.exe
[2011/04/23 20:54:16 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\inst.exe
[2011/04/23 20:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 20:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/23 20:50:36 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\vso_ts_preview.xml
[2011/04/20 13:27:37 | 000,000,211 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2011/04/18 21:05:48 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dll
[2011/04/18 21:05:48 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2011/04/18 21:04:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/09 16:33:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/09 16:33:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/09 16:32:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/04/09 16:32:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/09 16:32:13 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/09 16:32:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/04/09 15:57:40 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/04/09 15:51:56 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/04/09 15:36:11 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/04/06 22:06:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2011/04/06 20:27:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 14:44:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/05 14:36:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/04 14:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg
[2011/04/04 13:46:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/03 11:40:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\ContextMenuExt.dll
[2011/04/03 01:18:46 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2011/04/03 00:55:53 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/02 23:27:23 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2011/04/02 15:04:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 15:01:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/02 06:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/02 06:47:51 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/30 15:09:03 | 000,036,044 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2010/03/18 18:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 18:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 18:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 18:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 18:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 18:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 18:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 18:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 18:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 18:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 18:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 17:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 17:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 17:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/07/08 14:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/06/15 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/06/15 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/15 04:00:00 | 000,648,840 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/15 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/15 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/15 04:00:00 | 000,135,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/15 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/15 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/15 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/15 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/06/15 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/06/15 04:00:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/08/13 19:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/21 04:43:01 | 000,340,480 | ---- | C] () -- C:\WINDOWS\System32\esftchk2.dll
[2004/12/20 01:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/03/19 17:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2002/03/19 16:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2002/03/19 16:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2001/05/28 11:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[2001/05/13 16:18:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 08:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 08:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/04/03 10:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/07/26 09:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/03 12:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/11 11:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2011/04/03 12:24:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/11 11:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/25 20:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/04/03 12:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/07 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/06/11 15:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/10/28 13:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/23 21:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/05/01 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WOP
[2011/04/03 10:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2011/04/03 12:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2011/05/03 23:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 21:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 17:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2011/04/05 07:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2011/05/20 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2011/04/20 13:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2011/04/13 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 14:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2011/04/06 20:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2011/04/03 13:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/02 23:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2011/06/15 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2011/07/16 16:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2011/05/27 18:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2011/10/14 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2011/05/05 09:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >
Infected by XP Security 2012 malware
  • 0

Advertisements

#2
Essexboy
Posted 31 December 2011 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - on completion of this can you let me know the current problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O37 - HKCU\...exe [@ = m3] -- "C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe" -a "%1" %* (Microsoft Corporation)
    [2011/12/22 01:06:35 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe
    [2011/12/22 01:19:58 | 000,013,648 | -HS- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
    [2011/12/22 01:19:58 | 000,013,648 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\805830a1r786f880a626n8tpa5l6
    [2011/12/22 01:06:37 | 000,013,648 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
    [2011/12/22 01:06:37 | 000,013,648 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\805830a1r786f880a626n8tpa5l6

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
jlk69
Posted 02 January 2012 - 04:56 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OK, here is the new OTL Log:OTL logfile created on: 1/2/2012 2:51:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 81.80% Memory free
5.08 Gb Paging File | 4.69 Gb Available in Paging File | 92.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 49.00 Gb Free Space | 17.53% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 15.65 Gb Free Space | 1.12% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 0.34 Gb Free Space | 0.30% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 6.49 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 280.13 Gb Free Space | 93.98% Space Free | Partition Type: NTFS
Drive H: | 3.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 149.04 Gb Total Space | 53.85 Gb Free Space | 36.13% Space Free | Partition Type: NTFS
Drive J: | 375.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 298.09 Gb Total Space | 206.57 Gb Free Space | 69.30% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive Q: | 9.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive R: | 93.16 Gb Total Space | 7.15 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive S: | 3.83 Gb Total Space | 3.76 Gb Free Space | 98.16% Space Free | Partition Type: FAT32
Drive T: | 7.41 Gb Total Space | 0.40 Gb Free Space | 5.36% Space Free | Partition Type: FAT32

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 01:19:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011/12/21 20:29:36 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/07 21:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/07/02 17:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 20:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/03/18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/15 04:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/03 10:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 10:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\DVDAudio\CTDVDDET.exe
PRC - [2001/10/21 18:12:28 | 000,045,056 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\LXAMSP32.EXE


========== Modules (No Company Name) ==========

MOD - [2012/01/02 00:42:39 | 001,660,928 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12010200\algo.dll
MOD - [2011/12/31 07:01:54 | 000,268,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12010200\aswRep.dll
MOD - [2011/12/21 20:29:36 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/06/14 15:40:28 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 14:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2006/08/03 10:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/26 01:57:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/04/07 21:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (IesDrv)
DRV - File not found [Kernel | On_Demand | Running] -- -- (AsrOcDrv)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/10/14 15:27:16 | 000,016,448 | ---- | M] (Shaul Eizikovich) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vjoy.sys -- (vjoy)
DRV - [2011/10/14 15:21:08 | 000,009,664 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2011/07/26 09:26:47 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2011/07/26 07:53:47 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/03/03 07:59:20 | 000,119,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/06/22 01:59:58 | 006,060,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/17 00:13:20 | 000,261,672 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv91xx.sys -- (mv91xx)
DRV - [2010/03/08 02:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/01/22 11:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 11:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/17 15:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 15:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/03 19:03:56 | 000,031,808 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2009/11/03 19:03:56 | 000,015,936 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/08/03 10:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 10:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 10:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.8
FF - prefs.js..extensions.enabledItems: showmemore@suskind:2.2
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:4.24.0.0
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.97
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..keyword.URL: "http://search.yahoo....type=971163&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/05 16:41:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 20:29:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 20:29:38 | 000,000,000 | ---D | M]

[2011/04/02 15:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2012/01/02 02:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions
[2011/04/03 12:52:29 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/04/24 10:26:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/05 13:08:26 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2011/06/25 11:41:20 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2011/04/03 12:52:28 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2011/10/15 12:08:42 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/12/23 23:14:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/03 13:00:53 | 000,000,000 | ---D | M] (Custom Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\[email protected]
[2012/01/02 02:49:44 | 000,000,000 | ---D | M] (Show Me More) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\extensions\showmemore@suskind
[2011/06/11 16:00:26 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\searchplugins\youtube.xml
[2012/01/01 23:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/03 14:26:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/05 16:41:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/03 11:49:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/25 20:06:22 | 000,000,801 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [lxamsp32.exe] C:\WINDOWS\System32\LXAMSP32.EXE (Lexmark International)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKCU..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKCU..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{813A0D76-BE99-43B5-B9AD-6D1316EDC5EF}: NameServer = 208.67.222.222,206.67.222.208
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 15:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 20:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 17:07:22 | 000,000,000 | R--D | M] - J:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2004/11/09 14:47:19 | 000,000,033 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/04/08 01:48:03 | 000,000,046 | RH-- | M] () - Q:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/09/06 10:26:34 | 000,000,048 | RH-- | M] () - Q:\autorun.inf.bak -- [ CDFS ]
O33 - MountPoints2\{6dbbba1f-5d37-11e0-b8c6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dbbba1f-5d37-11e0-b8c6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dbbba1f-5d37-11e0-b8c6-806d6172696f}\Shell\AutoRun\command - "" = T:\ASRSetup.exe
O33 - MountPoints2\{e2ddd9c6-7788-11e0-b3b2-00252282622a}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ddd9c6-7788-11e0-b3b2-00252282622a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2ddd9c6-7788-11e0-b3b2-00252282622a}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 31] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2011/12/26 02:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\eePe
[2011/12/26 02:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\eePe
[2011/09/07 15:30:28 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaserv.dll
[2011/09/07 15:30:28 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbausb1.dll
[2011/09/07 15:30:28 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbahbn3.dll
[2011/09/07 15:30:28 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomc.dll
[2011/09/07 15:30:28 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapmui.dll
[2011/09/07 15:30:28 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbalmpm.dll
[2011/09/07 15:30:28 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacoms.exe
[2011/09/07 15:30:28 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomm.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbainpa.dll
[2011/09/07 15:30:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaiesc.dll
[2011/09/07 15:30:28 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaih.exe
[2011/09/07 15:30:28 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacfg.exe
[2011/09/07 15:30:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXBAhcp.dll
[2011/09/07 15:30:28 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaprox.dll
[2011/09/07 15:30:28 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapplc.dll
[2011/04/23 20:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[2010/03/18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2012/01/02 02:46:22 | 000,648,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 02:46:22 | 000,135,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/02 02:42:51 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/02 02:41:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 02:39:14 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/01/02 02:39:14 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/01/02 02:39:14 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/01/02 02:39:14 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/01/02 02:39:14 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/01/02 02:39:01 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.CDF
[2012/01/02 02:39:01 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.BAK
[2011/12/22 14:48:01 | 000,013,656 | -HS- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/12/22 14:48:01 | 000,013,656 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\805830a1r786f880a626n8tpa5l6
[2011/12/05 16:42:00 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/23 17:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2011/12/22 01:06:37 | 000,013,656 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/12/22 01:06:37 | 000,013,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\805830a1r786f880a626n8tpa5l6
[2011/10/28 21:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 21:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 14:03:30 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/09/07 15:30:40 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.dll
[2011/09/07 15:30:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbavs.dll
[2011/09/07 15:30:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxbacnv4.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxbautil.dll
[2011/09/07 15:30:28 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXBAinst.dll
[2011/07/26 10:02:04 | 000,001,794 | ---- | C] () -- C:\WINDOWS\System32\epid2110.dll
[2011/07/26 10:02:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sysgen76.dll
[2011/07/26 07:53:46 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3613.sys
[2011/07/12 21:34:55 | 000,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/07/12 21:34:55 | 000,025,054 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/06/11 18:57:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/05/06 14:45:43 | 000,260,444 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/06 14:45:43 | 000,260,444 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/06 14:45:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/05 23:12:48 | 001,760,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2011/05/05 23:12:44 | 000,116,862 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/05 22:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2011/05/05 20:07:53 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2011/04/28 23:32:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/28 23:31:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/04/28 23:31:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/28 14:49:38 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2011/04/24 13:16:45 | 000,177,861 | ---- | C] () -- C:\WINDOWS\Addictive Pitts Uninstaller.exe
[2011/04/23 20:54:16 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\inst.exe
[2011/04/23 20:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 20:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/23 20:50:36 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\vso_ts_preview.xml
[2011/04/20 13:27:37 | 000,000,211 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2011/04/18 21:05:48 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dll
[2011/04/18 21:05:48 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2011/04/18 21:04:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/09 16:33:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/09 16:33:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/09 16:32:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/04/09 16:32:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/09 16:32:13 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/09 16:32:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/04/09 15:57:40 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/04/09 15:51:56 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/04/09 15:36:11 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/04/06 22:06:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2011/04/06 20:27:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 14:44:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/05 14:36:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/04 14:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg
[2011/04/04 13:46:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/03 11:40:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\ContextMenuExt.dll
[2011/04/03 01:18:46 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2011/04/03 00:55:53 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/02 23:27:23 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2011/04/02 15:04:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 15:01:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/02 06:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/02 06:47:51 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/30 15:09:03 | 000,036,044 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2010/03/18 18:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 18:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 18:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 18:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 18:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 18:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 18:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 18:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 18:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 18:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 18:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 17:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 17:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 17:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/07/08 14:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/06/15 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/06/15 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/15 04:00:00 | 000,648,840 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/15 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/15 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/15 04:00:00 | 000,135,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/15 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/15 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/15 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/15 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/06/15 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/06/15 04:00:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/08/13 19:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/21 04:43:01 | 000,340,480 | ---- | C] () -- C:\WINDOWS\System32\esftchk2.dll
[2004/12/20 01:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/03/19 17:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2002/03/19 16:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2002/03/19 16:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2001/05/28 11:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[2001/05/13 16:18:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 08:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 08:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/04/03 10:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/07/26 09:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/03 12:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/11 11:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2011/04/03 12:24:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/11 11:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/25 20:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/04/03 12:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/07 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/06/11 15:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/10/28 13:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/23 21:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/05/01 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WOP
[2011/04/03 10:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2011/04/03 12:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2011/05/03 23:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 21:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 17:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2011/04/05 07:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2011/05/20 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2011/04/20 13:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2011/04/13 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 14:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2011/04/06 20:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2011/04/03 13:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/02 23:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2011/06/15 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2011/07/16 16:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2011/05/27 18:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2011/10/14 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2011/05/05 09:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >
  • 0

#4
jlk69
Posted 02 January 2012 - 05:17 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
And here is the aswMBR log:aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-02 03:00:06
-----------------------------
03:00:06.671 OS Version: Windows 5.1.2600 Service Pack 3
03:00:06.671 Number of processors: 4 586 0x1E05
03:00:06.671 ComputerName: ASROCK_WINXP UserName: Jon Kunkel
03:00:07.468 Initialize success
03:00:07.531 AVAST engine defs: 12010200
03:00:11.234 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
03:00:11.234 Disk 0 Vendor: WDC_WD1200JB-00GVA0 08.02D08 Size: 114473MB BusType: 3
03:00:11.234 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
03:00:11.234 Disk 1 Vendor: WDC_WD1600JB-00FUA0 15.05R15 Size: 152627MB BusType: 3
03:00:11.250 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1a
03:00:11.250 Disk 2 Vendor: ST3300620AS 3.AAC Size: 286168MB BusType: 3
03:00:11.250 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T1L0-22
03:00:11.250 Disk 3 Vendor: WDC_WD1600JD-55HBC0 08.02D08 Size: 152627MB BusType: 3
03:00:11.250 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP3T0L0-2d
03:00:11.250 Disk 4 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
03:00:11.250 Disk 5 \Device\Harddisk5\DR5 -> \Device\Ide\IdeDeviceP4T0L0-38
03:00:11.250 Disk 5 Vendor: WDC_WD3200AVJS-63WDA0 12.01B02 Size: 305245MB BusType: 3
03:00:11.250 Disk 6 \Device\Harddisk6\DR6 -> \Device\Scsi\mv91xx2Port7Path0Target0Lun0
03:00:11.265 Disk 6 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 1
03:00:11.265 Disk 2 MBR read successfully
03:00:11.265 Disk 2 MBR scan
03:00:11.265 Disk 2 Windows XP default MBR code
03:00:11.281 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 63
03:00:11.281 Disk 2 scanning sectors +586067265
03:00:11.328 Disk 2 scanning C:\WINDOWS\system32\drivers
03:00:18.031 Service scanning
03:00:19.609 Service .mrxsmb \* **LOCKED** 123
03:00:19.640 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
03:00:19.671 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
03:00:20.187 Modules scanning
03:00:26.953 Disk 2 trace - called modules:
03:00:26.968 ntoskrnl.exe >>UNKNOWN [0x8b07fbf8]<<
03:00:26.968 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8afdca20]
03:00:26.968 \Driver\Disk[0x8b0209d8] -> IRP_MJ_CREATE -> 0x8b07fbf8
03:00:27.656 AVAST engine scan C:\WINDOWS
03:00:35.328 AVAST engine scan C:\WINDOWS\system32
03:01:24.171 File: C:\WINDOWS\system32\rundll32.exe **INFECTED** Win32:Malware-gen
03:01:42.921 AVAST engine scan C:\WINDOWS\system32\drivers
03:01:51.359 AVAST engine scan C:\Documents and Settings\Jon Kunkel
03:10:46.500 AVAST engine scan C:\Documents and Settings\All Users
03:11:41.562 Scan finished successfully
03:16:21.281 Disk 2 MBR has been saved successfully to "D:\Downloads\MBR.dat"
03:16:21.296 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"
  • 0

#5
jlk69
Posted 02 January 2012 - 05:27 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Now everything seams normal except when I open Outlook Express I get an error message: The server responded with an error. Account: 'pop.west.cox.net', Server: 'pop.west.cox.net', Protocol: POP3, Server Response: '-ERR Cannot establish SSL with POP server 68.6.19.2:995, SSL_connect error 5', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC90 E-mail was working fine before the malware infection.Outlook Express error.jpg
  • 0

#6
Essexboy
Posted 02 January 2012 - 06:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A bit more to do as aswMBR reported a possible infection on the rundll file

03:01:24.171 File: C:\WINDOWS\system32\rundll32.exe **INFECTED** Win32:Malware-gen


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Essexboy
Posted 06 January 2012 - 02:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
Essexboy
Posted 10 January 2012 - 03:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Could you post the combofix log please and the current problems you are having
  • 0

#9
jlk69
Posted 10 January 2012 - 06:10 PM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I ran Combofix. It said it had to reboot then told me it had to search for a file but hours later nothing changed. See picture.combofix Capture_3.jpg The only problem I currently have is with the e-mail.

Edited by jlk69, 10 January 2012 - 06:11 PM.

  • 0

#10
Essexboy
Posted 11 January 2012 - 01:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For the e-mail, try this:

Open up Avast and select Shields
Select Email
Select Expert Settings
On the right select SSL

Does your e-mail provider appear there ?
If not then add it and try again

If that should fail then stop the e-mail shield and retry

This is a known problem with Antivirus e-mail protection

Also how do you access the mail is it via a web page or an e-mail client ?

For combofix :

Stop the programme and reboot twice

If the log is at C:\combofix.txt please post it
  • 0

Advertisements

#11
jlk69
Posted 12 January 2012 - 01:25 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OK I my e-mail works again after disabling the mail shield in Avast. :thumbsup: When I look for the Combofix log I found a folder named Combofix on C drive but when I open it up it is my computer. In other words the my computer icon seams to be misnamed Combofix.combo Capture_3.jpg (When I open up the Combofix folder, this is what I get.)copmbo Capture_3.jpg :confused: And yes the Combofix.exe file is on the desktop.combofix desktop Capture_3.jpg

Edited by jlk69, 12 January 2012 - 01:35 AM.

  • 0

#12
Essexboy
Posted 12 January 2012 - 01:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run combofix please - there should be a log this time

Once done let me know what problems remain
  • 0

#13
jlk69
Posted 13 January 2012 - 12:42 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I have re-run Combofix and have gotten the exact same results with no log file in sight. I have actually run Combofix a half dozen times total and every time it tells me to turn off Avast real time scanners even though I already disabled them. :confused: Each time it stalls and even after waiting several hours no progress. I am then forced to restart the system as Explorer is disabled and will not start with a message that explorer is not a valid win32 application. :surrender: My system is running great with no sign of malware or infection. I would like to comply and give you that Combofix log but I guess no log file is produced unless the program finishes normally. :help:

Edited by jlk69, 13 January 2012 - 12:43 AM.

  • 0

#14
Essexboy
Posted 13 January 2012 - 12:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that be weird ... But, any bad boys that I misssed would have been killed. So lets run a sweep for orphans and see if there are any remaining problems

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#15
jlk69
Posted 13 January 2012 - 05:11 PM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OK here is the log requested: Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Jon Kunkel :: ASROCK_WINXP [administrator]

1/13/2012 2:58:51 PM
mbam-log-2012-01-13 (14-58-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192534
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe" -a "%1" %* -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\rnk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP