the computer. After that the computer would not hook up to the internet, the antivirus was disabled and could not be enabled. System restore was disabled. Also all internet and networking are disabled in the house. That is why I am using my phone to type this. Help!!!!!!!
unknown possible rootkit [Solved]
Started by
jlk69
, Dec 06 2012 01:38 AM
-
This topic is locked
#1
Posted 06 December 2012 - 01:38 AM
jlk69
-
- Member
-
- 97 posts
Member
the computer. After that the computer would not hook up to the internet, the antivirus was disabled and could not be enabled. System restore was disabled. Also all internet and networking are disabled in the house. That is why I am using my phone to type this. Help!!!!!!!
#2
Posted 06 December 2012 - 01:46 AM
jlk69
- Topic Starter
-
- Member
-
- 97 posts
Member
At. the moment I running a full scan with AVG free on my laptop. A root kit scan came up clear a few min ago. So far scan shows 2 instances of Trojan horse Agent4.AHP
#3
Posted 06 December 2012 - 08:58 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Have you reset your router ?
Download OTL to your Desktop
Secondary link
Download OTL to your Desktop
Secondary link
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#4
Posted 07 December 2012 - 01:10 AM
jlk69
- Topic Starter
-
- Member
-
- 97 posts
Member
OTL logfile created on: 12/6/2012 10:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 84.04% Memory free
5.09 Gb Paging File | 4.80 Gb Available in Paging File | 94.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.40 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 14.71 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 0.79 Gb Free Space | 0.53% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 214.93 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 51.68 Gb Free Space | 34.67% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.41 Gb Free Space | 99.49% Space Free | Partition Type: FAT32
Drive L: | 298.09 Gb Total Space | 206.45 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive R: | 93.16 Gb Total Space | 3.78 Gb Free Space | 4.05% Space Free | Partition Type: NTFS
Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/06 22:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/07/02 17:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 20:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/15 04:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/03 11:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 11:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/05 10:09:25 | 002,036,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12120501\algo.dll
MOD - [2009/06/11 16:11:08 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/08/03 11:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012/11/27 00:07:41 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/07 18:50:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 18:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 12:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ak0trg3a)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/14 15:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 00:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/11/09 06:21:41 | 000,122,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/10/04 02:22:16 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/01 22:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 22:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 22:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 09:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 01:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/08 02:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 03:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 11:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 11:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/17 15:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 15:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 22:37:14 | 000,020,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv91cons.sys -- (mv91cons)
DRV - [2009/06/15 04:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009/06/15 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009/06/15 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2009/06/15 04:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/03 11:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 11:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 11:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledAddons: showmemore@suskind:2.3
FF - prefs.js..extensions.enabledAddons: {524B8EF8-C312-11DB-8039-536F56D89593}:4.39.0.0
FF - prefs.js..extensions.enabledAddons: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledAddons: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:5.14.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.8
FF - prefs.js..extensions.enabledItems: showmemore@suskind:2.3
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:4.39.0.0
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "http://search.yahoo....type=971163&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 16:43:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/28 14:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 12:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/04 12:22:39 | 000,000,000 | ---D | M]
[2011/04/02 15:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2012/11/28 18:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions
[2012/11/25 17:28:28 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/11/25 17:18:44 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2012/11/25 17:16:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/26 21:48:00 | 000,000,000 | ---D | M] (CSHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2012/11/26 21:48:01 | 000,000,000 | ---D | M] (Thumbnail Zoom Plus) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/25 17:16:27 | 000,139,518 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/26 21:42:20 | 000,136,064 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/28 18:29:29 | 000,050,279 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2012/11/25 17:16:27 | 000,089,724 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2012/11/25 17:16:27 | 000,377,191 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/12/04 12:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/04 12:22:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/07 17:11:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 13:54:35 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/28 03:16:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\NDAS Device Management.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 15:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 20:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/12/06 22:57:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2012/12/04 12:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/03 12:42:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/03 12:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2012/12/03 11:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2012/12/03 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/12/03 09:36:55 | 000,110,592 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\kmw_dll.dll
[2012/12/03 09:36:55 | 000,106,496 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\kmw_run.exe
[2012/12/03 09:36:55 | 000,091,648 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_SYS.sys
[2012/12/03 09:36:55 | 000,010,112 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_USB.sys
[2012/12/03 09:36:55 | 000,005,376 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_KBD.sys
[2012/12/03 09:36:55 | 000,004,736 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_LIB.sys
[2012/12/01 11:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\Reg file backup
[2012/12/01 11:47:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jon Kunkel\Recent
[2012/12/01 11:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/01 11:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Revo Uninstaller
[2012/12/01 11:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/11/27 11:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Sun
[2012/11/27 09:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\Apple Computer
[2012/11/27 00:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/27 00:08:08 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/27 00:08:08 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/27 00:07:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/27 00:07:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/27 00:07:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/27 00:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/11/26 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/11/26 22:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/26 22:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Apple
[2012/11/26 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/26 22:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/11/26 22:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012/11/25 17:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\Firefox sync recovery key
[2012/11/24 13:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2012/11/17 11:21:23 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
[2012/11/12 20:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CompuApps SwissKnife V3
[2012/11/12 20:12:49 | 000,000,000 | ---D | C] -- C:\SWISNIFE
[2012/11/12 20:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/11/11 14:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Music Manager
[2012/11/11 14:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Programs
[2012/11/07 18:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\eMule
[2011/04/23 20:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2012/12/06 22:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2012/12/06 22:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/06 22:27:10 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2012/12/06 22:11:10 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 21:46:32 | 000,825,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/06 21:46:32 | 000,192,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/06 21:44:05 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/06 21:42:52 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/06 21:42:16 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 21:41:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/06 08:48:14 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/05 22:18:07 | 000,000,504 | -HS- | M] () -- C:\boot.ini
[2012/12/04 16:49:26 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 10 Photo Manager.lnk
[2012/12/03 09:57:05 | 000,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/02 14:27:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2012/12/02 03:23:50 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.CDF
[2012/12/02 03:23:50 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.BAK
[2012/11/28 14:39:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/28 03:16:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/27 00:07:43 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/27 00:07:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/27 00:07:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/27 00:07:39 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/27 00:07:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/27 00:07:37 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/27 00:07:37 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/24 13:10:10 | 000,001,423 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Google Drive.lnk
[2012/11/12 20:12:49 | 000,000,543 | ---- | M] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 20:12:49 | 000,000,287 | ---- | M] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 18:26:41 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/11/07 18:50:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/07 18:50:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/07 18:15:12 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\eMule.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2100/02/23 17:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2012/12/03 11:58:35 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/12/03 09:36:55 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2012/12/01 16:03:09 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.BAK
[2012/11/26 22:08:28 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/11/26 21:46:38 | 000,251,575 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/24 13:10:10 | 000,001,423 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Google Drive.lnk
[2012/11/24 13:06:40 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 13:06:39 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 20:12:50 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/11/12 20:12:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/11/12 20:12:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 20:12:49 | 000,000,344 | ---- | C] () -- C:\WINDOWS\DYNASN.INF
[2012/11/12 20:12:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 20:12:35 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/11/12 17:58:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/11/11 14:22:54 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2012/11/11 14:22:53 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2012/11/07 18:50:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/07 18:50:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/07 18:14:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\eMule.lnk
[2012/10/28 14:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 14:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 14:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 14:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 08:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/06/20 15:29:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\mvraidver.dat
[2012/05/24 02:16:33 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Realflight.INI
[2012/05/24 01:28:10 | 000,000,249 | ---- | C] () -- C:\WINDOWS\emug3.ini
[2012/03/21 18:54:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/29 23:53:48 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 18:20:03 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2012/02/03 18:18:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 01:31:46 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/22 01:06:37 | 000,013,656 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/11/23 18:39:29 | 000,119,248 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111123_162741.pdf
[2011/11/02 20:20:08 | 000,119,792 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111102_190325.pdf
[2011/10/28 21:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 21:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 18:32:08 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/10/18 14:05:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/09/07 15:30:40 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.dll
[2011/09/07 15:30:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbavs.dll
[2011/09/07 15:30:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxbacnv4.dll
[2011/09/07 15:30:28 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaserv.dll
[2011/09/07 15:30:28 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbausb1.dll
[2011/09/07 15:30:28 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbahbn3.dll
[2011/09/07 15:30:28 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomc.dll
[2011/09/07 15:30:28 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapmui.dll
[2011/09/07 15:30:28 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbalmpm.dll
[2011/09/07 15:30:28 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacoms.exe
[2011/09/07 15:30:28 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomm.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxbautil.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbainpa.dll
[2011/09/07 15:30:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaiesc.dll
[2011/09/07 15:30:28 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaih.exe
[2011/09/07 15:30:28 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacfg.exe
[2011/09/07 15:30:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXBAhcp.dll
[2011/09/07 15:30:28 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXBAinst.dll
[2011/09/07 15:30:28 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaprox.dll
[2011/09/07 15:30:28 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapplc.dll
[2011/07/27 01:50:41 | 000,077,774 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20110720_182106 (1).pdf
[2011/07/26 10:02:04 | 000,001,794 | ---- | C] () -- C:\WINDOWS\System32\epid2110.dll
[2011/07/26 10:02:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sysgen76.dll
[2011/07/26 01:43:23 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/07/26 01:26:57 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/07/20 19:56:51 | 000,077,774 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20110720_182106.pdf
[2011/07/12 21:34:55 | 000,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/07/12 21:34:55 | 000,025,054 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/07/06 19:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 19:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 15:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 15:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/07/01 00:25:38 | 000,084,782 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110630_144009.pdf
[2011/06/26 19:35:15 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110623_160403 (1).pdf
[2011/06/24 13:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 13:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/23 08:57:45 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110623_160403.pdf
[2011/06/21 15:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/06/11 18:57:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/06/03 21:57:31 | 000,098,974 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110602_155717.pdf
[2011/05/27 20:49:11 | 000,094,558 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110528_192603.pdf
[2011/05/19 11:54:27 | 000,097,518 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110519_153743.pdf
[2011/05/06 14:45:43 | 000,287,520 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/06 14:45:43 | 000,287,520 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/06 14:45:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/05 23:12:48 | 001,760,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2011/05/05 23:12:44 | 000,179,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/05 22:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2011/04/28 23:32:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/28 23:31:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/04/28 23:31:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/28 14:49:38 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2011/04/24 13:16:45 | 000,177,861 | ---- | C] () -- C:\WINDOWS\Addictive Pitts Uninstaller.exe
[2011/04/23 20:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 20:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/20 13:27:37 | 000,000,211 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2011/04/18 21:04:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/09 16:33:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/09 16:33:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/09 16:32:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/04/09 16:32:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/09 16:32:13 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/09 16:32:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/04/06 22:06:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2011/04/06 20:27:58 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 14:44:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/05 14:36:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/04 14:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg
[2011/04/04 13:46:00 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/03 11:40:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\ContextMenuExt.dll
[2011/04/03 01:18:46 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2011/04/03 00:55:53 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/02 15:04:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 15:01:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/02 06:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/02 06:47:51 | 000,163,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/30 15:09:03 | 000,036,044 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
========== ZeroAccess Check ==========
[2011/04/02 15:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 04:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 04:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Base Services ==========
SRV - [2009/06/15 04:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2009/06/15 04:00:00 | 000,023,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2009/06/15 04:00:00 | 000,408,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 05:58:10 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2009/06/15 04:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/06/15 04:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/06/15 04:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/06/15 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/15 04:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 14:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2009/06/15 04:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2009/06/15 04:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2009/06/15 04:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2009/06/15 04:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2009/06/15 04:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2009/06/15 04:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2009/06/15 04:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2009/06/15 04:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/06/15 04:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
No service found with a name of NtmsSvc
SRV - [2009/06/15 04:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2009/06/15 04:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 22:05:07 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/06/15 04:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2009/06/15 04:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2009/06/15 04:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2009/06/15 04:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2009/06/15 04:00:00 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/06/15 04:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2009/06/15 04:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2009/06/15 04:00:00 | 000,330,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/06/15 04:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2009/06/15 04:00:00 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2009/06/15 04:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/06/15 04:00:00 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/06/15 04:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2009/06/15 04:00:00 | 000,483,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 22:17:16 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
< %SYSTEMDRIVE%\*.exe >
[2010/04/05 21:34:58 | 000,019,456 | ---- | M] () -- C:\AudioStudy.exe
[2011/04/30 16:22:40 | 000,081,920 | ---- | M] () -- C:\SppConsole.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: EXPLORER.EXE >
[2009/06/15 04:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) MD5=331257F9A07F1759ADB603D807226DAE -- C:\WINDOWS\explorer.exe
< MD5 for: SERVICES >
[2012/06/24 03:27:08 | 000,034,180 | ---- | M] () MD5=1294D525BA3A331C723111D66E904807 -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\MMC\services
[2009/06/15 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.DAT >
[2011/04/05 14:54:56 | 000,010,240 | ---- | M] () MD5=1E24CF3AED28B5CE64A7BB956B64190D -- C:\Documents and Settings\Jon Kunkel\Application Data\Adobe\Acrobat\10.0\Security\services.dat
< MD5 for: SERVICES.EXE >
[2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\system32\services.exe
< MD5 for: SERVICES.LNK >
[2012/01/29 00:41:11 | 000,001,624 | ---- | M] () MD5=2A7C75ADAFB108FF1A3A3592923991AF -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Administrative Tools\Services.lnk
[2011/04/02 15:04:41 | 000,001,612 | ---- | M] () MD5=7A57F12B57FC8A726EE18269F659A172 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2009/06/15 04:00:00 | 000,092,721 | ---- | M] () MD5=760ECE9A984AA9265F680E4A0CCEA6E9 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >
[2009/06/15 04:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2009/06/15 04:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/06/15 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2009/06/15 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/06/15 04:00:00 | 000,570,368 | ---- | M] (Microsoft Corporation) MD5=50D6EE240E804F638D88E26200D37670 -- C:\WINDOWS\system32\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINSOCK.DLL >
[2009/06/15 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
< End of report >
OTL Extras logfile created on: 12/6/2012 10:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 84.04% Memory free
5.09 Gb Paging File | 4.80 Gb Available in Paging File | 94.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.40 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 14.71 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 0.79 Gb Free Space | 0.53% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 214.93 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 51.68 Gb Free Space | 34.67% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.41 Gb Free Space | 99.49% Space Free | Partition Type: FAT32
Drive L: | 298.09 Gb Total Space | 206.45 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive R: | 93.16 Gb Total Space | 3.78 Gb Free Space | 4.05% Space Free | Partition Type: NTFS
Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer.exe /e, %1 (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [ZoomPlayer.Play] -- "C:\Program Files\Zoom Player\zplayer.exe" "/add:%L" (Inmatrix LTD)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe" = C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\Program Files (x86)\BitSpirit\BitSpirit.exe" = D:\Program Files (x86)\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD Platinum 5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D456CE5-01E4-4DBE-9797-77003A7C8271}" = Microsoft® Measurement Smart Tag Converter
"{2E84A5A4-351E-4B00-9926-F50DBD7481E9}_is1" = SmartPropoPlus version 3.3.10
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFAFEC1-75BB-4773-B996-315503D312D7}" = Microsoft XML Spreadsheet Add-In for Access 2002
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F01560D-8964-4009-8D23-F52838D43648}" = Platinum Collection Diamond DA40 TDI for FSX
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D44070C-86F9-424A-B514-6907E4335BCE}" = PhoenixRC
"{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}" = HexEdit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AEF3482-B7B7-4B94-AF63-B249B9BA9D7F}_is1" = HELI-X 3.0 Demo
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (incl. StarFlight AddOn)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{905D0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio IFilter 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91D8E9BA-6BDB-4559-89CD-633EBED4C385}" = Machete Lite 3.7
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABCC0F95-ECD0-4302-B84F-7F47637AF6CE}" = Virtavia Supermarine Scimitar F1 FSX
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CACFCDD3-87E4-46E9-A940-8A6A920635D3}" = RealFlight G4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.4
"{de4302c4-078c-4350-ace1-a3831025c67a}" = Nero 9
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F543D515-9582-47BA-B236-F079D64D936E}" = G4_EMU
"{F714FFE7-E8CA-4C52-B9B5-06347B664CDA}" = ALS-SIM Flanker B for FSX
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"AC3Filter_is1" = AC3Filter 2.5b
"Addictive Pitts" = Addictive Pitts
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aircraft Factory F4u Corsair" = Aircraft Factory F4u Corsair
"allSnap_is1" = allSnap version 1.33.2
"ASRock IES_is1" = ASRock IES v2.0.90
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.99
"Audacity_is1" = Audacity 2.0.2
"AudioCS" = Creative Audio Console
"avast" = avast! Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Beech B60 Duke Rip" = Beech B60 Duke Rip
"BitSpirit_is1" = BitSpirit v3.6.0.550 Stable
"Bulk Image Downloader_is1" = Bulk Image Downloader v2.2.0.0
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carenado F33A Bonanza" = Carenado F33A Bonanza
"Carenado Mooney M20J FSX" = Carenado Mooney M20J FSX
"Carenado Premium Cessna 210M Centurion II" = Carenado Premium Cessna 210M Centurion II
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Classics Hangar Fw 190 A, The Early Variants" = Classics Hangar Fw 190 A, The Early Variants
"Classics Hangar Fw 190 A, The Late Variants" = Classics Hangar Fw 190 A, The Late Variants
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DCoder Image Source" = DCoder Image Source (remove only)
"DCS A-10C_is1" = DCS A-10C
"Diamond Drive Icon" = Diamond Drive Icon 1.4
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EADM" = EA Download Manager
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"eMule Razorback 3" = eMule Razorback 3
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Firefox" = Firefox v3.0.11 (Remove Only)
"Fw190A_v1.1" = Fw190A_v1.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GetFLV Pro 5.8_is1" = GetFLV Pro 5.8
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.52
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME_is1" = LAME v3.99.3 (for Windows)
"lavfilters_is1" = LAV Filters 0.51.3
"Lexmark X5100 Series" = Lexmark X5100 Series
"Madonote_is1" = Madonote 2004
"MadVR" = MadVR (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxMRU" = Marvell MRU V4
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PA34 200T SENECA II FSX" = PA34 200T SENECA II FSX
"Pack_ALL_Packs_is1" = RSRBR_Pack_ALL_Packs
"pepakura_viewer3en" = Pepakura Viewer 3
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"QuicktimeAlt_is1" = QuickTime Alternative 1.75
"RAZBAM Convair F-102 Delta Dagger for FSX" = RAZBAM Convair F-102 Delta Dagger for FSX
"Razbam The Skyraiders Vol2 FSX version" = Razbam The Skyraiders Vol2 FSX version
"RC Helicopter" = RC Helicopter
"RealAlt_is1" = Real Alternative 1.50
"RealMedia" = RealMedia (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.94
"RSRBR_v2011_is1" = RSRBR2011
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Simraceway" = Simraceway 0.28.42
"SPACESHUTTLE" = Space Shuttle
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Victory" = Victory 0.09.634
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wings of POWER II: WWII FIGHTERS" = Wings of POWER II: WWII FIGHTERS
"Wings of Power: Focke Wulf "Long Nose"" = Wings of Power: Focke Wulf "Long Nose"
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xtreme Prototypes 20 Series Business Jets SP2" = Xtreme Prototypes 20 Series Business Jets SP2
"Xtreme Prototypes X-15-2-3 for Flight Simulator1.0" = Xtreme Prototypes X-15-2-3 for Flight Simulator
"xvid" = Xvid MPEG-4 Video Codec
"XVID Decoder" = XVID Decoder (remove only)
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bellanca Viking Collection Build 4.1" = Bellanca Viking Collection Build 4.1
"Carenado's C SKYLANE II RG R182" = Carenado's C SKYLANE II RG R182
"Flight Replicas CAC Boomerang for FSX" = Flight Replicas CAC Boomerang for FSX
"JustFlight F-117 Nighthawk for FS9 and FSX" = JustFlight F-117 Nighthawk for FS9 and FSX
"MiG-15 by Bear Studios for FSX" = MiG-15 by Bear Studios for FSX
"MusicManager" = Music Manager
"Tailwind Twin Pack" = Tailwind Twin Pack
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/6/2012 11:16:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 11:16:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 11:16:09 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 11:16:09 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 12:47:05 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 12:47:05 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:10 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:10 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%1058
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%1058
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AswRdr
Error - 12/7/2012 1:42:48 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1058
Error - 12/7/2012 2:36:47 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1058
Error - 12/7/2012 2:36:49 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1058
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 84.04% Memory free
5.09 Gb Paging File | 4.80 Gb Available in Paging File | 94.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.40 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 14.71 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 0.79 Gb Free Space | 0.53% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 214.93 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 51.68 Gb Free Space | 34.67% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.41 Gb Free Space | 99.49% Space Free | Partition Type: FAT32
Drive L: | 298.09 Gb Total Space | 206.45 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive R: | 93.16 Gb Total Space | 3.78 Gb Free Space | 4.05% Space Free | Partition Type: NTFS
Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/06 22:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/07/02 17:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 20:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/15 04:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/03 11:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 11:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/05 10:09:25 | 002,036,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12120501\algo.dll
MOD - [2009/06/11 16:11:08 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/08/03 11:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012/11/27 00:07:41 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/07 18:50:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 18:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 12:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ak0trg3a)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/14 15:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 00:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/11/09 06:21:41 | 000,122,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/10/04 02:22:16 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/01 22:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 22:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 22:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 09:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 01:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/08 02:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 03:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 11:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 11:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/17 15:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 15:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 22:37:14 | 000,020,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv91cons.sys -- (mv91cons)
DRV - [2009/06/15 04:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009/06/15 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009/06/15 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2009/06/15 04:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/03 11:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 11:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 11:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledAddons: showmemore@suskind:2.3
FF - prefs.js..extensions.enabledAddons: {524B8EF8-C312-11DB-8039-536F56D89593}:4.39.0.0
FF - prefs.js..extensions.enabledAddons: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledAddons: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:5.14.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.8
FF - prefs.js..extensions.enabledItems: showmemore@suskind:2.3
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:4.39.0.0
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "http://search.yahoo....type=971163&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 16:43:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/28 14:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 12:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/04 12:22:39 | 000,000,000 | ---D | M]
[2011/04/02 15:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2012/11/28 18:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions
[2012/11/25 17:28:28 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/11/25 17:18:44 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2012/11/25 17:16:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/26 21:48:00 | 000,000,000 | ---D | M] (CSHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2012/11/26 21:48:01 | 000,000,000 | ---D | M] (Thumbnail Zoom Plus) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/25 17:16:27 | 000,139,518 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/26 21:42:20 | 000,136,064 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/28 18:29:29 | 000,050,279 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2012/11/25 17:16:27 | 000,089,724 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2012/11/25 17:16:27 | 000,377,191 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/12/04 12:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/04 12:22:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/07 17:11:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 13:54:35 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/28 03:16:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\NDAS Device Management.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 15:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 20:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/12/06 22:57:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2012/12/04 12:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/03 12:42:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/03 12:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2012/12/03 11:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2012/12/03 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/12/03 09:36:55 | 000,110,592 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\kmw_dll.dll
[2012/12/03 09:36:55 | 000,106,496 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\kmw_run.exe
[2012/12/03 09:36:55 | 000,091,648 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_SYS.sys
[2012/12/03 09:36:55 | 000,010,112 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_USB.sys
[2012/12/03 09:36:55 | 000,005,376 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_KBD.sys
[2012/12/03 09:36:55 | 000,004,736 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\KMW_LIB.sys
[2012/12/01 11:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\Reg file backup
[2012/12/01 11:47:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jon Kunkel\Recent
[2012/12/01 11:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/01 11:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Revo Uninstaller
[2012/12/01 11:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/11/27 11:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Sun
[2012/11/27 09:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\Apple Computer
[2012/11/27 00:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/27 00:08:08 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/27 00:08:08 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/27 00:07:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/27 00:07:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/27 00:07:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/27 00:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/11/26 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/11/26 22:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/26 22:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Apple
[2012/11/26 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/26 22:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/11/26 22:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012/11/25 17:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\Firefox sync recovery key
[2012/11/24 13:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2012/11/17 11:21:23 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
[2012/11/12 20:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CompuApps SwissKnife V3
[2012/11/12 20:12:49 | 000,000,000 | ---D | C] -- C:\SWISNIFE
[2012/11/12 20:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/11/11 14:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Music Manager
[2012/11/11 14:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Programs
[2012/11/07 18:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\eMule
[2011/04/23 20:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2012/12/06 22:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2012/12/06 22:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/06 22:27:10 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2012/12/06 22:11:10 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 21:46:32 | 000,825,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/06 21:46:32 | 000,192,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/06 21:44:05 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/06 21:42:52 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/06 21:42:16 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 21:41:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/06 08:48:14 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/06 08:48:14 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2012/12/05 22:18:07 | 000,000,504 | -HS- | M] () -- C:\boot.ini
[2012/12/04 16:49:26 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 10 Photo Manager.lnk
[2012/12/03 09:57:05 | 000,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/02 14:27:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2012/12/02 03:23:50 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.CDF
[2012/12/02 03:23:50 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.BAK
[2012/11/28 14:39:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/28 03:16:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/27 00:07:43 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/27 00:07:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/27 00:07:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/27 00:07:39 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/27 00:07:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/27 00:07:37 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/27 00:07:37 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/24 13:10:10 | 000,001,423 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Google Drive.lnk
[2012/11/12 20:12:49 | 000,000,543 | ---- | M] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 20:12:49 | 000,000,287 | ---- | M] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 18:26:41 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/11/07 18:50:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/07 18:50:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/07 18:15:12 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\eMule.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2100/02/23 17:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2012/12/03 11:58:35 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/12/03 09:36:55 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2012/12/01 16:03:09 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000009-00000000-00000000-00001102-00000004-10051102}.BAK
[2012/11/26 22:08:28 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/11/26 21:46:38 | 000,251,575 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/24 13:10:10 | 000,001,423 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Google Drive.lnk
[2012/11/24 13:06:40 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 13:06:39 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 20:12:50 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/11/12 20:12:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/11/12 20:12:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 20:12:49 | 000,000,344 | ---- | C] () -- C:\WINDOWS\DYNASN.INF
[2012/11/12 20:12:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 20:12:35 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/11/12 17:58:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/11/11 14:22:54 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2012/11/11 14:22:53 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2012/11/07 18:50:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/07 18:50:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/07 18:14:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\eMule.lnk
[2012/10/28 14:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 14:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 14:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 14:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 08:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/06/20 15:29:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\mvraidver.dat
[2012/05/24 02:16:33 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Realflight.INI
[2012/05/24 01:28:10 | 000,000,249 | ---- | C] () -- C:\WINDOWS\emug3.ini
[2012/03/21 18:54:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/29 23:53:48 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 18:20:03 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2012/02/03 18:18:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 01:31:46 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/22 01:06:37 | 000,013,656 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/11/23 18:39:29 | 000,119,248 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111123_162741.pdf
[2011/11/02 20:20:08 | 000,119,792 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111102_190325.pdf
[2011/10/28 21:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 21:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 18:32:08 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/10/18 14:05:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/09/07 15:30:40 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.dll
[2011/09/07 15:30:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbavs.dll
[2011/09/07 15:30:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxbacnv4.dll
[2011/09/07 15:30:28 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaserv.dll
[2011/09/07 15:30:28 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbausb1.dll
[2011/09/07 15:30:28 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbahbn3.dll
[2011/09/07 15:30:28 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomc.dll
[2011/09/07 15:30:28 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapmui.dll
[2011/09/07 15:30:28 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbalmpm.dll
[2011/09/07 15:30:28 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacoms.exe
[2011/09/07 15:30:28 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacomm.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxbautil.dll
[2011/09/07 15:30:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbainpa.dll
[2011/09/07 15:30:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaiesc.dll
[2011/09/07 15:30:28 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaih.exe
[2011/09/07 15:30:28 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbacfg.exe
[2011/09/07 15:30:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXBAhcp.dll
[2011/09/07 15:30:28 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXBAinst.dll
[2011/09/07 15:30:28 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbaprox.dll
[2011/09/07 15:30:28 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxbapplc.dll
[2011/07/27 01:50:41 | 000,077,774 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20110720_182106 (1).pdf
[2011/07/26 10:02:04 | 000,001,794 | ---- | C] () -- C:\WINDOWS\System32\epid2110.dll
[2011/07/26 10:02:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sysgen76.dll
[2011/07/26 01:43:23 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/07/26 01:26:57 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/07/20 19:56:51 | 000,077,774 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20110720_182106.pdf
[2011/07/12 21:34:55 | 000,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/07/12 21:34:55 | 000,025,054 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/07/06 19:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 19:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 15:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 15:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/07/01 00:25:38 | 000,084,782 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110630_144009.pdf
[2011/06/26 19:35:15 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110623_160403 (1).pdf
[2011/06/24 13:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 13:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/23 08:57:45 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110623_160403.pdf
[2011/06/21 15:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/06/11 18:57:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/06/03 21:57:31 | 000,098,974 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110602_155717.pdf
[2011/05/27 20:49:11 | 000,094,558 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110528_192603.pdf
[2011/05/19 11:54:27 | 000,097,518 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110519_153743.pdf
[2011/05/06 14:45:43 | 000,287,520 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/06 14:45:43 | 000,287,520 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/06 14:45:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/05 23:12:48 | 001,760,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2011/05/05 23:12:44 | 000,179,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/05 22:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2011/04/28 23:32:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/28 23:31:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/04/28 23:31:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/28 14:49:38 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2011/04/24 13:16:45 | 000,177,861 | ---- | C] () -- C:\WINDOWS\Addictive Pitts Uninstaller.exe
[2011/04/23 20:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 20:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/20 13:27:37 | 000,000,211 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2011/04/18 21:04:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/09 16:33:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/09 16:33:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/09 16:32:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/04/09 16:32:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/09 16:32:13 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/09 16:32:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/04/06 22:06:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2011/04/06 20:27:58 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 14:44:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/05 14:36:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/04 14:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg
[2011/04/04 13:46:00 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/03 11:40:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\ContextMenuExt.dll
[2011/04/03 01:18:46 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2011/04/03 00:55:53 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/02 15:04:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 15:01:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/02 06:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/02 06:47:51 | 000,163,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/30 15:09:03 | 000,036,044 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
========== ZeroAccess Check ==========
[2011/04/02 15:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 04:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 04:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Base Services ==========
SRV - [2009/06/15 04:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2009/06/15 04:00:00 | 000,023,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2009/06/15 04:00:00 | 000,408,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 05:58:10 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2009/06/15 04:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/06/15 04:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/06/15 04:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/06/15 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/15 04:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 14:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2009/06/15 04:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2009/06/15 04:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2009/06/15 04:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2009/06/15 04:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2009/06/15 04:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2009/06/15 04:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2009/06/15 04:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2009/06/15 04:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/06/15 04:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
No service found with a name of NtmsSvc
SRV - [2009/06/15 04:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2009/06/15 04:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 22:05:07 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/06/15 04:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2009/06/15 04:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2009/06/15 04:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2009/06/15 04:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2009/06/15 04:00:00 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/06/15 04:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2009/06/15 04:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2009/06/15 04:00:00 | 000,330,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/06/15 04:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2009/06/15 04:00:00 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2009/06/15 04:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/06/15 04:00:00 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/06/15 04:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2009/06/15 04:00:00 | 000,483,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 22:17:16 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
< %SYSTEMDRIVE%\*.exe >
[2010/04/05 21:34:58 | 000,019,456 | ---- | M] () -- C:\AudioStudy.exe
[2011/04/30 16:22:40 | 000,081,920 | ---- | M] () -- C:\SppConsole.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: EXPLORER.EXE >
[2009/06/15 04:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) MD5=331257F9A07F1759ADB603D807226DAE -- C:\WINDOWS\explorer.exe
< MD5 for: SERVICES >
[2012/06/24 03:27:08 | 000,034,180 | ---- | M] () MD5=1294D525BA3A331C723111D66E904807 -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\MMC\services
[2009/06/15 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.DAT >
[2011/04/05 14:54:56 | 000,010,240 | ---- | M] () MD5=1E24CF3AED28B5CE64A7BB956B64190D -- C:\Documents and Settings\Jon Kunkel\Application Data\Adobe\Acrobat\10.0\Security\services.dat
< MD5 for: SERVICES.EXE >
[2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/06/15 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\system32\services.exe
< MD5 for: SERVICES.LNK >
[2012/01/29 00:41:11 | 000,001,624 | ---- | M] () MD5=2A7C75ADAFB108FF1A3A3592923991AF -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Administrative Tools\Services.lnk
[2011/04/02 15:04:41 | 000,001,612 | ---- | M] () MD5=7A57F12B57FC8A726EE18269F659A172 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2009/06/15 04:00:00 | 000,092,721 | ---- | M] () MD5=760ECE9A984AA9265F680E4A0CCEA6E9 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >
[2009/06/15 04:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2009/06/15 04:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/06/15 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2009/06/15 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/06/15 04:00:00 | 000,570,368 | ---- | M] (Microsoft Corporation) MD5=50D6EE240E804F638D88E26200D37670 -- C:\WINDOWS\system32\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINSOCK.DLL >
[2009/06/15 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
< End of report >
OTL Extras logfile created on: 12/6/2012 10:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 84.04% Memory free
5.09 Gb Paging File | 4.80 Gb Available in Paging File | 94.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.40 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 14.71 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 0.79 Gb Free Space | 0.53% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 214.93 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 51.68 Gb Free Space | 34.67% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.41 Gb Free Space | 99.49% Space Free | Partition Type: FAT32
Drive L: | 298.09 Gb Total Space | 206.45 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive R: | 93.16 Gb Total Space | 3.78 Gb Free Space | 4.05% Space Free | Partition Type: NTFS
Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer.exe /e, %1 (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [ZoomPlayer.Play] -- "C:\Program Files\Zoom Player\zplayer.exe" "/add:%L" (Inmatrix LTD)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe" = C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\Program Files (x86)\BitSpirit\BitSpirit.exe" = D:\Program Files (x86)\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD Platinum 5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D456CE5-01E4-4DBE-9797-77003A7C8271}" = Microsoft® Measurement Smart Tag Converter
"{2E84A5A4-351E-4B00-9926-F50DBD7481E9}_is1" = SmartPropoPlus version 3.3.10
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFAFEC1-75BB-4773-B996-315503D312D7}" = Microsoft XML Spreadsheet Add-In for Access 2002
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F01560D-8964-4009-8D23-F52838D43648}" = Platinum Collection Diamond DA40 TDI for FSX
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D44070C-86F9-424A-B514-6907E4335BCE}" = PhoenixRC
"{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}" = HexEdit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AEF3482-B7B7-4B94-AF63-B249B9BA9D7F}_is1" = HELI-X 3.0 Demo
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (incl. StarFlight AddOn)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{905D0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio IFilter 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91D8E9BA-6BDB-4559-89CD-633EBED4C385}" = Machete Lite 3.7
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABCC0F95-ECD0-4302-B84F-7F47637AF6CE}" = Virtavia Supermarine Scimitar F1 FSX
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CACFCDD3-87E4-46E9-A940-8A6A920635D3}" = RealFlight G4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.4
"{de4302c4-078c-4350-ace1-a3831025c67a}" = Nero 9
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F543D515-9582-47BA-B236-F079D64D936E}" = G4_EMU
"{F714FFE7-E8CA-4C52-B9B5-06347B664CDA}" = ALS-SIM Flanker B for FSX
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"AC3Filter_is1" = AC3Filter 2.5b
"Addictive Pitts" = Addictive Pitts
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aircraft Factory F4u Corsair" = Aircraft Factory F4u Corsair
"allSnap_is1" = allSnap version 1.33.2
"ASRock IES_is1" = ASRock IES v2.0.90
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.99
"Audacity_is1" = Audacity 2.0.2
"AudioCS" = Creative Audio Console
"avast" = avast! Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Beech B60 Duke Rip" = Beech B60 Duke Rip
"BitSpirit_is1" = BitSpirit v3.6.0.550 Stable
"Bulk Image Downloader_is1" = Bulk Image Downloader v2.2.0.0
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carenado F33A Bonanza" = Carenado F33A Bonanza
"Carenado Mooney M20J FSX" = Carenado Mooney M20J FSX
"Carenado Premium Cessna 210M Centurion II" = Carenado Premium Cessna 210M Centurion II
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Classics Hangar Fw 190 A, The Early Variants" = Classics Hangar Fw 190 A, The Early Variants
"Classics Hangar Fw 190 A, The Late Variants" = Classics Hangar Fw 190 A, The Late Variants
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DCoder Image Source" = DCoder Image Source (remove only)
"DCS A-10C_is1" = DCS A-10C
"Diamond Drive Icon" = Diamond Drive Icon 1.4
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EADM" = EA Download Manager
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"eMule Razorback 3" = eMule Razorback 3
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Firefox" = Firefox v3.0.11 (Remove Only)
"Fw190A_v1.1" = Fw190A_v1.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GetFLV Pro 5.8_is1" = GetFLV Pro 5.8
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.52
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME_is1" = LAME v3.99.3 (for Windows)
"lavfilters_is1" = LAV Filters 0.51.3
"Lexmark X5100 Series" = Lexmark X5100 Series
"Madonote_is1" = Madonote 2004
"MadVR" = MadVR (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxMRU" = Marvell MRU V4
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PA34 200T SENECA II FSX" = PA34 200T SENECA II FSX
"Pack_ALL_Packs_is1" = RSRBR_Pack_ALL_Packs
"pepakura_viewer3en" = Pepakura Viewer 3
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"QuicktimeAlt_is1" = QuickTime Alternative 1.75
"RAZBAM Convair F-102 Delta Dagger for FSX" = RAZBAM Convair F-102 Delta Dagger for FSX
"Razbam The Skyraiders Vol2 FSX version" = Razbam The Skyraiders Vol2 FSX version
"RC Helicopter" = RC Helicopter
"RealAlt_is1" = Real Alternative 1.50
"RealMedia" = RealMedia (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.94
"RSRBR_v2011_is1" = RSRBR2011
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Simraceway" = Simraceway 0.28.42
"SPACESHUTTLE" = Space Shuttle
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Victory" = Victory 0.09.634
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wings of POWER II: WWII FIGHTERS" = Wings of POWER II: WWII FIGHTERS
"Wings of Power: Focke Wulf "Long Nose"" = Wings of Power: Focke Wulf "Long Nose"
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xtreme Prototypes 20 Series Business Jets SP2" = Xtreme Prototypes 20 Series Business Jets SP2
"Xtreme Prototypes X-15-2-3 for Flight Simulator1.0" = Xtreme Prototypes X-15-2-3 for Flight Simulator
"xvid" = Xvid MPEG-4 Video Codec
"XVID Decoder" = XVID Decoder (remove only)
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bellanca Viking Collection Build 4.1" = Bellanca Viking Collection Build 4.1
"Carenado's C SKYLANE II RG R182" = Carenado's C SKYLANE II RG R182
"Flight Replicas CAC Boomerang for FSX" = Flight Replicas CAC Boomerang for FSX
"JustFlight F-117 Nighthawk for FS9 and FSX" = JustFlight F-117 Nighthawk for FS9 and FSX
"MiG-15 by Bear Studios for FSX" = MiG-15 by Bear Studios for FSX
"MusicManager" = Music Manager
"Tailwind Twin Pack" = Tailwind Twin Pack
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/6/2012 11:16:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 11:16:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 11:16:09 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 11:16:09 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 12:47:05 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/6/2012 12:47:05 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:05 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:10 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/7/2012 1:42:10 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%1058
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%1058
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 12/7/2012 1:42:45 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AswRdr
Error - 12/7/2012 1:42:48 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1058
Error - 12/7/2012 2:36:47 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1058
Error - 12/7/2012 2:36:49 AM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1058
< End of report >
#5
Posted 07 December 2012 - 03:30 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi are all your computers running XP, and were you using a custom TCPIP file as opposed to the MS one ?
Download the attached Avast fix zip file to a USB
[attachment=61873:avastfix.zip]
Copy to all affected XP systems
Extract the files to their own folder on the desktop
Right click Avast and select Avast shields Control
Select Disable permanently
Open the Avastfix folder and double click TCPIP.bat
The computer will reboot
When the computer restarts then immediately update Avast
Once rebooted could you let me know of any remaining problems
Download the attached Avast fix zip file to a USB
[attachment=61873:avastfix.zip]
Copy to all affected XP systems
Extract the files to their own folder on the desktop
Right click Avast and select Avast shields Control
Select Disable permanently
Open the Avastfix folder and double click TCPIP.bat
The computer will reboot
When the computer restarts then immediately update Avast
Once rebooted could you let me know of any remaining problems
#6
Posted 08 December 2012 - 02:42 AM
jlk69
- Topic Starter
-
- Member
-
- 97 posts
Member
Wow, after resetting router and modem I got all other computers online. Then after running your Avast fix my main is running good too! I was fearing this might me be a major infection. Thank you for all your help. Don't know about the TCPIP file. Laptop seams fine as AVG is running.
Edited by jlk69, 08 December 2012 - 02:44 AM.
#7
Posted 08 December 2012 - 05:30 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
There was a false positive in one of the Avast updates where any unknown (i.e. Non_MS tcpip) in XP was reported as a malware file. Moving to the chest would have enabled you to restore it and get functionality back, but deletion removed that option. I would recommend that you move to chest before even considering deletion
Are there any outstanding problems ?
Are there any outstanding problems ?
#8
Posted 08 December 2012 - 03:40 PM
jlk69
- Topic Starter
-
- Member
-
- 97 posts
Member
Seams to be running fine.
#9
Posted 08 December 2012 - 04:51 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
#10
Posted 10 December 2012 - 09:26 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
