Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All Search virus [Solved]

Started by jlk69 , Apr 16 2013 10:06 PM

  • This topic is locked This topic is locked

#1
jlk69
Posted 16 April 2013 - 10:06 PM

jlk69

    Member

  • Member
  • PipPip
  • 97 posts
Infected with All Search home page hi-jack. OTL Log:OTL logfile created on: 4/16/2013 8:24:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.55% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 33.44 Gb Free Space | 11.97% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 18.27 Gb Free Space | 1.31% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 2.08 Gb Free Space | 1.39% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 92.62 Gb Free Space | 31.07% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive K: | 93.16 Gb Total Space | 2.54 Gb Free Space | 2.72% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 199.91 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/16 19:52:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
PRC - [2013/04/12 01:29:49 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 15:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/02/19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/11/28 01:01:54 | 001,726,976 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
PRC - [2012/11/26 06:30:18 | 000,687,104 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2010/07/02 18:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 21:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/15 05:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2006/08/03 12:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/12 01:29:47 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/11 23:23:32 | 016,032,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/28 01:01:54 | 001,726,976 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
MOD - [2012/11/26 06:30:18 | 000,687,104 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/05/21 18:05:24 | 003,449,856 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2011/06/14 16:40:28 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
MOD - [2010/10/22 10:56:26 | 000,133,632 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\Clock.dll
MOD - [2009/06/15 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2009/06/11 17:11:08 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/02/06 20:21:36 | 000,200,704 | ---- | M] () -- C:\Program Files\ImageConverter Plus\gpgate.dll
MOD - [2009/02/06 19:44:00 | 006,770,688 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fpdf.dll
MOD - [2009/02/06 19:42:28 | 001,343,488 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcnv.dll
MOD - [2009/02/06 19:29:30 | 000,020,992 | ---- | M] () -- C:\Program Files\ImageConverter Plus\MemHandler.dll
MOD - [2009/02/06 19:28:08 | 001,163,264 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcrtl.dll
MOD - [2008/08/12 03:18:42 | 000,148,480 | ---- | M] () -- C:\Program Files\Zoom Player\zpshlext.dll
MOD - [2008/01/17 10:17:16 | 000,073,782 | ---- | M] () -- C:\Program Files\Marvell\raid\Apache2\bin\zlib1.dll
MOD - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
MOD - [2004/09/12 10:17:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ContextMenuExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2013/04/11 23:23:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/02 20:04:10 | 000,170,912 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/26 06:30:18 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 19:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\JONKUN~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw0c9jlg)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/12/29 20:55:36 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mi2c.sys -- (mi2c)
DRV - [2012/07/14 16:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/11/09 07:21:41 | 000,122,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/10/04 03:22:16 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/01 23:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 10:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 02:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/08 03:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 04:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/17 16:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 23:37:14 | 000,020,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv91cons.sys -- (mv91cons)
DRV - [2009/06/15 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009/06/15 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009/06/15 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2009/06/15 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/03 12:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 12:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 12:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2001/07/13 14:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://proxy.allsear....com/app/start/
IE - HKCU\..\SearchScopes,DefaultScope = {43682B77-B546-4606-A6AD-D81710E1AB36}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{43682B77-B546-4606-A6AD-D81710E1AB36}: "URL" = http://proxy.allsear...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledAddons: showmemore@suskind:2.3
FF - prefs.js..extensions.enabledAddons: {524B8EF8-C312-11DB-8039-536F56D89593}:4.39.0.0
FF - prefs.js..extensions.enabledAddons: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledAddons: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:5.14.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.8
FF - prefs.js..extensions.enabledItems: showmemore@suskind:2.3
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:4.39.0.0
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "http://search.yahoo....type=971163&p="

FF - user.js..browser.startup.homepage: "http://proxy.allsear...com/app/start/"
FF - user.js..browser.search.defaultenginename: "All Search"
FF - user.js..browser.search.defaultenginename: "All Search"
FF - user.js..extensions.enabledAddons: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 17:43:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 01:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 01:29:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Social Privacy\FF\

[2011/04/02 16:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2013/03/22 10:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions
[2012/11/25 18:28:28 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/11/25 18:18:44 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2013/02/23 09:41:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/26 22:48:00 | 000,000,000 | ---D | M] (CSHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2013/02/04 15:32:14 | 000,000,000 | ---D | M] (ImageTools) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2013/01/12 10:01:12 | 000,052,187 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/25 18:16:27 | 000,139,518 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2013/03/22 10:07:11 | 000,161,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\[email protected]
[2012/11/28 19:29:29 | 000,050,279 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2013/01/29 09:36:13 | 000,095,463 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2012/12/29 11:32:51 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/04/16 09:28:03 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\searchplugins\all search.xml
[2013/04/12 09:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 09:27:04 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/02/24 22:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content
[2013/02/24 22:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults
[2013/04/12 01:29:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/07 18:11:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/01 01:43:58 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/16 19:35:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 3.0) - {C0114F18-AC58-4188-9C8B-3FE75FAFCA77} - C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKCU..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O4 - HKCU..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
O4 - Startup: C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 66.228.116.178,66.228.116.179
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com\Background Switcher\ActiveBackground.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 16:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 21:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/16 19:52:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/16 19:50:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2013/04/16 19:41:47 | 000,858,275 | ---- | C] (Swearware) -- C:\Documents and Settings\Jon Kunkel\My Documents\ComboFix.exe
[2013/04/16 19:40:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/04/16 19:22:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/04/16 19:22:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/04/16 19:22:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/04/16 19:22:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/04/16 19:21:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/16 19:19:39 | 005,054,270 | R--- | C] (Swearware) -- C:\Documents and Settings\Jon Kunkel\Desktop\ComboFix.exe
[2013/04/12 22:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG2013
[2013/04/12 22:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\TuneUp Software
[2013/04/12 22:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/12 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/12 22:30:19 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/04/12 22:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/04/12 21:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\MFAData
[2013/04/12 21:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Avg2013
[2013/04/12 09:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Blu Dot Clock
[2013/04/12 09:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\AppData
[2013/04/12 09:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Helper
[2013/04/12 09:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Free Converter
[2013/04/12 09:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Social Privacy
[2013/04/12 09:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Shield
[2013/04/12 09:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\dnsshield
[2013/04/12 09:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atomic Alarm Clock
[2013/04/12 09:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Atomic Alarm Clock
[2013/04/12 01:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/10 23:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\RealFlight G5
[2013/04/07 21:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/04/05 22:06:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\Dropbox
[2013/04/05 22:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/04/05 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Dropbox
[2013/04/05 22:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox
[2011/04/23 21:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2013/04/16 20:24:28 | 000,858,275 | ---- | M] (Swearware) -- C:\Documents and Settings\Jon Kunkel\My Documents\ComboFix.exe
[2013/04/16 20:16:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 19:52:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2013/04/16 19:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/16 19:39:08 | 000,858,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/16 19:39:08 | 000,199,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/16 19:35:47 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\AtomicAlarmClock.ini
[2013/04/16 19:35:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/16 19:34:46 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 19:34:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/16 19:32:28 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/04/16 19:32:28 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/04/16 19:32:28 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/04/16 19:32:28 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/04/16 19:32:28 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/04/16 19:21:17 | 005,054,270 | R--- | M] (Swearware) -- C:\Documents and Settings\Jon Kunkel\Desktop\ComboFix.exe
[2013/04/16 18:32:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2013/04/16 18:32:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2013/04/16 10:34:01 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Bitspirit Downloads.lnk
[2013/04/16 10:32:14 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/16 09:28:03 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\shield check.job
[2013/04/13 10:07:10 | 000,000,249 | ---- | M] () -- C:\WINDOWS\emug3.ini
[2013/04/13 09:56:16 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Realflight.INI
[2013/04/12 20:53:34 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/12 09:28:17 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Blu Dot Clock.lnk
[2013/04/12 09:27:15 | 000,000,032 | ---- | M] () -- C:\END
[2013/04/12 09:26:55 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Browser.lnk
[2013/04/12 09:26:33 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/04/08 14:34:12 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013/04/06 23:19:06 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 10 Photo Manager.lnk
[2013/04/06 07:49:04 | 000,000,504 | -HS- | M] () -- C:\boot.ini
[2013/04/05 22:02:52 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/31 09:07:48 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2013/04/16 19:22:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/16 19:22:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/16 19:22:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/16 19:22:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/16 19:22:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/16 10:34:01 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Bitspirit Downloads.lnk
[2013/04/12 09:28:17 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Blu Dot Clock.lnk
[2013/04/12 09:28:17 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Blu Dot Clock.lnk
[2013/04/12 09:27:12 | 000,000,032 | ---- | C] () -- C:\END
[2013/04/12 09:26:55 | 000,001,148 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Browser.lnk
[2013/04/12 09:26:55 | 000,000,494 | ---- | C] () -- C:\WINDOWS\tasks\shield check.job
[2013/04/12 09:26:33 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/04/12 09:23:22 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\AtomicAlarmClock.ini
[2013/04/05 22:02:52 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/16 23:06:28 | 000,296,218 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2013/02/16 23:06:28 | 000,179,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/31 16:21:02 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2012/12/03 10:36:55 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2012/11/26 22:46:38 | 000,251,575 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/12 21:12:50 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/11/12 21:12:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/11/12 21:12:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 21:12:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 21:12:35 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 15:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 15:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 09:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/06/20 16:29:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\mvraidver.dat
[2012/05/24 03:16:33 | 000,000,158 | ---- | C] () -- C:\WINDOWS\Realflight.INI
[2012/05/24 02:28:10 | 000,000,249 | ---- | C] () -- C:\WINDOWS\emug3.ini
[2012/03/21 19:54:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/01 00:53:48 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 19:20:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2012/02/03 19:18:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 02:31:46 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/22 02:06:37 | 000,013,656 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/11/23 19:39:29 | 000,119,248 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111123_162741.pdf
[2011/11/02 21:20:08 | 000,119,792 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20111102_190325.pdf
[2011/10/28 22:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 22:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 19:32:08 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/10/18 15:05:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/07/27 02:50:41 | 000,077,774 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20110720_182106 (1).pdf
[2011/07/26 11:02:04 | 000,001,794 | ---- | C] () -- C:\WINDOWS\System32\epid2110.dll
[2011/07/26 11:02:04 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sysgen76.dll
[2011/07/26 02:43:23 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/07/26 02:26:57 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/07/20 20:56:51 | 000,077,774 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M620N_20110720_182106.pdf
[2011/07/12 22:34:55 | 000,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/07/12 22:34:55 | 000,025,054 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/07/06 20:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 20:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 16:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 16:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/07/01 01:25:38 | 000,084,782 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110630_144009.pdf
[2011/06/26 20:35:15 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110623_160403 (1).pdf
[2011/06/24 14:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 14:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/23 09:57:45 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110623_160403.pdf
[2011/06/21 16:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/06/11 19:57:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/06/03 22:57:31 | 000,098,974 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110602_155717.pdf
[2011/05/27 21:49:11 | 000,094,558 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110528_192603.pdf
[2011/05/19 12:54:27 | 000,097,518 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\MX-M350N_20110519_153743.pdf
[2011/05/06 15:45:43 | 000,287,520 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/06 15:45:43 | 000,287,520 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/06 15:45:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/05 23:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2011/04/29 00:32:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/29 00:31:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/04/29 00:31:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/04/28 15:49:38 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2011/04/24 14:16:45 | 000,177,861 | ---- | C] () -- C:\WINDOWS\Addictive Pitts Uninstaller.exe
[2011/04/23 21:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 21:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/20 14:27:37 | 000,000,211 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2011/04/18 22:04:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2011/04/06 21:27:58 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 15:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg

========== ZeroAccess Check ==========

[2011/04/02 16:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 05:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 05:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/03 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/04/12 23:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/03 13:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/04/12 23:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/11/12 21:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/07/22 21:30:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/11 12:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2013/04/12 21:16:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/14 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/11 12:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/25 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/09/07 11:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
[2013/04/16 18:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/18 22:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2012/10/15 21:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/05/07 01:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/06/11 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2012/12/12 04:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual RC Pro
[2011/04/23 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/05/01 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WOP
[2012/09/21 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AC3Filter
[2011/04/03 11:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2012/12/21 02:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2011/04/03 13:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2013/04/12 22:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG2013
[2011/05/04 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2012/12/17 16:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DAEMON Tools Lite
[2012/06/10 17:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DDMSettings
[2011/04/05 08:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2011/05/20 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2013/04/16 19:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox
[2011/04/20 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2012/11/07 19:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2011/04/06 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2012/09/13 09:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\IObit
[2011/04/03 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/03 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2012/09/04 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Leadertech
[2011/06/15 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2011/07/16 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2011/05/27 19:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2013/04/12 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\TuneUp Software
[2012/09/28 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\VideoRipper
[2013/04/14 14:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2011/05/05 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay

========== Purity Check ==========



< End of report > Combofix Log:ComboFix 13-04-15.01 - Jon Kunkel 04/16/2013 19:24:42.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2425 [GMT -7:00]
Running from: c:\documents and settings\Jon Kunkel\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jon Kunkel\Application Data\vso_ts_preview.xml
c:\documents and settings\Jon Kunkel\My Documents\ComboFix.exe
c:\program files\Social Privacy\FF
c:\program files\Social Privacy\FF\chrome.manifest
c:\program files\Social Privacy\FF\chrome\content\icon.png
c:\program files\Social Privacy\FF\chrome\content\main.js
c:\program files\Social Privacy\FF\chrome\content\overlay.xul
c:\program files\Social Privacy\FF\install.rdf
c:\program files\Social Privacy\sp.Dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
G:\install.exe
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-13 05:32 . 2013-04-13 05:32 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\AVG2013
2013-04-13 05:31 . 2013-04-13 05:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-04-13 05:31 . 2013-04-13 05:31 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\TuneUp Software
2013-04-13 05:30 . 2013-04-13 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-04-13 05:30 . 2013-04-13 05:30 -------- d-----w- C:\$AVG
2013-04-13 05:29 . 2013-04-13 05:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2013-04-13 05:29 . 2013-04-13 05:29 -------- d-----w- c:\program files\AVG
2013-04-13 04:16 . 2013-04-13 05:34 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Avg2013
2013-04-13 04:16 . 2013-04-13 04:16 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\MFAData
2013-04-12 16:28 . 2013-04-12 16:28 -------- d-----w- c:\program files\Blu Dot Clock
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\UpdatusUser\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\Jon Kunkel\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\program files\File Type Helper
2013-04-12 16:26 . 2013-04-12 16:27 -------- d-----w- c:\program files\Fast Free Converter
2013-04-12 16:24 . 2013-04-17 02:30 -------- d-----w- c:\program files\Social Privacy
2013-04-12 16:24 . 2013-04-12 16:26 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Shield
2013-04-12 16:24 . 2013-04-12 16:24 -------- d-----w- c:\program files\dnsshield
2013-04-12 16:23 . 2013-04-12 16:23 -------- d-----w- c:\program files\Atomic Alarm Clock
2013-04-06 05:02 . 2013-04-06 05:02 -------- d-----w- c:\program files\Dropbox
2013-04-06 05:01 . 2013-04-17 02:36 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 02:33 . 2012-01-17 07:59 7304 ----a-w- c:\windows\TMP0001.TMP
2013-04-12 06:23 . 2012-04-04 18:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 06:23 . 2011-05-17 09:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 21:34 . 2011-04-29 07:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-08 21:34 . 2011-04-29 07:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-08 21:34 . 2011-04-29 07:31 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-04-04 21:50 . 2012-01-13 22:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 22:32 . 2011-07-26 17:38 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2010-11-12 20:19 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-08 11:37 . 2010-09-07 10:48 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2010-12-08 11:12 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2010-09-07 10:48 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-03 03:04 . 2013-02-03 03:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-03 03:04 . 2013-02-03 03:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-03 03:04 . 2012-11-27 08:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-03 03:04 . 2011-04-03 22:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-12 08:29 . 2013-04-12 08:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-01 11:19 25876912 --sh--w- c:\windows\setupa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-06-15 12:00 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-06-15 . 50D6EE240E804F638D88E26200D37670 . 570368 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
.
[-] 2009-06-15 . D075177EBE8735C080831BE2E99941CC . 575488 . . [5.1.2600.5577] . . c:\windows\system32\user32.dll
.
[-] 2009-06-15 . 331257F9A07F1759ADB603D807226DAE . 1789440 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2009-06-15 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-06-15 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-06-15 . F0005C4A59B7AB05602881F074D5FA1F . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2009-06-15 . 7A1FF5DBF9AAE2187B9BA790DE838443 . 671072 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2009-06-15 . 448937CF6D5D4A4009532DF67B205F92 . 32256 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C0114F18-AC58-4188-9C8B-3FE75FAFCA77}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASRockOCTuner"="c:\program files\ASRock Utility\OCTuner\ASROC.exe" [2010-07-03 5332488]
"ASRockIES"="c:\program files\ASRock Utility\IES\AsrIes.exe" [2010-07-02 7990280]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2012-11-28 1726976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
.
c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe [2013-4-4 25863280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-3 576000]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AcBtnMgr_X63.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AcBtnMgr_X63.exe.lnk
backup=c:\windows\pss\AcBtnMgr_X63.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ACMonitor_X63.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ACMonitor_X63.exe.lnk
backup=c:\windows\pss\ACMonitor_X63.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^allSnap.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\allSnap.lnk
backup=c:\windows\pss\allSnap.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^SpeedFan.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 19:53 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 08:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-20 00:30 45632 ----a-w- c:\windows\system32\TaskSwitch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 08:00 45056 ------w- c:\program files\Creative\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-06-15 12:00 37376 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2009-06-15 12:00 57344 ----a-w- c:\windows\Resources\DiamondStyle\Diamond Drive Icon\DrvIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-04-03 06:10 11857920 ----a-w- c:\program files\Electronic Arts\EADM\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-11 22:22 116648 ----atw- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2009-06-15 12:00 65536 ----a-w- c:\windows\Resources\DiamondStyle\LClock\LClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxamsp32.exe]
2001-10-19 23:25 45056 ----a-w- c:\windows\system32\LXAMSP32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRUTray]
2009-10-09 08:57 741376 ----a-w- c:\program files\Marvell\raid\tray\MarvellTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2009-06-15 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-01-22 19:29 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-12-17 19:35 15467840 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-12-17 19:35 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-22 09:59 19552360 ----a-r- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 21:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows7Taskbar]
2009-06-15 12:00 331776 ----a-w- c:\windows\Resources\DiamondStyle\Windows 7 Taskbar\Windows7Taskbar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IDriverT"=3 (0x3)
"Application Updater"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Simraceway Update Service"=2 (0x2)
"LexBceS"=2 (0x2)
"Marvell RAID"=2 (0x2)
"ndassvc"=2 (0x2)
"LBTServ"=3 (0x3)
"CiSvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"IntuitUpdateServiceV4"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\raid\\Apache2\\bin\\httpd.exe"=
"d:\\Program Files (x86)\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files (x86)\\eMule\\emule.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Documents and Settings\\Jon Kunkel\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"k:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 39224]
R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [10/26/2009 11:37 PM 20008]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/13/2012 9:07 AM 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/3/2011 12:18 PM 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/4/2012 5:59 PM 12184]
R2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [12/29/2012 8:55 PM 18224]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\raid\Apache2\bin\httpd.exe [6/12/2008 1:05 PM 24635]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [11/12/2012 9:12 PM 14976]
R3 AsrOcDrv;AsrOcDrv;\??\c:\windows\system32\Drivers\AsrOcDrv.sys --> c:\windows\system32\Drivers\AsrOcDrv.sys [?]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [3/18/2010 8:40 PM 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/15/2012 9:37 PM 77624]
R3 IesDrv;IesDrv;\??\c:\windows\system32\Drivers\IesDrv.sys --> c:\windows\system32\Drivers\IesDrv.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [7/26/2011 2:35 AM 139648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/23/2011 12:14 PM 1691480]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2012 11:27 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/4/2012 7:23 PM 35776]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [11/5/2012 10:12 PM 13440]
S4 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\raid\svc\mvraidsvc.exe [10/13/2009 7:46 PM 151552]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASROCDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:23]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 22:22]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 22:22]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-11 22:22]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-11 22:22]
.
2013-04-16 c:\windows\Tasks\shield check.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Shield\checkhp.exe [2013-02-26 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://proxy.allsearchapp.com/app/start/
uInternet Settings,ProxyOverride = <local>
IE: Download Using &BitSpirit - d:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link E&xplorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 66.228.116.178,66.228.116.179
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Akamai\netsession_win.exe
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-16 19:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\kmw_dll.dll
c:\windows\system32\WOW32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\program files\Google\Drive\Microsoft.VC90.CRT\MSVCP90.dll
c:\program files\Google\Drive\Microsoft.VC90.CRT\MSVCR90.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\kmw_run.exe
c:\windows\system32\KMW_SHOW.EXE
.
**************************************************************************
.
Completion time: 2013-04-16 19:40:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-17 02:40
.
Pre-Run: 34,821,328,896 bytes free
Post-Run: 35,842,793,472 bytes free
.
- - End Of File - - 1C091F9DDD11D21F622606D479F367FC
Combofix Extras Log:OTL Extras logfile created on: 4/16/2013 8:24:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.55% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 33.44 Gb Free Space | 11.97% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 18.27 Gb Free Space | 1.31% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 2.08 Gb Free Space | 1.39% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 92.62 Gb Free Space | 31.07% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive K: | 93.16 Gb Total Space | 2.54 Gb Free Space | 2.72% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 199.91 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.29% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer.exe /e, %1 (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [ZoomPlayer.Play] -- "C:\Program Files\Zoom Player\zplayer.exe" "/add:%L" (Inmatrix LTD)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe" = C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\Program Files (x86)\BitSpirit\BitSpirit.exe" = D:\Program Files (x86)\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Program Files (x86)\eMule\emule.exe" = D:\Program Files (x86)\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\InterVideo\DVD5\WinDVD.exe" = C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"K:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe" = K:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:HAWX -- ()
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0DA17E9B-7F62-4C50-9E65-9E9C5BA1269B}" = Warbirds 2013
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD Platinum 5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D456CE5-01E4-4DBE-9797-77003A7C8271}" = Microsoft® Measurement Smart Tag Converter
"{2E84A5A4-351E-4B00-9926-F50DBD7481E9}_is1" = SmartPropoPlus version 3.3.10
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFAFEC1-75BB-4773-B996-315503D312D7}" = Microsoft XML Spreadsheet Add-In for Access 2002
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F01560D-8964-4009-8D23-F52838D43648}" = Platinum Collection Diamond DA40 TDI for FSX
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D44070C-86F9-424A-B514-6907E4335BCE}" = PhoenixRC
"{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}" = HexEdit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AEF3482-B7B7-4B94-AF63-B249B9BA9D7F}_is1" = HELI-X 3.0 Demo
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (incl. StarFlight AddOn)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{905D0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio IFilter 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91D8E9BA-6BDB-4559-89CD-633EBED4C385}" = Machete Lite 3.7
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABCC0F95-ECD0-4302-B84F-7F47637AF6CE}" = Virtavia Supermarine Scimitar F1 FSX
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CACFCDD3-87E4-46E9-A940-8A6A920635D3}" = RealFlight G4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D19EDDF3-9BBC-45F4-A77F-B26A963CDF9B}" = ClearView
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.4
"{de4302c4-078c-4350-ace1-a3831025c67a}" = Nero 9
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F543D515-9582-47BA-B236-F079D64D936E}" = G4_EMU
"{F714FFE7-E8CA-4C52-B9B5-06347B664CDA}" = ALS-SIM Flanker B for FSX
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"AC3Filter_is1" = AC3Filter 2.5b
"Addictive Pitts" = Addictive Pitts
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Aircraft Factory F4u Corsair" = Aircraft Factory F4u Corsair
"allSnap_is1" = allSnap version 1.33.2
"ASRock IES_is1" = ASRock IES v2.0.90
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.99
"Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.92
"Audacity_is1" = Audacity 2.0.2
"AudioCS" = Creative Audio Console
"AVG" = AVG 2013
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Beech B60 Duke Rip" = Beech B60 Duke Rip
"BitSpirit_is1" = BitSpirit v3.6.0.550 Stable
"Bulk Image Downloader_is1" = Bulk Image Downloader v2.2.0.0
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carenado F33A Bonanza" = Carenado F33A Bonanza
"Carenado Mooney M20J FSX" = Carenado Mooney M20J FSX
"Carenado Premium Cessna 210M Centurion II" = Carenado Premium Cessna 210M Centurion II
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Classics Hangar Fw 190 A, The Early Variants" = Classics Hangar Fw 190 A, The Early Variants
"Classics Hangar Fw 190 A, The Late Variants" = Classics Hangar Fw 190 A, The Late Variants
"Clock 1.0" = Blu Dot Clock
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DCoder Image Source" = DCoder Image Source (remove only)
"DCS A-10C_is1" = DCS A-10C
"Diamond Drive Icon" = Diamond Drive Icon 1.4
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"dnschange" = DNS Shield
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EADM" = EA Download Manager
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"eMule Razorback 3" = eMule Razorback 3
"Fast Free Converter" = Fast Free Converter
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Firefox" = Firefox v3.0.11 (Remove Only)
"Fw190A_v1.1" = Fw190A_v1.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GetFLV Pro 5.8_is1" = GetFLV Pro 5.8
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.52
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME_is1" = LAME v3.99.3 (for Windows)
"lavfilters_is1" = LAV Filters 0.51.3
"Madonote_is1" = Madonote 2004
"MadVR" = MadVR (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxMRU" = Marvell MRU V4
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PA34 200T SENECA II FSX" = PA34 200T SENECA II FSX
"Pack_ALL_Packs_is1" = RSRBR_Pack_ALL_Packs
"pepakura_viewer3en" = Pepakura Viewer 3
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"QuicktimeAlt_is1" = QuickTime Alternative 1.75
"RAZBAM Convair F-102 Delta Dagger for FSX" = RAZBAM Convair F-102 Delta Dagger for FSX
"Razbam The Skyraiders Vol2 FSX version" = Razbam The Skyraiders Vol2 FSX version
"RC Helicopter" = RC Helicopter
"RealAlt_is1" = Real Alternative 1.50
"RealMedia" = RealMedia (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.94
"RSRBR_v2011_is1" = RSRBR2011
"ShHelper" = Reset Your Browser
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Simraceway" = Simraceway 0.28.42
"[email protected]" = Social Privacy
"SPACESHUTTLE" = Space Shuttle
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Victory" = Victory 0.09.634
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wings of POWER II: WWII FIGHTERS" = Wings of POWER II: WWII FIGHTERS
"Wings of Power: Focke Wulf "Long Nose"" = Wings of Power: Focke Wulf "Long Nose"
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xtreme Prototypes 20 Series Business Jets SP2" = Xtreme Prototypes 20 Series Business Jets SP2
"Xtreme Prototypes X-15-2-3 for Flight Simulator1.0" = Xtreme Prototypes X-15-2-3 for Flight Simulator
"xvid" = Xvid MPEG-4 Video Codec
"XVID Decoder" = XVID Decoder (remove only)
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bellanca Viking Collection Build 4.1" = Bellanca Viking Collection Build 4.1
"Carenado's C SKYLANE II RG R182" = Carenado's C SKYLANE II RG R182
"Dropbox" = Dropbox
"Flight Replicas CAC Boomerang for FSX" = Flight Replicas CAC Boomerang for FSX
"JustFlight F-117 Nighthawk for FS9 and FSX" = JustFlight F-117 Nighthawk for FS9 and FSX
"MiG-15 by Bear Studios for FSX" = MiG-15 by Bear Studios for FSX
"MusicManager" = Music Manager
"Tailwind Twin Pack" = Tailwind Twin Pack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2013 10:31:10 PM | Computer Name = ASROCK_WINXP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/16/2013 10:31:10 PM | Computer Name = ASROCK_WINXP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/16/2013 10:31:10 PM | Computer Name = ASROCK_WINXP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/16/2013 10:31:10 PM | Computer Name = ASROCK_WINXP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/16/2013 10:31:10 PM | Computer Name = ASROCK_WINXP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/16/2013 10:31:11 PM | Computer Name = ASROCK_WINXP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/16/2013 10:34:18 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/16/2013 10:34:18 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/16/2013 10:34:20 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/16/2013 10:34:20 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 4/16/2013 10:39:45 PM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 4/16/2013 10:39:45 PM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 4/16/2013 10:39:55 PM | Computer Name = ASROCK_WINXP | Source = Workstation | ID = 5727
Description = Could not load MRxSmb device driver.

Error - 4/16/2013 10:39:55 PM | Computer Name = ASROCK_WINXP | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 4/16/2013 10:39:55 PM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 4/16/2013 10:39:55 PM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 4/16/2013 10:40:32 PM | Computer Name = ASROCK_WINXP | Source = Workstation | ID = 5727
Description = Could not load MRxSmb device driver.

Error - 4/16/2013 10:40:32 PM | Computer Name = ASROCK_WINXP | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 4/16/2013 10:40:32 PM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 4/16/2013 10:40:32 PM | Computer Name = ASROCK_WINXP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066


< End of report >
Malwarebytes Anti-Malware Log:Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.16.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Jon Kunkel :: ASROCK_WINXP [administrator]

4/16/2013 12:48:23 PM
mbam-log-2013-04-16 (12-48-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 955427
Time elapsed: 5 hour(s), 35 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 32
C:\Games\Dirt 3 Rip\paul.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Games\Game Cracks & Trainers\CureROM_131_Setup.rar (MadCodeHook) -> No action taken.
C:\Games\Game Cracks & Trainers\Wings_of_Prey_v1.0.0.3_RU_NoDVD.7z (Trojan.Bancos) -> No action taken.
C:\Games\Game Cracks & Trainers\Wings_of_Prey_v1.0.0.9_RU_NoDVD.7z (Trojan.Bancos) -> No action taken.
C:\Games\Game Cracks & Trainers\Wings_of_Prey_v1.0.2.1_RU_NoDVD.7z (Trojan.Bancos) -> No action taken.
C:\Games\Game Cracks & Trainers\Dirt 2\Dirt_2_v1.0_Trainer.rar (HackTool.GamesCheat) -> No action taken.
C:\Games\Game Cracks & Trainers\Evolution GT\Evolution GT NO DVD CRACK.rar (Trojan.FakeAlert) -> No action taken.
C:\Games\Game Cracks & Trainers\Flatout 2\FlatOut 2 +1 Trainer.rar (HackTool.GamesCheat.Gen) -> No action taken.
C:\Games\Game Cracks & Trainers\Flatout 2\FlatOut2PLUS2Trainer.rar (Malware.Packer.Gen) -> No action taken.
C:\Games\Game Cracks & Trainers\GameSpy\GameSpy 3D v2.2.4.14 keygen.zip (RiskWare.Tool.CK) -> No action taken.
C:\Games\Game Cracks & Trainers\Need for Speed - Shift\Need_for_Speed_SHIFT_v1[1].0.1.0_Trainer.rar (HackTool.GamesCheat) -> No action taken.
C:\Games\Game Cracks & Trainers\Need for Speed Underground 2\Keygen Need for Speed Underground 2.exe (Trojan.Downloader) -> No action taken.
C:\Games\Game Cracks & Trainers\Need.For.Speed.ProStreet\Need.For.Speed.ProStreet.PLUS.1.Trainer.zip (HackTool.GamesCheat.Gen) -> No action taken.
C:\Games\Game Cracks & Trainers\Pure\Pure.Plus.5.Trainer.zip (Trojan.Dropper) -> No action taken.
C:\Games\Game Cracks & Trainers\Tiger Woods 08\sign-tw08t.rar (Trojan.Downloader) -> No action taken.
C:\Games\TOCA Race Driver 3\bc-toca3.zip (Malware.Gen) -> No action taken.
C:\Games\TOCA Race Driver 3\toca3trn6.zip (HackTool.GamesCheat.Gen) -> No action taken.
C:\Games\TOCA Race Driver 3\ToCA_Race_Driver_3_v1.1_Plus2_Trainer-GoldenGlobeX.rar (HackTool.GamesCheat.Gen) -> No action taken.
C:\Games\TOCA Race Driver 3\ToCA_Race_Driver_3_v1.1_Plus2_Trainer-GoldenGlobeX\Trainer v1.1.exe (HackTool.GamesCheat.Gen) -> No action taken.
C:\Program Files\Codemasters\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> No action taken.
D:\Downloads\IDM.UltraEdit.v16.00.0.1036.Incl.Keymaker-CORE.rar (PUP.Keygen.Intro) -> No action taken.
D:\Downloads\IDM.UltraEdit.v17.00.0.1030+crack.rar (PUP.Keygen.Intro) -> No action taken.
D:\Downloads\WinZip Pro v.10.zip (Malware.NSPack) -> No action taken.
D:\Downloads\Winamp Full 5.3 Build 920.zip (Trojan.Downloader) -> No action taken.
D:\Downloads\Video Tools & Codecs\Convert X to DVD\Convert X to DVD 4.1.9.347.Multilang.rar (RiskWare.Tool.CK) -> No action taken.
D:\Downloads\Video Tools & Codecs\Convert X to DVD\VSO ConvertXtoDVD v3.3.3.104.rar (RiskWare.Tool.CK) -> No action taken.
D:\Program Files (x86)\Codemasters\FUEL\1911.dll (Adware.Agent) -> No action taken.
D:\System Volume Information\_restore{FDF318C4-15A7-4EBA-B51E-0FAD1A6D4AD2}\RP100\A0005818.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FDF318C4-15A7-4EBA-B51E-0FAD1A6D4AD2}\RP100\A0005837.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FDF318C4-15A7-4EBA-B51E-0FAD1A6D4AD2}\RP100\A0005881.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FDF318C4-15A7-4EBA-B51E-0FAD1A6D4AD2}\RP100\A0005887.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FDF318C4-15A7-4EBA-B51E-0FAD1A6D4AD2}\RP2\A0000882.msi (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements

#2
gringo_pr
Posted 16 April 2013 - 10:23 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jlk69

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
jlk69
Posted 17 April 2013 - 10:53 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
DH Driver Cleaner Professional Edition
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` # AdwCleaner v2.200 - Logfile created 04/17/2013 at 08:43:24
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jon Kunkel - ASROCK_WINXP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jon Kunkel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\bprotector_prefs.js
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\53558cddbd68ba41
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\53558cddbd68ba41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\prefs.js

C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\user.js ... Deleted !

[OK] File is clean.

File : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\prefs.js

C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\waiq5ak8.default-1353892193671\user.js ... Deleted !

[OK] File is clean.

File : C:\Documents and Settings\UpdatusUser\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\UpdatusUser\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3878 octets] - [27/11/2012 10:34:00]
AdwCleaner[S2].txt - [6259 octets] - [17/04/2013 08:43:24]

########## EOF - C:\AdwCleaner[S2].txt - [6319 octets] ##########RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jon Kunkel [Admin rights]
Mode : Remove -- Date : 04/17/2013 09:50:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] shield check.job : C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Shield\checkhp.exe [-] -> DELETED
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{813A0D76-BE99-43B5-B9AD-6D1316EDC5EF} : NameServer (208.67.222.222,206.67.222.208) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Administrator\NTUSER.DAT
-> D:\Users\Classic .NET AppPool\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Jon Kunkel\NTUSER.DAT
-> G:\windows\system32\config\SOFTWARE
-> G:\windows\system32\config\SYSTEM
-> G:\Documents and Settings\Default User\NTUSER.DAT
-> G:\Documents and Settings\Default User.WINDOWS.0\NTUSER.DAT
-> G:\Documents and Settings\Jon Kunkel\NTUSER.DAT
-> G:\Documents and Settings\Jon Kunkel.ASROCK_XP\NTUSER.DAT
-> G:\Documents and Settings\LocalService\NTUSER.DAT
-> G:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> G:\Documents and Settings\NetworkService\NTUSER.DAT
-> G:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
-> G:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> G:\Documents and Settings\UpdatusUser.ASROCK_XP\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200JB-00GVA0 +++++
--- User ---
[MBR] cda56a0551758362908036e7742606d7
[BSP] bc8700cc7b26931223c439dcb18e4ae4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600JB-00FUA0 +++++
--- User ---
[MBR] 429e961037efb3e8c890a5df0fa22086
[BSP] b5fa61c00ff28cae19e3780238060d06 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD3200AAKS-75SBA0 +++++
--- User ---
[MBR] 3ebbb85715809f67a1a0891ac18fe760
[BSP] 2459850cadfc3fbc117a6ce3be8bcf75 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST3300620AS +++++
--- User ---
[MBR] dbc666b6bd253cb4f9496f4e8901081f
[BSP] 5c1515db17d63e4c21552a9a4b95400d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD1600JD-55HBC0 +++++
--- User ---
[MBR] 10f6f49106e724730d007d1c63797e5c
[BSP] dfc9378765552fded6f6d78b81774fa0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312561664 | Size: 15 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04172013_02d0950.txt >>
RKreport[1]_S_04172013_02d0949.txt ; RKreport[2]_D_04172013_02d0950.txt
  • 0

#4
gringo_pr
Posted 17 April 2013 - 11:57 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jlk69

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
jlk69
Posted 17 April 2013 - 02:40 PM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
ComboFix 13-04-17.01 - Jon Kunkel 04/17/2013 13:25:06.8.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2616 [GMT -7:00]
Running from: c:\documents and settings\Jon Kunkel\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-13 05:32 . 2013-04-13 05:32 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\AVG2013
2013-04-13 05:31 . 2013-04-13 05:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-04-13 05:31 . 2013-04-13 05:31 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\TuneUp Software
2013-04-13 05:30 . 2013-04-13 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-04-13 05:30 . 2013-04-13 05:30 -------- d-----w- C:\$AVG
2013-04-13 05:29 . 2013-04-13 05:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2013-04-13 05:29 . 2013-04-13 05:29 -------- d-----w- c:\program files\AVG
2013-04-13 04:16 . 2013-04-13 05:34 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Avg2013
2013-04-13 04:16 . 2013-04-13 04:16 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\MFAData
2013-04-12 16:28 . 2013-04-12 16:28 -------- d-----w- c:\program files\Blu Dot Clock
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\UpdatusUser\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\Jon Kunkel\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\program files\File Type Helper
2013-04-12 16:26 . 2013-04-12 16:27 -------- d-----w- c:\program files\Fast Free Converter
2013-04-12 16:24 . 2013-04-17 02:30 -------- d-----w- c:\program files\Social Privacy
2013-04-12 16:24 . 2013-04-12 16:26 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Shield
2013-04-12 16:24 . 2013-04-12 16:24 -------- d-----w- c:\program files\dnsshield
2013-04-12 16:23 . 2013-04-12 16:23 -------- d-----w- c:\program files\Atomic Alarm Clock
2013-04-06 05:02 . 2013-04-06 05:02 -------- d-----w- c:\program files\Dropbox
2013-04-06 05:01 . 2013-04-17 16:38 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 16:35 . 2012-01-17 07:59 7304 ----a-w- c:\windows\TMP0001.TMP
2013-04-12 06:23 . 2012-04-04 18:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 06:23 . 2011-05-17 09:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 21:34 . 2011-04-29 07:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-08 21:34 . 2011-04-29 07:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-08 21:34 . 2011-04-29 07:31 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-04-04 21:50 . 2012-01-13 22:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 22:32 . 2011-07-26 17:38 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2010-11-12 20:19 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-08 11:37 . 2010-09-07 10:48 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2010-12-08 11:12 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2010-09-07 10:48 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-03 03:04 . 2013-02-03 03:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-03 03:04 . 2013-02-03 03:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-03 03:04 . 2012-11-27 08:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-03 03:04 . 2011-04-03 22:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-12 08:29 . 2013-04-12 08:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-01 11:19 25876912 --sh--w- c:\windows\setupa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-06-15 12:00 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-06-15 . 50D6EE240E804F638D88E26200D37670 . 570368 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
.
[-] 2009-06-15 . D075177EBE8735C080831BE2E99941CC . 575488 . . [5.1.2600.5577] . . c:\windows\system32\user32.dll
.
[-] 2009-06-15 . 331257F9A07F1759ADB603D807226DAE . 1789440 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2009-06-15 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-06-15 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-06-15 . F0005C4A59B7AB05602881F074D5FA1F . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2009-06-15 . 7A1FF5DBF9AAE2187B9BA790DE838443 . 671072 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2009-06-15 . 448937CF6D5D4A4009532DF67B205F92 . 32256 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C0114F18-AC58-4188-9C8B-3FE75FAFCA77}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASRockOCTuner"="c:\program files\ASRock Utility\OCTuner\ASROC.exe" [2010-07-03 5332488]
"ASRockIES"="c:\program files\ASRock Utility\IES\AsrIes.exe" [2010-07-02 7990280]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2012-11-28 1726976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
.
c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe [2013-4-4 25863280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-3 576000]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AcBtnMgr_X63.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AcBtnMgr_X63.exe.lnk
backup=c:\windows\pss\AcBtnMgr_X63.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ACMonitor_X63.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ACMonitor_X63.exe.lnk
backup=c:\windows\pss\ACMonitor_X63.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^allSnap.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\allSnap.lnk
backup=c:\windows\pss\allSnap.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^SpeedFan.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 19:53 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 08:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-20 00:30 45632 ----a-w- c:\windows\system32\TaskSwitch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 08:00 45056 ------w- c:\program files\Creative\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-06-15 12:00 37376 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2009-06-15 12:00 57344 ----a-w- c:\windows\Resources\DiamondStyle\Diamond Drive Icon\DrvIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-04-03 06:10 11857920 ----a-w- c:\program files\Electronic Arts\EADM\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-11 22:22 116648 ----atw- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2009-06-15 12:00 65536 ----a-w- c:\windows\Resources\DiamondStyle\LClock\LClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxamsp32.exe]
2001-10-19 23:25 45056 ----a-w- c:\windows\system32\LXAMSP32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRUTray]
2009-10-09 08:57 741376 ----a-w- c:\program files\Marvell\raid\tray\MarvellTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2009-06-15 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-01-22 19:29 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-12-17 19:35 15467840 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-12-17 19:35 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-22 09:59 19552360 ----a-r- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 21:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows7Taskbar]
2009-06-15 12:00 331776 ----a-w- c:\windows\Resources\DiamondStyle\Windows 7 Taskbar\Windows7Taskbar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IDriverT"=3 (0x3)
"Application Updater"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Simraceway Update Service"=2 (0x2)
"LexBceS"=2 (0x2)
"Marvell RAID"=2 (0x2)
"ndassvc"=2 (0x2)
"LBTServ"=3 (0x3)
"CiSvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"IntuitUpdateServiceV4"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\raid\\Apache2\\bin\\httpd.exe"=
"d:\\Program Files (x86)\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files (x86)\\eMule\\emule.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Documents and Settings\\Jon Kunkel\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 39224]
R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [10/26/2009 11:37 PM 20008]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/13/2012 9:07 AM 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/3/2011 12:18 PM 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/4/2012 5:59 PM 12184]
R2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [12/29/2012 8:55 PM 18224]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\raid\Apache2\bin\httpd.exe [6/12/2008 1:05 PM 24635]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [11/12/2012 9:12 PM 14976]
R3 AsrOcDrv;AsrOcDrv;\??\c:\windows\system32\Drivers\AsrOcDrv.sys --> c:\windows\system32\Drivers\AsrOcDrv.sys [?]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [3/18/2010 8:40 PM 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
R3 IesDrv;IesDrv;\??\c:\windows\system32\Drivers\IesDrv.sys --> c:\windows\system32\Drivers\IesDrv.sys [?]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/4/2012 7:23 PM 35776]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [7/26/2011 2:35 AM 139648]
S2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/23/2011 12:14 PM 1691480]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2012 11:27 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/15/2012 9:37 PM 77624]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [11/5/2012 10:12 PM 13440]
S4 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\raid\svc\mvraidsvc.exe [10/13/2009 7:46 PM 151552]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:23]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 22:22]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 22:22]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-11 22:22]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-11 22:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://proxy.allsearchapp.com/app/start/
uInternet Settings,ProxyOverride = <local>
IE: Download Using &BitSpirit - d:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link E&xplorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 66.228.116.178,66.228.116.179
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(5236)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\kmw_dll.dll
c:\windows\system32\WOW32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\program files\Google\Drive\Microsoft.VC90.CRT\MSVCP90.dll
c:\program files\Google\Drive\Microsoft.VC90.CRT\MSVCR90.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2013-04-17 13:33:49
ComboFix-quarantined-files.txt 2013-04-17 20:33
ComboFix2.txt 2013-04-17 02:40
.
Pre-Run: 37,446,508,544 bytes free
Post-Run: 37,424,373,760 bytes free
.
- - End Of File - - 36BADFBA9462E5B02CBBEF9FCF5C7C0F
Now i can set my browser home page and it stays that way. However in Firefox when I click the plus button to open a new tab the All Search page opens up. It use to give me a list of most used web pages to choose from.
  • 0

#6
gringo_pr
Posted 17 April 2013 - 04:37 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jlk69

Fore firefox - https://support.mozi...uestions/801342

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
jlk69
Posted 18 April 2013 - 01:34 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
ComboFix 13-04-18.01 - Jon Kunkel 04/17/2013 23:50:37.9.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2510 [GMT -7:00]
Running from: c:\documents and settings\Jon Kunkel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon Kunkel\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-13 05:32 . 2013-04-13 05:32 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\AVG2013
2013-04-13 05:31 . 2013-04-13 05:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-04-13 05:31 . 2013-04-13 05:31 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\TuneUp Software
2013-04-13 05:30 . 2013-04-13 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-04-13 05:30 . 2013-04-13 05:30 -------- d-----w- C:\$AVG
2013-04-13 05:29 . 2013-04-13 05:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2013-04-13 05:29 . 2013-04-13 05:29 -------- d-----w- c:\program files\AVG
2013-04-13 04:16 . 2013-04-13 05:34 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Avg2013
2013-04-13 04:16 . 2013-04-13 04:16 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\MFAData
2013-04-12 16:28 . 2013-04-12 16:28 -------- d-----w- c:\program files\Blu Dot Clock
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\UpdatusUser\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\documents and settings\Jon Kunkel\AppData
2013-04-12 16:27 . 2013-04-12 16:27 -------- d-----w- c:\program files\File Type Helper
2013-04-12 16:26 . 2013-04-12 16:27 -------- d-----w- c:\program files\Fast Free Converter
2013-04-12 16:24 . 2013-04-17 02:30 -------- d-----w- c:\program files\Social Privacy
2013-04-12 16:24 . 2013-04-12 16:26 -------- d-----w- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Shield
2013-04-12 16:24 . 2013-04-12 16:24 -------- d-----w- c:\program files\dnsshield
2013-04-12 16:23 . 2013-04-12 16:23 -------- d-----w- c:\program files\Atomic Alarm Clock
2013-04-06 05:02 . 2013-04-06 05:02 -------- d-----w- c:\program files\Dropbox
2013-04-06 05:01 . 2013-04-17 23:09 -------- d-----w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 23:06 . 2012-01-17 07:59 7304 ----a-w- c:\windows\TMP0001.TMP
2013-04-12 06:23 . 2012-04-04 18:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 06:23 . 2011-05-17 09:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 21:34 . 2011-04-29 07:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-08 21:34 . 2011-04-29 07:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-08 21:34 . 2011-04-29 07:31 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-04-04 21:50 . 2012-01-13 22:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 22:32 . 2011-07-26 17:38 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2010-11-12 20:19 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-08 11:37 . 2010-09-07 10:48 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2010-12-08 11:12 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2010-09-07 10:48 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-03 03:04 . 2013-02-03 03:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-03 03:04 . 2013-02-03 03:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-03 03:04 . 2012-11-27 08:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-03 03:04 . 2011-04-03 22:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-12 08:29 . 2013-04-12 08:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-01 11:19 25876912 --sh--w- c:\windows\setupa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-06-15 12:00 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-06-15 . 50D6EE240E804F638D88E26200D37670 . 570368 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
.
[-] 2009-06-15 . D075177EBE8735C080831BE2E99941CC . 575488 . . [5.1.2600.5577] . . c:\windows\system32\user32.dll
.
[-] 2009-06-15 . 331257F9A07F1759ADB603D807226DAE . 1789440 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2009-06-15 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-06-15 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-06-15 . F0005C4A59B7AB05602881F074D5FA1F . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2009-06-15 . 7A1FF5DBF9AAE2187B9BA790DE838443 . 671072 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2009-06-15 . 448937CF6D5D4A4009532DF67B205F92 . 32256 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C0114F18-AC58-4188-9C8B-3FE75FAFCA77}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 23:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASRockOCTuner"="c:\program files\ASRock Utility\OCTuner\ASROC.exe" [2010-07-03 5332488]
"ASRockIES"="c:\program files\ASRock Utility\IES\AsrIes.exe" [2010-07-02 7990280]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2012-11-28 1726976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
.
c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe [2013-4-4 25863280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-3 576000]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AcBtnMgr_X63.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AcBtnMgr_X63.exe.lnk
backup=c:\windows\pss\AcBtnMgr_X63.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ACMonitor_X63.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ACMonitor_X63.exe.lnk
backup=c:\windows\pss\ACMonitor_X63.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^allSnap.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\allSnap.lnk
backup=c:\windows\pss\allSnap.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^SpeedFan.lnk]
path=c:\documents and settings\Jon Kunkel\Start Menu\Programs\Startup\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 19:53 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 08:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-20 00:30 45632 ----a-w- c:\windows\system32\TaskSwitch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 08:00 45056 ------w- c:\program files\Creative\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-06-15 12:00 37376 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2009-06-15 12:00 57344 ----a-w- c:\windows\Resources\DiamondStyle\Diamond Drive Icon\DrvIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-04-03 06:10 11857920 ----a-w- c:\program files\Electronic Arts\EADM\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-11 22:22 116648 ----atw- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2009-06-15 12:00 65536 ----a-w- c:\windows\Resources\DiamondStyle\LClock\LClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxamsp32.exe]
2001-10-19 23:25 45056 ----a-w- c:\windows\system32\LXAMSP32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRUTray]
2009-10-09 08:57 741376 ----a-w- c:\program files\Marvell\raid\tray\MarvellTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2009-06-15 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-01-22 19:29 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-12-17 19:35 15467840 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-12-17 19:35 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-22 09:59 19552360 ----a-r- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 21:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows7Taskbar]
2009-06-15 12:00 331776 ----a-w- c:\windows\Resources\DiamondStyle\Windows 7 Taskbar\Windows7Taskbar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IDriverT"=3 (0x3)
"Application Updater"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Simraceway Update Service"=2 (0x2)
"LexBceS"=2 (0x2)
"Marvell RAID"=2 (0x2)
"ndassvc"=2 (0x2)
"LBTServ"=3 (0x3)
"CiSvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"IntuitUpdateServiceV4"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\raid\\Apache2\\bin\\httpd.exe"=
"d:\\Program Files (x86)\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files (x86)\\eMule\\emule.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Documents and Settings\\Jon Kunkel\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 39224]
R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [10/26/2009 11:37 PM 20008]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/13/2012 9:07 AM 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/3/2011 12:18 PM 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 182072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/4/2012 5:59 PM 12184]
R2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [12/29/2012 8:55 PM 18224]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\raid\Apache2\bin\httpd.exe [6/12/2008 1:05 PM 24635]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [11/12/2012 9:12 PM 14976]
R3 AsrOcDrv;AsrOcDrv;\??\c:\windows\system32\Drivers\AsrOcDrv.sys --> c:\windows\system32\Drivers\AsrOcDrv.sys [?]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [3/18/2010 8:40 PM 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/15/2012 9:37 PM 77624]
R3 IesDrv;IesDrv;\??\c:\windows\system32\Drivers\IesDrv.sys --> c:\windows\system32\Drivers\IesDrv.sys [?]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/4/2012 7:23 PM 35776]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [7/26/2011 2:35 AM 139648]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/23/2011 12:14 PM 1691480]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2012 11:27 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [11/5/2012 10:12 PM 13440]
S4 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\raid\svc\mvraidsvc.exe [10/13/2009 7:46 PM 151552]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASROCDRV
*NewlyCreated* - IESDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:23]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 22:22]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 22:22]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-11 22:22]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
- c:\documents and settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-11 22:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://proxy.allsearchapp.com/app/start/
uInternet Settings,ProxyOverride = <local>
IE: Download Using &BitSpirit - d:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link E&xplorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 66.228.116.178,66.228.116.179
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 23:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\kmw_dll.dll
c:\windows\system32\WOW32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\documents and settings\Jon Kunkel\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\program files\Google\Drive\Microsoft.VC90.CRT\MSVCP90.dll
c:\program files\Google\Drive\Microsoft.VC90.CRT\MSVCR90.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2013-04-17 23:59:40
ComboFix-quarantined-files.txt 2013-04-18 06:59
ComboFix2.txt 2013-04-17 20:33
ComboFix3.txt 2013-04-17 02:40
.
Pre-Run: 36,969,504,768 bytes free
Post-Run: 36,946,882,560 bytes free
.
- - End Of File - - 13697C4B00413D2EECF351A8243EB073
Computer seams to be running fine. Got Firefox configured the way I want it. Thank you for your help.
  • 0

#8
gringo_pr
Posted 18 April 2013 - 02:47 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jlk69

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
jlk69
Posted 18 April 2013 - 09:28 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
"Nero SoundTrax Help
7-Zip 9.20
AC3Filter 2.5b
ACDSee 10 Photo Manager
Addictive Pitts
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Advertising Center
AeroFly Professional Deluxe (incl. StarFlight AddOn)
Aircraft Factory F4u Corsair
allSnap version 1.33.2
ALS-SIM Flanker B for FSX
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Software Update
ASRock IES v2.0.90
ASRock OC Tuner v2.3.99
Atomic Alarm Clock 5.92
Audacity 2.0.2
AVG 2013
Bass Audio Decoder (remove only)
Beech B60 Duke Rip
Bellanca Viking Collection Build 4.1
BitSpirit v3.6.0.550 Stable
Blu Dot Clock
BufferChm
Bulk Image Downloader v2.2.0.0
Calculator Powertoy for Windows XP
CameraDrivers
CameraReadme
Canon Easy-PhotoPrint EX
Canon MP470 series
Canon My Printer
Canon Utilities Solution Menu
Carenado's C SKYLANE II RG R182
Carenado F33A Bonanza
Carenado Mooney M20J FSX
Carenado Premium Cessna 210M Centurion II
CCleaner
CD Audio Reader Filter (remove only)
Classics Hangar Fw 190 A, The Early Variants
Classics Hangar Fw 190 A, The Late Variants
ClearType Tuning Control Panel Applet
ClearView
Compatibility Pack for the 2007 Office system
CompuApps SwissKnife V3
ConvertHelper 2.2
ConvertXtoDVD 3.3.3.104
Creative Audio Console
Creative MediaSource 5
Creative MediaSource DVD-Audio Player
Creative Software AutoUpdate
Creative WaveStudio 7
DCoder Image Source (remove only)
DCS A-10C
DeviceDiscovery
DeviceManagementQFolder
DH Driver Cleaner Professional Edition
Diamond Drive Icon 1.4
DirectVobSub (remove only)
DiRT 3
DivX Setup
DNS Shield
DolbyFiles
Dropbox
DScaler 5 Mpeg Decoders
EA Download Manager
EA SPORTS online 2008
Easy Video Splitter 1.28
eMule Razorback 3
eReg
erLT
eSupportQFolder
Fast Free Converter
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
Firefox v3.0.11 (Remove Only)
Flight Replicas CAC Boomerang for FSX
Fw190A_v1.1
G4_EMU
Gabest MPEG Splitter (remove only)
GetFLV Pro 5.8
Google Drive
Google Update Helper
Haali Media Splitter
HD Tune 2.52
HELI-X 3.0 Demo
HexEdit
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2657025)
Hotfix for Windows XP (KB2732052)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
HP Imaging Device Functions 9.0
HP Photosmart Cameras 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
hpicamDrvQFolder
HPProductAssistant
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
ImageConverter Plus 7.1
ImagXpress
InstantShareDevicesMFC
InterVideo WinDVD Platinum 5
Java 7 Update 13
Java Auto Updater
John's Background Switcher 4.4
JustFlight F-117 Nighthawk for FS9 and FSX
Kensington MouseWorks
LAME v3.99.3 (for Windows)
LAV Filters 0.51.3
Logitech Gaming Software 5.04
Machete Lite 3.7
Madonote 2004
MadVR (remove only)
MagicDisc 2.7.106
Magnifier Powertoy for Windows XP
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 91xx driver
Marvell MRU V4
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Sounds
Microsoft Office Visio IFilter 2003
Microsoft Office XP Professional with FrontPage
Microsoft OpenType Font File Properties Extension
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WinUsb 1.0
Microsoft XML Spreadsheet Add-In for Access 2002
Microsoft® Measurement Smart Tag Converter
MiG-15 by Bear Studios for FSX
MONOGRAM AMR Splitter/Decoder (remove only)
Movie Templates - Starter Kit
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Music Manager
NEC Electronics USB 3.0 Host Controller Driver
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Control Panel 290.53
NVIDIA Install Application
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.1107
NVIDIA Update 1.6.24
NVIDIA Update Components
OpenAL
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PA34 200T SENECA II FSX
PanoStandAlone
PDFCreator
PeerBlock 1.1 (r518)
Pepakura Viewer 3
PhoenixRC
Platinum Collection Diamond DA40 TDI for FSX
PPJoy Joystick Driver 0.8.4.5
PSSWCORE
QuickTime
QuickTime Alternative 1.75
Rapture3D 2.4.8 Game
RAZBAM Convair F-102 Delta Dagger for FSX
Razbam The Skyraiders Vol2 FSX version
RC Helicopter
Read in Microsoft Reader Add-in for Microsoft Word
Real Alternative 1.50
RealFlight G4
RealMedia (remove only)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Remove Hidden Data Tool
Reset Your Browser
Revo Uninstaller 1.94
RSRBR_Pack_ALL_Packs
RSRBR2011
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SHIFT 2 UNLEASHED™
SHOUTcast Source (remove only)
Simraceway 0.28.42
Slideshow Generator Powertoy for Windows XP
SmartPropoPlus version 3.3.10
Social Privacy
SolutionCenter
SoundTrax
Space Shuttle
Status
swMSM
Tailwind Twin Pack
The File Splitter 1.31
Tiger Woods PGA TOUR 08
Timershot Powertoy for Windows XP
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB955759)
Update for Windows XP (KB958752)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Victory 0.09.634
VideoToolkit01
Virtavia Supermarine Scimitar F1 FSX
Virtual Desktop Manager Powertoy for Windows XP
Visual Studio 2005 Tools for Office Second Edition Runtime
Warbirds 2013
WebFldrs XP
WebReg
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Wings of POWER II: WWII FIGHTERS
Wings of Power: Focke Wulf "Long Nose"
WinRAR archiver
WinZip
XML Paper Specification Shared Components Language Pack 1.0
Xtreme Prototypes 20 Series Business Jets SP2
Xtreme Prototypes X-15-2-3 for Flight Simulator
XVID Decoder (remove only)
Xvid MPEG-4 Video Codec
Zoom Player (remove only)
  • 0

#10
gringo_pr
Posted 18 April 2013 - 12:10 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld



These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove


eMule Razorback 3
Fast Free Converter
Java 7 Update 13
[/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic



"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements

#11
jlk69
Posted 19 April 2013 - 03:12 AM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.16.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Jon Kunkel :: ASROCK_WINXP [administrator]

4/19/2013 1:38:12 AM
mbam-log-2013-04-19 (01-38-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362221
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:09:02 AM, on 4/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
C:\Program Files\ASRock Utility\IES\AsrIes.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jon Kunkel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://proxy.allsear....com/app/start/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ASRockOCTuner] "C:\Program Files\ASRock Utility\OCTuner\ASROC.exe"
O4 - HKCU\..\Run: [ASRockIES] "C:\Program Files\ASRock Utility\IES\AsrIes.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link E&xplorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: http://127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 66.228.116.178,66.228.116.179
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5951 bytes
Computer is running fine.
  • 0

#12
gringo_pr
Posted 19 April 2013 - 04:41 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKCU\..\Run: [ASRockOCTuner] "C:\Program Files\ASRock Utility\OCTuner\ASROC.exe"
      O4 - HKCU\..\Run: [ASRockIES] "C:\Program Files\ASRock Utility\IES\AsrIes.exe"
      O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#13
gringo_pr
Posted 22 April 2013 - 01:40 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#14
jlk69
Posted 22 April 2013 - 11:36 PM

jlk69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Did eset scan and nothing was found.
  • 0

#15
gringo_pr
Posted 22 April 2013 - 11:39 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jlk69

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java


During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.

If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.

Link to download latest version. - install Java

How to disable java in your web browsers - Disable Java


:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.


The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP