Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

No Internet connection and System Restore turned off

Started by jlk69 , Aug 05 2013 03:37 PM

Please log in to reply

#1
jlk69

Posted 05 August 2013 - 03:37 PM

Member

Member
97 posts

Both Internet Explorer and Firefox don't work. Firefox gives me a message of server not found. Posting this from my phone. OTL logfile created on: 8/5/2013 10:10:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 74.12% Memory free
5.09 Gb Paging File | 4.40 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.69 Gb Free Space | 10.62% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 13.81 Gb Free Space | 0.99% to Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.65 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 61.03 Gb Free Space | 20.48% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive K: | 93.16 Gb Total Space | 2.54 Gb Free Space | 2.72% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 199.89 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.25% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/05 09:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/12 14:26:02 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/23 07:30:43 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/12 20:08:36 | 005,093,264 | ---- | M] (Gaijin Entertainment) -- C:\Program Files\War Thunder\launcher.exe
PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2010/07/02 18:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 21:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/15 05:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/06/15 05:00:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2006/08/03 12:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2008/01/17 10:17:16 | 000,073,782 | ---- | M] () -- C:\Program Files\Marvell\raid\Apache2\bin\zlib1.dll
MOD - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/07/02 16:34:09 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/23 07:30:43 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 19:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (azce8qab)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/12/29 20:55:36 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mi2c.sys -- (mi2c)
DRV - [2012/07/14 16:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/11/09 07:21:41 | 000,122,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/09/01 23:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 10:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 02:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,4 and then

#2
RKinner

Posted 05 August 2013 - 10:11 PM

Malware Expert

Expert
24,625 posts

Can you post the rest of the OTL log?

It sounds like you may have a proxy:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, Run, cmd , OK to bing up a command window. Type (wih an Enter after each line):

ipconfig  /all

(what IP is given for the DNS server?)

nslookup  f1.com

(That's F ONE dot Com. It should tell you:

Non-authoritative answer:
Name: f1.com
Addresses: 80.231.178.248
195.219.248.104

Does it? )


ping  8.8.8.8

(Do you get any replies?)

Ron

#3
jlk69

Posted 05 August 2013 - 11:51 PM

Member

Topic Starter
Member
97 posts

Can't seem to copy full text of report at once. DNS servers 66.228.116.178, 66.228.116.179, FEC0:0:0:0:ffff::1%1, FEC0:0:0:0:ffff::2%1, FEC0:0:0:0:ffff::3%1. Can't find servers no response from server can't find servers for address no response from server can't find f1.com10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 15:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 15:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 09:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/06/20 16:29:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\mvraidver.dat
[2012/05/24 03:16:33 | 000,000,158 | ---- | C] () -- C:\WINDOWS\Realflight.INI
[2012/05/24 02:28:10 | 000,000,249 | ---- | C] () -- C:\WINDOWS\emug3.ini
[2012/03/21 19:54:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/01 00:53:48 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 19:20:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2012/02/03 19:18:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 02:31:46 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/22 02:06:37 | 000,013,656 | -HS- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6
[2011/10/28 22:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 22:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 19:32:08 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/10/18 15:05:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/07/06 20:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 20:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 16:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 16:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/06/24 14:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 14:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/21 16:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/04/23 21:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 21:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/06 21:27:58 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 15:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg

========== ZeroAccess Check ==========

[2011/04/02 16:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 05:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 05:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/03 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/04/12 23:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/03 13:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/04/12 23:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/07/22 21:30:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/11 12:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2013/04/12 21:16:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/14 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/11 12:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/25 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/09/07 11:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
[2013/08/05 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/18 22:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2012/10/15 21:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/05/07 01:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/06/11 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2013/05/10 03:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/12 04:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual RC Pro
[2011/04/23 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2013/07/18 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WarThunder
[2011/05/01 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WOP
[2012/09/21 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AC3Filter
[2011/04/03 11:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2013/06/24 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2011/04/03 13:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2013/04/12 22:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG2013
[2011/05/04 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2012/12/17 16:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DAEMON Tools Lite
[2012/06/10 17:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DDMSettings
[2013/05/13 00:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DefaultTab
[2011/04/05 08:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2011/05/20 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2013/08/05 08:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox
[2011/04/20 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2012/11/07 19:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2011/04/06 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2012/09/13 09:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\IObit
[2011/04/03 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/03 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2012/09/04 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Leadertech
[2011/06/15 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2011/07/16 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2013/06/20 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Photobucket
[2011/05/27 19:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2013/04/12 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\TuneUp Software
[2013/08/03 16:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ViberPC
[2012/09/28 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\VideoRipper
[2013/04/18 22:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2011/05/05 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD I get a reply from pinging 8.8.8.8

< End of report >

Edited by jlk69, 05 August 2013 - 11:54 PM.

#4
RKinner

Posted 06 August 2013 - 12:09 AM

Malware Expert

Expert
24,625 posts

Try changing the DNS server to 8.8.8.8 and 4.2.2.1

Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.

Select "Use the following DNS server addresses" then put 8.8.8.8 in the Preferred box and 4.2.2.1 in the Alternate. OK.

This file is most likely malware:

C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\805830a1r786f880a626n8tpa5l6

It should be deleted.

Reboot.

I suspect it will work now.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#5
jlk69

Posted 06 August 2013 - 12:08 PM

Member

Topic Starter
Member
97 posts

Thank you so much. I have internet now!! OTL logfile created on: 8/6/2013 10:50:28 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 73.03% Memory free
5.09 Gb Paging File | 4.29 Gb Available in Paging File | 84.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.56 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 13.81 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.65 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 61.03 Gb Free Space | 20.48% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive K: | 93.16 Gb Total Space | 2.54 Gb Free Space | 2.72% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 199.89 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.25% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/05 09:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/12 14:26:02 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/23 07:30:43 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2010/07/02 18:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 21:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/15 05:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2006/08/03 12:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/10 07:12:49 | 016,166,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/02 16:34:08 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2008/01/17 10:17:16 | 000,073,782 | ---- | M] () -- C:\Program Files\Marvell\raid\Apache2\bin\zlib1.dll
MOD - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/07/02 16:34:09 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/23 07:30:43 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 19:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ah8r2o4z)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/12/29 20:55:36 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mi2c.sys -- (mi2c)
DRV - [2012/07/14 16:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/11/09 07:21:41 | 000,122,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/09/01 23:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 10:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 02:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/08 03:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 04:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/17 16:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 23:37:14 | 000,020,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv91cons.sys -- (mv91cons)
DRV - [2009/06/15 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009/06/15 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009/06/15 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2009/06/15 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/03 12:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 12:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 12:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2001/07/13 14:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{43682B77-B546-4606-A6AD-D81710E1AB36}: "URL" = http://proxy.allsear...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.12
FF - prefs.js..extensions.enabledAddons: showmemore%40suskind:2.3
FF - prefs.js..extensions.enabledAddons: %7B7E7165E2-0767-448c-852F-5FA8714F2C37%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B524B8EF8-C312-11DB-8039-536F56D89593%7D:4.39.0.0
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.31.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/06/21 16:43:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/02 16:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/02 16:34:02 | 000,000,000 | ---D | M]

[2013/04/18 08:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2013/08/02 07:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions
[2013/04/18 08:46:27 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2013/07/18 22:37:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/19 01:52:31 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\[email protected]
[2013/04/18 08:40:02 | 000,139,518 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\[email protected]
[2013/08/02 07:38:54 | 000,789,811 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\[email protected]
[2013/04/23 22:29:31 | 000,050,279 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2013/04/18 08:40:02 | 000,095,463 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2013/04/18 08:40:02 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/08/01 22:35:30 | 000,224,035 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/06/13 21:51:03 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\empflix.xml
[2013/04/18 10:03:36 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\firefox-add-ons.xml
[2013/05/19 01:51:18 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\zapomcom.xml
[2013/07/02 16:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/02 16:34:00 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/02 16:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/02 16:34:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/02 16:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content
[2013/07/02 16:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults

O1 HOSTS File: ([2013/04/16 19:35:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKCU..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Documents and Settings\Jon Kunkel\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 20a6ed3295f347d3b37dd16c64668bd9-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - Startup: C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 8.8.8.8,4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com\Background Switcher\ActiveBackground.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 16:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 21:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "Nero BackItUp Scheduler 4.0"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "idsvc"
MsConfig - Services: "avgwd"
MsConfig - Services: "AVGIDSAgent"
MsConfig - Services: "IDriverT"
MsConfig - Services: "Application Updater"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "Simraceway Update Service"
MsConfig - Services: "LexBceS"
MsConfig - Services: "Marvell RAID"
MsConfig - Services: "ndassvc"
MsConfig - Services: "LBTServ"
MsConfig - Services: "CiSvc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "IntuitUpdateServiceV4"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AcBtnMgr_X63.exe.lnk - C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe - (Jetsoft Development Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ACMonitor_X63.exe.lnk - C:\Program Files\LexmarkX63\ACMonitor_X63.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^allSnap.lnk - C:\Program Files\allSnap\allSnap.exe - (Ivan Heckman)
MsConfig - StartUpFolder: C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpFolder: C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Jon Kunkel^Start Menu^Programs^Startup^SpeedFan.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CoolSwitch - hkey= - key= - File not found
MsConfig - StartUpReg: CTDVDDET - hkey= - key= - C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DrvIcon - hkey= - key= - C:\WINDOWS\Resources\DiamondStyle\Diamond Drive Icon\DrvIcon.exe (artArmin)
MsConfig - StartUpReg: EADM - hkey= - key= - C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LClock - hkey= - key= - C:\WINDOWS\Resources\DiamondStyle\LClock\LClock.exe ()
MsConfig - StartUpReg: lxamsp32.exe - hkey= - key= - File not found
MsConfig - StartUpReg: MRUTray - hkey= - key= - C:\Program Files\Marvell\raid\tray\MarvellTray.exe ()
MsConfig - StartUpReg: MsmqIntCert - hkey= - key= - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
MsConfig - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Windows7Taskbar - hkey= - key= - C:\WINDOWS\Resources\DiamondStyle\Windows 7 Taskbar\Windows7Taskbar.exe (Lee-Soft.com)
MsConfig - State: "system.ini" - 2
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E29035F1-5D03-4AE0-811C-6199D9C8F328} -
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/30 15:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/07/28 09:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\My Documents\ViberDownloads
[2013/07/28 09:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Application Data\ViberPC
[2013/07/28 09:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber
[2013/07/28 02:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/18 22:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\WarThunder
[2013/07/18 22:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WarThunder
[2013/07/18 22:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\War Thunder
[2013/07/18 22:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\War Thunder
[2011/04/23 21:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2013/08/06 10:47:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2013/08/06 10:41:47 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/06 10:41:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/06 10:39:41 | 000,031,728 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/08/06 10:39:41 | 000,031,728 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/08/06 10:39:41 | 000,028,692 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/08/06 10:39:41 | 000,028,692 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/08/06 10:39:41 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2013/08/06 10:32:31 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 13:47:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2013/07/29 01:52:03 | 000,858,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/29 01:52:02 | 000,199,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/28 09:54:21 | 000,001,080 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Viber.lnk
[2013/07/28 09:54:21 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Viber.lnk
[2013/07/28 02:32:38 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/07/18 22:11:21 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\War Thunder.lnk
[2013/07/10 07:12:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/10 07:12:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2013/07/28 09:54:21 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Viber.lnk
[2013/07/28 09:54:21 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Viber.lnk
[2013/07/28 09:54:21 | 000,001,062 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Viber.lnk
[2013/07/28 02:32:38 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/18 22:11:21 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\War Thunder.lnk
[2013/04/12 09:23:22 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\AtomicAlarmClock.ini
[2013/02/16 23:06:28 | 000,475,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2013/02/16 23:06:28 | 000,179,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/31 16:21:02 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2012/12/03 10:36:55 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2012/11/26 22:46:38 | 000,251,575 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/12 21:12:50 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/11/12 21:12:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/11/12 21:12:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 21:12:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 21:12:35 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 15:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 15:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 09:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/06/20 16:29:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\mvraidver.dat
[2012/05/24 03:16:33 | 000,000,158 | ---- | C] () -- C:\WINDOWS\Realflight.INI
[2012/05/24 02:28:10 | 000,000,249 | ---- | C] () -- C:\WINDOWS\emug3.ini
[2012/03/21 19:54:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/01 00:53:48 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 19:20:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2012/02/03 19:18:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 02:31:46 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/28 22:40:06 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2011/10/28 22:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2011/10/18 19:32:08 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE
[2011/10/18 15:05:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011/07/06 20:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 20:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 16:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 16:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/06/24 14:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 14:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/21 16:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/04/23 21:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 21:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/06 21:27:58 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 15:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg

========== ZeroAccess Check ==========

[2011/04/02 16:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 05:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 05:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD1200JB-00GVA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD1600JB-00FUA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD3200AAKS-75SBA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3300620AS
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD1600JD-55HBC0
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST31500341AS
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE6 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD3200AVJS-63WDA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE7 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: ST910082 4AS USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 112.00GB
Starting Offset: 8225280
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 149.00GB
Starting Offset: 8225280
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 279.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #4, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #4, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00MB
Starting Offset: 160031571968
Hidden sectors: 0

DeviceID: Disk #5, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #6, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #7, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 93.00GB
Starting Offset: 32256
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >
[2010/04/05 22:34:58 | 000,019,456 | ---- | M] () -- C:\AudioStudy.exe
[2011/04/30 17:22:40 | 000,081,920 | ---- | M] () -- C:\SppConsole.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2010/04/05 22:34:58 | 000,019,456 | ---- | M] () -- C:\AudioStudy.exe
[2011/04/30 17:22:40 | 000,081,920 | ---- | M] () -- C:\SppConsole.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/09/21 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AC3Filter
[2011/04/03 11:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2011/04/04 21:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Adobe
[2012/11/27 10:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Apple Computer
[2013/06/24 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2011/04/03 13:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2013/04/12 22:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG2013
[2011/05/04 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2011/05/01 19:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Creative
[2012/12/17 16:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DAEMON Tools Lite
[2012/06/10 17:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DDMSettings
[2013/05/13 00:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DefaultTab
[2011/04/05 08:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2012/06/19 17:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DivX
[2011/05/20 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2013/08/06 10:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox
[2011/04/20 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2012/11/07 19:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2013/06/10 14:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Google
[2011/10/18 15:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Help
[2011/10/28 22:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\HP
[2011/05/27 22:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Identities
[2011/05/06 03:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\IDMComp
[2011/07/25 23:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InstallShield
[2011/04/06 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2012/03/01 00:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Intuit
[2012/09/13 09:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\IObit
[2011/04/03 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/03 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2012/09/04 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Leadertech
[2012/09/04 18:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Logishrd
[2012/09/04 18:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Logitech
[2011/06/15 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2011/06/12 16:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Macromedia
[2012/01/13 15:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Malwarebytes
[2012/09/28 00:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Media Player Classic
[2013/06/24 13:10:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft
[2013/04/18 08:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla
[2011/05/03 13:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Nero
[2012/06/19 17:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\NVIDIA
[2011/07/16 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2013/06/20 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Photobucket
[2012/08/29 19:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Real
[2011/05/27 19:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2011/04/03 12:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Sun
[2013/04/12 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\TuneUp Software
[2013/08/05 14:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ViberPC
[2012/09/28 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\VideoRipper
[2013/04/18 22:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2013/04/29 23:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Winamp
[2011/04/03 12:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinRAR
[2011/05/05 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay

< MD5 for: ATAPI.SYS >
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2009/06/15 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/06/15 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/06/15 05:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) MD5=331257F9A07F1759ADB603D807226DAE -- C:\WINDOWS\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/06/15 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=290C1A30DEFC723BBE10910AC2D6F6D0 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2009/06/15 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=290C1A30DEFC723BBE10910AC2D6F6D0 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\system32\dllcache\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2009/06/15 05:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: RSVPSP.DLL >
[2009/06/15 05:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/06/15 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/06/15 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2009/06/15 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2009/06/15 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/06/15 05:00:00 | 000,575,488 | ---- | M] (Microsoft Corporation) MD5=D075177EBE8735C080831BE2E99941CC -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2009/06/15 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2009/06/15 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/06/15 05:00:00 | 000,570,368 | ---- | M] (Microsoft Corporation) MD5=50D6EE240E804F638D88E26200D37670 -- C:\WINDOWS\system32\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/06/15 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/07/02 16:34:08 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/07/02 16:34:08 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/07/02 16:34:08 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2009/06/15 05:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2009/06/15 05:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2009/06/15 05:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/06/15 05:00:00 | 000,671,072 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/07/02 16:34:08 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/07/02 16:34:08 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/07/02 16:34:08 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/07/02 16:34:09 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2009/06/15 05:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2009/06/15 05:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2009/06/15 05:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/06/15 05:00:00 | 000,671,072 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2009/06/15 05:00:00 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2009/06/15 05:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2009/06/15 05:00:00 | 000,027,648 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 03:30:46 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 05:52:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 06:02:24 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 03:30:46 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012/07/14 16:22:54 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >
OTL Extras logfile created on: 8/6/2013 10:50:28 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 73.03% Memory free
5.09 Gb Paging File | 4.29 Gb Available in Paging File | 84.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 29.56 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 13.81 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.88 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.65 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 61.03 Gb Free Space | 20.48% Space Free | Partition Type: NTFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive K: | 93.16 Gb Total Space | 2.54 Gb Free Space | 2.72% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 199.89 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.25% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" %1 (Mozilla Corporation)
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer.exe /e, %1 (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [ZoomPlayer.Play] -- "C:\Program Files\Zoom Player\zplayer.exe" "/add:%L" (Inmatrix LTD)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:War Thunder
"443:TCP" = 443:TCP:*:Enabled:War Thunder
"20010:UDP" = 20010:UDP:*:Enabled:War Thunder
"3478:UDP" = 3478:UDP:*:Enabled:War Thunder
"7850:TCP" = 7850:TCP:*:Enabled:War Thunder
"27022:TCP" = 27022:TCP:*:Enabled:War Thunder
"6881:TCP" = 6881:TCP:*:Enabled:War Thunder
"33333:TCP" = 33333:TCP:*:Enabled:War Thunder
"20443:TCP" = 20443:TCP:*:Enabled:War Thunder
"8090:TCP" = 8090:TCP:*:Enabled:War Thunder

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\Viber.exe" = C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\Viber.exe:*:Enabled:Viber -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe" = C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\Program Files (x86)\BitSpirit\BitSpirit.exe" = D:\Program Files (x86)\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Program Files (x86)\eMule\emule.exe" = D:\Program Files (x86)\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\InterVideo\DVD5\WinDVD.exe" = C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\War Thunder\launcher.exe" = C:\Program Files\War Thunder\launcher.exe:*:Enabled:War Thunder launcher -- (Gaijin Entertainment)
"C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\Viber.exe" = C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\Viber.exe:*:Enabled:Viber -- ()
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DA17E9B-7F62-4C50-9E65-9E9C5BA1269B}" = Warbirds 2013
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD Platinum 5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D456CE5-01E4-4DBE-9797-77003A7C8271}" = Microsoft® Measurement Smart Tag Converter
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E84A5A4-351E-4B00-9926-F50DBD7481E9}_is1" = SmartPropoPlus version 3.3.10
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFAFEC1-75BB-4773-B996-315503D312D7}" = Microsoft XML Spreadsheet Add-In for Access 2002
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F01560D-8964-4009-8D23-F52838D43648}" = Platinum Collection Diamond DA40 TDI for FSX
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D44070C-86F9-424A-B514-6907E4335BCE}" = PhoenixRC
"{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}" = HexEdit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AEF3482-B7B7-4B94-AF63-B249B9BA9D7F}_is1" = HELI-X 3.0 Demo
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (incl. StarFlight AddOn)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{905D0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio IFilter 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91D8E9BA-6BDB-4559-89CD-633EBED4C385}" = Machete Lite 3.7
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{98813202-6C6E-4ABE-A128-6E8FB3368BE0}" = Photobucket Backup
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABCC0F95-ECD0-4302-B84F-7F47637AF6CE}" = Virtavia Supermarine Scimitar F1 FSX
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CACFCDD3-87E4-46E9-A940-8A6A920635D3}" = RealFlight G4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19EDDF3-9BBC-45F4-A77F-B26A963CDF9B}" = ClearView
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.4
"{de4302c4-078c-4350-ace1-a3831025c67a}" = Nero 9
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E639C9C3-93E1-4445-BD14-75AE8F513FF0}" = AVG 2013
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.252
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F543D515-9582-47BA-B236-F079D64D936E}" = G4_EMU
"{F714FFE7-E8CA-4C52-B9B5-06347B664CDA}" = ALS-SIM Flanker B for FSX
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"AC3Filter_is1" = AC3Filter 2.5b
"Addictive Pitts" = Addictive Pitts
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Aircraft Factory F4u Corsair" = Aircraft Factory F4u Corsair
"allSnap_is1" = allSnap version 1.33.2
"ASRock IES_is1" = ASRock IES v2.0.90
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.99
"Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.92
"Audacity_is1" = Audacity 2.0.2
"AudioCS" = Creative Audio Console
"AVG" = AVG 2013
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Beech B60 Duke Rip" = Beech B60 Duke Rip
"BitSpirit_is1" = BitSpirit v3.6.0.550 Stable
"Bulk Image Downloader_is1" = Bulk Image Downloader v2.2.0.0
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carenado F33A Bonanza" = Carenado F33A Bonanza
"Carenado Mooney M20J FSX" = Carenado Mooney M20J FSX
"Carenado Premium Cessna 210M Centurion II" = Carenado Premium Cessna 210M Centurion II
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Classics Hangar Fw 190 A, The Early Variants" = Classics Hangar Fw 190 A, The Early Variants
"Classics Hangar Fw 190 A, The Late Variants" = Classics Hangar Fw 190 A, The Late Variants
"Clock 1.0" = Blu Dot Clock
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DCoder Image Source" = DCoder Image Source (remove only)
"DCS A-10C_is1" = DCS A-10C
"DefaultTab" = DefaultTab
"Diamond Drive Icon" = Diamond Drive Icon 1.4
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"dnschange" = DNS Shield
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EADM" = EA Download Manager
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"eMule Razorback 3" = eMule Razorback 3
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Fw190A_v1.1" = Fw190A_v1.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GetFLV Pro 5.8_is1" = GetFLV Pro 5.8
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.52
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME_is1" = LAME v3.99.3 (for Windows)
"lavfilters_is1" = LAV Filters 0.51.3
"Madonote_is1" = Madonote 2004
"MadVR" = MadVR (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxMRU" = Marvell MRU V4
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PA34 200T SENECA II FSX" = PA34 200T SENECA II FSX
"Pack_ALL_Packs_is1" = RSRBR_Pack_ALL_Packs
"pepakura_viewer3en" = Pepakura Viewer 3
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"QuicktimeAlt_is1" = QuickTime Alternative 1.75
"RAZBAM Convair F-102 Delta Dagger for FSX" = RAZBAM Convair F-102 Delta Dagger for FSX
"Razbam The Skyraiders Vol2 FSX version" = Razbam The Skyraiders Vol2 FSX version
"RC Helicopter" = RC Helicopter
"RealAlt_is1" = Real Alternative 1.50
"RealMedia" = RealMedia (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.94
"RSRBR_v2011_is1" = RSRBR2011
"ShHelper" = Reset Your Browser
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Simraceway" = Simraceway 0.28.42
"SPACESHUTTLE" = Space Shuttle
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Victory" = Victory 0.09.634
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wings of POWER II: WWII FIGHTERS" = Wings of POWER II: WWII FIGHTERS
"Wings of Power: Focke Wulf "Long Nose"" = Wings of Power: Focke Wulf "Long Nose"
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xtreme Prototypes 20 Series Business Jets SP2" = Xtreme Prototypes 20 Series Business Jets SP2
"Xtreme Prototypes X-15-2-3 for Flight Simulator1.0" = Xtreme Prototypes X-15-2-3 for Flight Simulator
"xvid" = Xvid MPEG-4 Video Codec
"XVID Decoder" = XVID Decoder (remove only)
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bellanca Viking Collection Build 4.1" = Bellanca Viking Collection Build 4.1
"Carenado's C SKYLANE II RG R182" = Carenado's C SKYLANE II RG R182
"dd79800828b71771" = Robird G31 Flybarless system (3-Axis Gyro)
"Dropbox" = Dropbox
"Flight Replicas CAC Boomerang for FSX" = Flight Replicas CAC Boomerang for FSX
"JustFlight F-117 Nighthawk for FS9 and FSX" = JustFlight F-117 Nighthawk for FS9 and FSX
"MiG-15 by Bear Studios for FSX" = MiG-15 by Bear Studios for FSX
"MusicManager" = Music Manager
"Tailwind Twin Pack" = Tailwind Twin Pack
"Viber" = Viber

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2013 7:17:46 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 7:17:46 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 12:25:53 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 12:25:53 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 12:25:53 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 12:25:53 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 1:41:27 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 1:41:27 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 1:41:28 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 1:41:28 PM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 8/5/2013 11:41:08 AM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 11:41:08 AM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 12:11:08 PM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 12:11:08 PM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 1:10:54 PM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 1:10:54 PM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 3:11:01 PM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 8/6/2013 12:53:11 AM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 8/6/2013 1:23:12 AM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 8/6/2013 3:58:14 AM | Computer Name = ASROCK_WINXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

< End of report >

#6
RKinner

Posted 06 August 2013 - 12:32 PM

Malware Expert

Expert
24,625 posts

The following should clear the errors I see in your Application events:

Error - 8/6/2013 7:17:46 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2013 7:17:46 AM | Computer Name = ASROCK_WINXP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

These are just left over from IE 8.

Copy the next two lines

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}

Start, Run, cmd , OK to bring up a Command Window. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. Do you get any error messages?

Now let's see if we can clear the time errors.

Right click on the clock and select Adjust Date/Time.
Click on Internet Time. If it doesn't say "The Time has been Successfully synchronized..." then click on Update Now. Sometimes it helps to change the Server to one of the other ones.

Let's run a few scans to clean up your adware:

Download the adwCleaner
Please download Junkware Removal Tool to your desktop.
Close all Browsers. Pause your anti-virus

Run adwCleaner
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the Delete option
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Unpause your anti-virus

Junkware-Removal-Tool

Run the Junkware-Removal-Tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Unpause your anti-virus.

Probably would not hurt to do a free ESET online scan tho it takes a few hours:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

#7
RKinner

Posted 06 August 2013 - 12:33 PM

Malware Expert

Expert
24,625 posts

Also do:

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#8
jlk69

Posted 09 August 2013 - 04:15 AM

Member

Topic Starter
Member
97 posts

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 03:02:44
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jon Kunkel - ASROCK_WINXP
# Boot Mode : Normal
# Running from : D:\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\[email protected]
Folder Deleted : C:\DOCUME~1\JONKUN~1\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\StumbleUpon

***** [Registry] *****

Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\prefs.js

Deleted : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Deleted : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");

File : C:\Documents and Settings\UpdatusUser\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\UpdatusUser\Application Data\Mozilla\Firefox\Profiles\oj1ollbx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7240 octets] - [06/08/2013 22:14:24]
AdwCleaner[S1].txt - [3878 octets] - [27/11/2012 10:34:00]
AdwCleaner[S2].txt - [6388 octets] - [17/04/2013 08:43:24]
AdwCleaner[S3].txt - [6920 octets] - [09/08/2013 03:02:44]

########## EOF - C:\AdwCleaner[S3].txt - [6980 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Jon Kunkel on Tue 08/06/2013 at 22:16:55.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

~~~ Files

Successfully deleted: [File] "C:\chromehplog.txt"
Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Jon Kunkel\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\Jon Kunkel\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Program Files\iminent"
Successfully deleted: [Folder] "C:\Program Files\oapps"

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Jon Kunkel\Application Data\mozilla\firefox\profiles\2k73xokm.default-1366299320296\prefs.js

user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Farbar Service Scanner Version: 04-08-2013
Ran by Jon Kunkel (administrator) on 09-08-2013 at 03:12:38
Running from "D:\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2012-12-07 10:06] - [2011-05-01 23:15] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-06-15 05:00] - [2009-06-15 05:00] - 0045568 ____A (Microsoft Corporation) FE120AC2244572B2FA4023B7270E956E

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-04-02 16:02] - [2009-06-15 05:00] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll
[2011-04-02 16:02] - [2009-06-15 05:00] - 0408576 ____A (Microsoft Corporation) F13D1AA04F1F02399EB87F011584B7C0

C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2009-06-15 05:00] - [2009-06-15 05:00] - 0014848 ____A (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2009-06-15 05:00] - [2009-06-15 05:00] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:
=======
Avgtdix(13) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(3) Tcpip6(12)
0x0C00000005000000010000000200000003000000040000000C0000000D0000000600000007000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/06/2013 at 22:20:31.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ran the Eset scanner. Took a Loong time to finish. Forgot to check to the option to export the log file.

#9
RKinner

Posted 09 August 2013 - 09:17 AM

Malware Expert

Expert
24,625 posts

How is it running now? Any problems left?

#10
jlk69

Posted 09 August 2013 - 04:37 PM

Member

Topic Starter
Member
97 posts

Been running great since you helped me restore the internet. Thank you for your help. BTW I turned System Restore back on as soon as I found out it was disabled with no problems.

#11
RKinner

Posted 09 August 2013 - 05:32 PM

Malware Expert

Expert
24,625 posts

I think we can clean up now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Make sure you have Windows update working and preferably on Automatic download and install.
Ron