Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't remove pop up ad tabs and flash ads in Firefox 30 [Solved]

Started by jlk69 , Jun 20 2014 09:07 AM

This topic is locked

#1
jlk69

Posted 20 June 2014 - 09:07 AM

Member

Member
97 posts

Ads by Offerswizzard (flash ads and pop up tabs). Nothing that I can diable in the extension tab in firefox. Tried looking for a program to uninstall, but could not find any.

Pages will pop up while I am working on the internet, sometimes while I change pages and sometimes just random. Here recently, one was popping up about every minute or two

Sometimes the internet page I'm working changes to a software advertisement.

There is a turn down page on the right hand upper corner of every page I work on. If my cursor goes over it, it opens some kind of advertisement in that corner, When I try to close it, a new page pops up and sometimes the current interent page is taken to an advertisement.

Edited by jlk69, 20 June 2014 - 09:21 AM.

#2
Essexboy

Posted 20 June 2014 - 09:29 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I have moved you to the malware forum... Lets now see if we can cure this

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Select LOP and Purity
Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Attach both logs

#3
jlk69

Posted 20 June 2014 - 11:11 AM

Member

Topic Starter
Member
97 posts

OTL logfile created on: 6/20/2014 9:54:47 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.69% Memory free
5.09 Gb Paging File | 3.56 Gb Available in Paging File | 69.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 8.52 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 0.70 Gb Free Space | 0.05% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.63 Gb Free Space | 2.35% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.21 Gb Free Space | 2.15% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 25.22 Gb Free Space | 8.46% Space Free | Partition Type: NTFS
Drive H: | 54.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 201.78 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.25% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/20 09:53:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
PRC - [2014/06/19 21:44:27 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/06/17 12:36:00 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\netupdsrv.exe
PRC - [2014/06/17 12:35:38 | 000,179,200 | ---- | M] () -- C:\WINDOWS\system32\nethtsrv.exe
PRC - [2014/05/22 00:36:08 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2014/05/05 14:52:35 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/12/22 08:42:54 | 000,120,424 | ---- | M] (johnsadventures.com) -- C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
PRC - [2013/11/29 09:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/11/29 09:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/21 02:22:13 | 002,334,384 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/10/23 02:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/10/20 11:41:10 | 005,377,856 | ---- | M] (OrdinarySoft) -- C:\Program Files\Start Menu X\StartMenuX.exe
PRC - [2013/10/17 18:34:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/07 06:38:18 | 000,912,904 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\Viber.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2010/07/02 18:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 21:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/15 05:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/06/15 05:00:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2006/08/03 12:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/19 21:44:26 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/06/17 12:36:00 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\netupdsrv.exe
MOD - [2014/06/17 12:35:38 | 000,179,200 | ---- | M] () -- C:\WINDOWS\system32\nethtsrv.exe
MOD - [2014/06/17 12:35:28 | 000,108,544 | ---- | M] () -- C:\WINDOWS\system32\hfnapi.dll
MOD - [2014/06/17 12:35:18 | 000,246,784 | ---- | M] () -- C:\WINDOWS\system32\hfpapi.dll
MOD - [2014/03/19 01:10:40 | 000,622,592 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\sqldrivers\qsqlite.dll
MOD - [2014/03/19 01:10:34 | 014,442,496 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\libViber.dll
MOD - [2014/03/19 01:10:34 | 000,835,584 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\platforms\qwindows.dll
MOD - [2014/03/19 01:10:34 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\qfacebook.dll
MOD - [2014/03/19 01:10:33 | 000,729,088 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\libGLESv2.dll
MOD - [2014/03/19 01:10:33 | 000,278,528 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qtiff.dll
MOD - [2014/03/19 01:10:33 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qmng.dll
MOD - [2014/03/19 01:10:33 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qjpeg.dll
MOD - [2014/03/19 01:10:33 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\libEGL.dll
MOD - [2014/03/19 01:10:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qico.dll
MOD - [2014/03/19 01:10:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qgif.dll
MOD - [2014/03/19 01:10:33 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qwbmp.dll
MOD - [2014/03/19 01:10:33 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qtga.dll
MOD - [2014/03/19 01:10:33 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\imageformats\qsvg.dll
MOD - [2014/03/19 01:10:31 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\4.1.0.1703\iconengines\qsvgicon.dll
MOD - [2013/12/01 07:37:07 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\7b73f7e38201072133ea521fa104e260\System.Deployment.ni.dll
MOD - [2013/12/01 04:57:30 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/12/01 04:50:34 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/12/01 04:47:26 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/12/01 04:45:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/12/01 04:45:44 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/11/21 02:22:13 | 002,334,384 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/11/21 02:22:13 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\log4cplusU.dll
MOD - [2013/11/21 02:22:13 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\SiteSafety.dll
MOD - [2013/07/07 06:38:18 | 000,912,904 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Viber\Viber.exe
MOD - [2012/06/18 08:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2009/06/15 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2009/06/15 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2009/06/11 17:11:08 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/02/06 20:21:36 | 000,200,704 | ---- | M] () -- C:\Program Files\ImageConverter Plus\gpgate.dll
MOD - [2009/02/06 19:28:08 | 001,163,264 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcrtl.dll
MOD - [2008/08/12 03:18:42 | 000,148,480 | ---- | M] () -- D:\Program Files (x86)\Zoom Player\zpshlext.dll
MOD - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
MOD - [2004/09/12 10:17:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ContextMenuExt.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2014/06/19 21:44:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/17 12:36:00 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\netupdsrv.exe -- (ServiceUpdater)
SRV - [2014/06/17 12:35:38 | 000,179,200 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\nethtsrv.exe -- (NetHttpService)
SRV - [2014/06/12 01:23:16 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/29 09:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/21 02:22:13 | 001,643,696 | ---- | M] (AVG Secure Search) [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/11/01 13:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Disabled | Stopped] -- C:\Program Files\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/07/11 14:04:44 | 001,630,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SimracewayUpdater\SRWUpdate.exe -- (Simraceway Update Service)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 19:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JONKUN~1\LOCALS~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avme5g5a)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - [2014/06/17 12:36:08 | 000,049,024 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nethfdrv.sys -- (nethfdrv)
DRV - [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/11/25 02:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/21 02:22:13 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/10/23 02:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/23 02:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/10/21 21:11:50 | 000,054,648 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\networx.sys -- (networx)
DRV - [2013/08/25 11:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/16 05:38:16 | 000,128,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/12/29 20:55:36 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mi2c.sys -- (mi2c)
DRV - [2012/07/14 16:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/09/01 23:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 10:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 02:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/08 03:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 04:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/23 11:55:52 | 000,037,808 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STTub30.sys -- (STTub30)
DRV - [2009/11/17 16:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 23:37:14 | 000,020,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv91cons.sys -- (mv91cons)
DRV - [2009/06/15 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009/06/15 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009/06/15 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2009/06/15 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/03 12:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 12:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 12:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/07/13 14:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...WD-WCALA1141005
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c...WD-WCALA1141005
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.qone8.c...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...WD-WCALA1141005
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{43682B77-B546-4606-A6AD-D81710E1AB36}: "URL" = http://proxy.allsear...q={searchTerms}
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={DE173C5E-C226-4DC4-BB2C-962D2FFB2640}&mid=20a6ed3295f347d3b37dd16c64668bd9-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 17:18:36&v=17.1.3.3&pid=safeguard&sg=69&sap=dsp&q={searchTerms}&cmpid=0913a
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: showmemore%40suskind:2.3
FF - prefs.js..extensions.enabledAddons: %7B524B8EF8-C312-11DB-8039-536F56D89593%7D:4.39.0.0
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.15
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/06/21 16:43:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.1.3.3 [2013/11/21 02:22:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PasswordBox\Firefox [2013/11/21 02:22:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha561\ff [2013/12/20 09:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaWatchV1\MediaWatchV1home606\ff [2014/03/22 12:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaBuzzV1\MediaBuzzV1mode4440\ff [2014/04/26 03:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\RichMediaViewV1\RichMediaViewV1release934\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/19 21:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/19 21:44:18 | 000,000,000 | ---D | M]

[2013/04/18 08:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2014/03/25 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions
[2013/04/18 08:46:27 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2014/03/25 17:50:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/18 08:40:02 | 000,139,518 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\[email protected]
[2013/04/23 22:29:31 | 000,050,279 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2014/03/04 08:11:01 | 000,095,799 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2013/04/18 08:40:02 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/08/01 22:35:30 | 000,224,035 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/06/13 21:51:03 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\empflix.xml
[2013/04/18 10:03:36 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\firefox-add-ons.xml
[2013/11/21 02:24:24 | 000,003,724 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\safeguard-secure-search.xml
[2013/11/05 13:59:20 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\youtube.xml
[2013/05/19 01:51:18 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\zapomcom.xml
[2014/06/19 21:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/06/19 21:44:13 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2014/06/19 21:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/19 21:44:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/19 21:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content
[2014/06/19 21:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults

O1 HOSTS File: ([2013/04/16 19:35:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Webexp Enhanced) - {b2806bf6-b3ad-4158-b378-5f0e502152b9} - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha561\ie\WebexpEnhancedV1alpha561.dll ()
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O4 - HKU\S-1-5-21-1801674531-113007714-682003330-1002..\Run: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe (OrdinarySoft)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\NDAS Device Management.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 8.8.8.8,4.2.2.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 16:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 21:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/20 09:53:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2014/06/19 21:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Revo Uninstaller
[2014/06/19 21:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/19 08:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config
[2014/06/17 08:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/06/12 07:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Adobe
[2014/06/02 21:43:16 | 000,043,264 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2014/06/02 21:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PL-2303 USB-Serial Driver
[2011/04/23 21:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2014/06/20 09:58:02 | 000,008,580 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/06/20 09:57:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/20 09:53:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2014/06/20 09:14:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2014/06/20 09:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/20 08:53:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/06/20 03:29:46 | 000,030,240 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/20 03:29:46 | 000,030,240 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/20 03:29:46 | 000,027,252 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/20 03:29:46 | 000,027,252 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/20 03:29:46 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/19 21:59:18 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Revo Uninstaller.lnk
[2014/06/19 21:02:18 | 000,858,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/06/19 21:02:18 | 000,199,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/06/19 20:58:17 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/19 20:58:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GoforFilesUpdate.job
[2014/06/19 20:57:37 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/19 20:57:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/19 20:57:29 | 3480,276,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/18 15:14:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2014/06/17 12:36:08 | 000,049,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\nethfdrv.sys
[2014/06/17 12:36:00 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\netupdsrv.exe
[2014/06/17 12:35:50 | 000,108,544 | ---- | M] () -- C:\WINDOWS\System32\installd.exe
[2014/06/17 12:35:38 | 000,179,200 | ---- | M] () -- C:\WINDOWS\System32\nethtsrv.exe
[2014/06/17 12:35:28 | 000,108,544 | ---- | M] () -- C:\WINDOWS\System32\hfnapi.dll
[2014/06/17 12:35:18 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hfpapi.dll
[2014/06/13 12:59:59 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/06/12 01:23:16 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/06/12 01:23:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/05/27 09:33:48 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\vso_ts_preview.xml
[2014/05/25 12:47:43 | 000,000,250 | ---- | M] () -- C:\WINDOWS\emug3.ini
[2014/05/24 06:35:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2014/06/19 21:59:18 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Revo Uninstaller.lnk
[2014/06/17 12:36:08 | 000,049,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\nethfdrv.sys
[2014/06/17 12:36:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\netupdsrv.exe
[2014/06/17 12:35:50 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\installd.exe
[2014/06/17 12:35:38 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\nethtsrv.exe
[2014/06/17 12:35:28 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\hfnapi.dll
[2014/06/17 12:35:18 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hfpapi.dll
[2014/04/07 13:14:15 | 000,002,798 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\below_header.jpg
[2014/04/07 13:14:12 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.jpg
[2014/04/05 20:27:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\vso_ts_preview.xml
[2014/02/27 09:53:06 | 000,001,288 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/12/02 13:02:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/05 09:05:49 | 000,054,899 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\06_.jpg
[2013/10/31 22:45:36 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013/09/09 17:18:26 | 000,003,724 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/04/12 09:23:22 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\AtomicAlarmClock.ini
[2013/02/16 23:06:28 | 001,411,275 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2013/02/16 23:06:28 | 000,179,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/31 16:21:02 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2012/12/03 10:36:55 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2012/11/26 22:46:38 | 000,251,575 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/12 21:12:50 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/11/12 21:12:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/11/12 21:12:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 21:12:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 21:12:35 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 15:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 15:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 09:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/06/20 16:29:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\mvraidver.dat
[2012/03/01 00:53:48 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 19:20:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2011/07/06 20:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 20:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 16:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 16:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/06/24 14:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 14:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/21 16:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/04/23 21:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 21:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/06 21:27:58 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 15:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg

========== ZeroAccess Check ==========

[2011/04/02 16:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 05:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 05:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/29 02:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kensington
[2011/04/03 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/10/31 22:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/04/12 23:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/11/03 07:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/09/09 17:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/03 13:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/04/12 23:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/07/22 21:30:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/11 12:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2013/04/12 21:16:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/14 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/11 12:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/25 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/09/07 11:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
[2014/06/20 09:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/18 22:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2012/10/15 21:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2014/02/23 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2011/05/07 01:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/06/11 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2013/10/31 22:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StartMenuX
[2014/04/17 02:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2014/06/20 10:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/12 04:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual RC Pro
[2011/04/23 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2013/07/18 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WarThunder
[2011/05/01 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WOP
[2014/06/19 22:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zoom Player
[2012/06/23 20:34:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\CanonBJ
[2013/05/09 09:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2012/09/21 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AC3Filter
[2011/04/03 11:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2013/06/24 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2013/09/09 17:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG SafeGuard toolbar
[2011/04/03 13:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2013/04/12 22:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG2013
[2011/05/04 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2013/10/31 22:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Canneverbe Limited
[2012/12/17 16:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DAEMON Tools Lite
[2012/06/10 17:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DDMSettings
[2011/04/05 08:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2011/05/20 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2013/11/27 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox
[2011/04/20 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2012/11/07 19:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2013/10/31 10:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\GoforFiles
[2011/04/06 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2012/09/13 09:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\IObit
[2011/04/03 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/03 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2012/09/04 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Leadertech
[2011/06/15 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2014/04/17 02:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Milestone
[2014/02/23 20:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Notepad++
[2011/07/16 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2013/06/20 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Photobucket
[2014/04/28 01:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2013/10/31 22:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\StartMenuX
[2013/10/31 10:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\SwvUpdater
[2013/04/12 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\TuneUp Software
[2014/06/20 09:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ViberPC
[2012/09/28 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\VideoRipper
[2014/05/27 09:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2011/05/05 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay
[2014/04/28 01:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2013/12/12 10:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\AVG SafeGuard toolbar
[2013/12/12 10:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\AVG2013
[2013/12/12 10:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Kensington
[2013/12/12 10:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/06/15 05:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2009/06/15 05:00:00 | 000,023,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2009/06/15 05:00:00 | 000,408,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 06:58:10 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2009/06/15 05:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/06/15 05:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/06/15 05:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/06/15 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/06/15 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/15 05:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 15:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2009/06/15 05:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2009/06/15 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2009/06/15 05:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2009/06/15 05:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2009/06/15 05:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2009/06/15 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2009/06/15 05:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2009/06/15 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/06/15 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2009/06/15 05:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2009/06/15 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/06/15 05:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
No service found with a name of NtmsSvc
SRV - [2009/06/15 05:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2009/06/15 05:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 23:05:07 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/06/15 05:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2009/06/15 05:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2009/06/15 05:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2009/06/15 05:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2009/06/15 05:00:00 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/06/15 05:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2009/06/15 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2009/06/15 05:00:00 | 000,330,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/06/15 05:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2009/06/15 05:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2013/04/22 02:37:18 | 000,618,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/06/15 05:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2009/06/15 05:00:00 | 000,483,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 23:17:16 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2010/04/05 22:34:58 | 000,019,456 | ---- | M] () -- C:\AudioStudy.exe
[2011/04/30 17:22:40 | 000,081,920 | ---- | M] () -- C:\SppConsole.exe
[3 C:\*.tmp files -> C:\*.tmp -> ]

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Hard Drive
Volume Serial Number is 8CB4-9DF0
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
12/01/2013 04:55 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
12/01/2013 04:55 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4
03/19/2014 08:58 PM    <JUNCTION>     v4.0_4.0.96.0__3ff6b78e2989595a
               0 File(s)              0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.Update
03/19/2014 08:58 PM    <JUNCTION>     v4.0_4.0.96.0__3ff6b78e2989595a
               0 File(s)              0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
12/01/2013 04:58 AM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
12/01/2013 04:35 AM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               6 Dir(s)   9,096,925,184 bytes free

< MD5 for: RPCSS.DLL >
[2009/06/15 05:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/06/15 05:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\system32\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >

Could not find Extras.Txt.

#4
Essexboy

Posted 20 June 2014 - 11:43 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there, you appear to have adware city at the moment. After these two programmes have completed could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/06/17 12:36:00 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\netupdsrv.exe -- (ServiceUpdater)
SRV - [2014/06/17 12:35:38 | 000,179,200 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\nethtsrv.exe -- (NetHttpService)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (avme5g5a)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...WD-WCALA1141005
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c...WD-WCALA1141005
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.qone8.c...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itvinasoft.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itvinasoft.com/
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...WD-WCALA1141005
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\SearchScopes\{43682B77-B546-4606-A6AD-D81710E1AB36}: "URL" = http://proxy.allsear...q={searchTerms}
FF - prefs.js..extensions.enabledAddons: showmemore%40suskind:2.3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaWatchV1\MediaWatchV1home606\ff [2014/03/22 12:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaBuzzV1\MediaBuzzV1mode4440\ff [2014/04/26 03:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\RichMediaViewV1\RichMediaViewV1release934\ff
[2014/06/19 21:44:13 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2014/06/19 21:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content
[2014/06/19 21:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults
O2 - BHO: (Webexp Enhanced) - {b2806bf6-b3ad-4158-b378-5f0e502152b9} - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha561\ie\WebexpEnhancedV1alpha561.dll ()
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (no name) - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-113007714-682003330-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2014/06/20 08:53:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/06/17 12:36:08 | 000,049,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\nethfdrv.sys
[2014/06/17 12:36:00 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\netupdsrv.exe
[2014/06/17 12:35:50 | 000,108,544 | ---- | M] () -- C:\WINDOWS\System32\installd.exe
[2014/06/17 12:35:38 | 000,179,200 | ---- | M] () -- C:\WINDOWS\System32\nethtsrv.exe
[2014/06/17 12:35:28 | 000,108,544 | ---- | M] () -- C:\WINDOWS\System32\hfnapi.dll
[2014/06/17 12:35:18 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hfpapi.dll

:Files
C:\WINDOWS\system32\netupdsrv.exe
C:\WINDOWS\system32\nethtsrv.exe
C:\WINDOWS\system32\hfnapi.dll
C:\WINDOWS\system32\hfpapi.dll
C:\Program Files\MediaWatchV1
C:\Program Files\MediaBuzzV1
C:\Program Files\RichMediaViewV1
C:\Program Files\WebexpEnhancedV1

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

#5
jlk69

Posted 21 June 2014 - 09:36 AM

Member

Topic Starter
Member
97 posts

OTL logfile created on: 6/21/2014 8:26:48 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jon Kunkel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.44% Memory free
5.09 Gb Paging File | 4.29 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 10.34 Gb Free Space | 3.70% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 0.79 Gb Free Space | 0.06% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 2.63 Gb Free Space | 2.35% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.21 Gb Free Space | 2.15% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 25.22 Gb Free Space | 8.46% Space Free | Partition Type: NTFS
Drive H: | 54.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 149.04 Gb Total Space | 52.49 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 201.78 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive P: | 8.00 Mb Total Space | 2.74 Mb Free Space | 34.25% Space Free | Partition Type: NTFS

Computer Name: ASROCK_WINXP | User Name: Jon Kunkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/20 09:53:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
PRC - [2014/06/19 21:44:27 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/22 00:36:08 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2014/05/05 14:52:35 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/11/29 09:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/11/29 09:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/10/23 02:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/10/20 11:41:10 | 005,377,856 | ---- | M] (OrdinarySoft) -- C:\Program Files\Start Menu X\StartMenuX.exe
PRC - [2013/10/17 18:34:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2010/07/02 18:20:32 | 005,332,488 | ---- | M] (ASRock) -- C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010/07/01 21:39:16 | 007,990,280 | ---- | M] (ASRock Incorporation) -- C:\Program Files\ASRock Utility\IES\AsrIes.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/15 05:00:00 | 001,789,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/03 12:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/19 21:44:26 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/06/12 01:23:15 | 017,024,688 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll
MOD - [2006/08/03 12:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2014/06/19 21:44:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/12 01:23:16 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/29 09:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/11/01 13:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Disabled | Stopped] -- C:\Program Files\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/07/11 14:04:44 | 001,630,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SimracewayUpdater\SRWUpdate.exe -- (Simraceway Update Service)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 19:46:52 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nethfdrv.sys -- (nethfdrv)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\IesDrv.sys -- (IesDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JONKUN~1\LOCALS~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Drivers\AsrOcDrv.sys -- (AsrOcDrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a8nomp5w)
DRV - [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/11/25 02:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/21 02:22:13 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/10/23 02:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/23 02:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/10/21 21:11:50 | 000,054,648 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\networx.sys -- (networx)
DRV - [2013/08/25 11:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/16 05:38:16 | 000,128,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/12/29 20:55:36 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mi2c.sys -- (mi2c)
DRV - [2012/07/14 16:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/09/01 23:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/05/21 10:03:30 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/22 02:59:58 | 006,060,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/08 03:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 04:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/23 11:55:52 | 000,037,808 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STTub30.sys -- (STTub30)
DRV - [2009/11/17 16:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 23:37:14 | 000,020,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv91cons.sys -- (mv91cons)
DRV - [2009/06/15 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009/06/15 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009/06/15 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2009/06/15 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/03 12:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 12:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 12:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/07/13 14:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "eBay"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: showmemore%40suskind:2.3
FF - prefs.js..extensions.enabledAddons: %7B524B8EF8-C312-11DB-8039-536F56D89593%7D:4.39.0.0
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.15
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/06/21 16:43:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PasswordBox\Firefox [2013/11/21 02:22:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha561\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/19 21:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/19 21:44:18 | 000,000,000 | ---D | M]

[2013/04/18 08:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Extensions
[2014/06/21 07:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions
[2013/04/18 08:46:27 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2014/03/25 17:50:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/18 08:40:02 | 000,139,518 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\[email protected]
[2013/04/23 22:29:31 | 000,050,279 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2014/03/04 08:11:01 | 000,095,799 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2013/04/18 08:40:02 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/06/13 21:51:03 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\empflix.xml
[2013/04/18 10:03:36 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\firefox-add-ons.xml
[2013/11/05 13:59:20 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\youtube.xml
[2013/05/19 01:51:18 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\zapomcom.xml
[2014/06/21 07:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/06/19 21:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/19 21:44:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/06/21 07:25:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [ASRockIES] C:\Program Files\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation)
O4 - HKCU..\Run: [ASRockOCTuner] C:\Program Files\ASRock Utility\OCTuner\ASROC.exe (ASRock)
O4 - HKCU..\Run: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe (OrdinarySoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Using &BitSpirit - D:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link tar&get with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BI&D - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link E&xplorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA5E124-0CBC-4994-B1F1-B9BEED07E422}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CDBE83-452B-43A8-B8AE-677138195F18}: NameServer = 8.8.8.8,4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 16:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 21:12:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/21 07:57:06 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/06/21 07:56:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/21 07:24:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/20 09:53:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2014/06/19 21:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Revo Uninstaller
[2014/06/19 21:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/19 08:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config
[2014/06/17 08:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/06/12 07:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Adobe
[2014/06/02 21:43:16 | 000,043,264 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2014/06/02 21:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PL-2303 USB-Serial Driver
[2011/04/23 21:54:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2014/06/21 08:22:04 | 000,858,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/06/21 08:22:04 | 000,199,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/06/21 08:19:50 | 000,008,580 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/06/21 08:18:08 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/21 08:17:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/21 08:17:34 | 3480,276,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/21 08:14:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002UA.job
[2014/06/21 08:11:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/21 07:58:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/21 07:58:17 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/21 07:58:17 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Mozilla Firefox.lnk
[2014/06/21 07:58:17 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/06/21 07:57:25 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/21 07:54:42 | 001,333,465 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\AdwCleaner.exe
[2014/06/21 07:48:00 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/21 07:45:49 | 000,030,240 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/21 07:45:49 | 000,030,240 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/21 07:45:49 | 000,027,252 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/21 07:45:49 | 000,027,252 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/21 07:45:49 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10051102}.rfx
[2014/06/21 07:25:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/21 00:05:26 | 000,000,504 | -HS- | M] () -- C:\boot.ini
[2014/06/20 09:53:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon Kunkel\Desktop\OTL.exe
[2014/06/19 21:59:18 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Revo Uninstaller.lnk
[2014/06/18 15:14:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-113007714-682003330-1002Core.job
[2014/06/13 12:59:59 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/27 09:33:48 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Jon Kunkel\Application Data\vso_ts_preview.xml
[2014/05/25 12:47:43 | 000,000,250 | ---- | M] () -- C:\WINDOWS\emug3.ini
[2014/05/24 06:35:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Jon Kunkel\My Documents\Jon%20Kunkel.
[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2014/06/21 07:54:41 | 001,333,465 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\AdwCleaner.exe
[2014/06/19 21:59:18 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Desktop\Revo Uninstaller.lnk
[2014/04/07 13:14:15 | 000,002,798 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\below_header.jpg
[2014/04/07 13:14:12 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.jpg
[2014/04/05 20:27:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\vso_ts_preview.xml
[2014/02/27 09:53:06 | 000,001,288 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/12/02 13:02:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/05 09:05:49 | 000,054,899 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\06_.jpg
[2013/10/31 22:45:36 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013/09/09 17:18:26 | 000,003,724 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/04/12 09:23:22 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\AtomicAlarmClock.ini
[2013/02/16 23:06:28 | 001,411,275 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-113007714-682003330-1002-0.dat
[2013/02/16 23:06:28 | 000,179,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/31 16:21:02 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2012/12/03 10:36:55 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2012/11/26 22:46:38 | 000,251,575 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/12 21:12:50 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/11/12 21:12:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/11/12 21:12:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2012/11/12 21:12:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2012/11/12 21:12:35 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.png
[2012/10/28 15:28:05 | 000,007,049 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\bookmark.gif
[2012/10/28 15:28:00 | 000,063,909 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\logo.jpg
[2012/10/28 15:27:47 | 000,071,332 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\.png
[2012/09/13 09:07:49 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/03/01 00:53:48 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 19:20:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\default.rss
[2011/07/06 20:16:14 | 000,065,514 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\25204.jpg
[2011/07/06 20:08:57 | 000,040,293 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\569728.jpg
[2011/07/02 16:09:01 | 000,019,738 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\548457.jpg
[2011/07/02 16:08:39 | 000,044,372 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\384909.jpg
[2011/06/24 14:19:57 | 000,306,741 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\SANY1446.JPG
[2011/06/24 14:01:06 | 000,713,891 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\DSC_6421.JPG
[2011/06/21 16:07:31 | 000,013,361 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\63182-sandee34.jpg
[2011/04/23 21:54:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.cat
[2011/04/23 21:54:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\pcouffin.inf
[2011/04/06 21:27:58 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 15:41:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon Kunkel\Application Data\SuperSafer.cfg

========== ZeroAccess Check ==========

[2011/04/02 16:01:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/06/15 05:00:00 | 002,253,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/15 05:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/06/15 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/03 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/10/31 22:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/04/12 23:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/03 13:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/04/12 23:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/07/22 21:30:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/11 12:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2013/04/12 21:16:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/14 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/11 12:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/04/25 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/09/07 11:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
[2014/06/20 20:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/18 22:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2012/10/15 21:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2014/02/23 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2011/05/07 01:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/06/11 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2013/10/31 22:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StartMenuX
[2014/04/17 02:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2014/06/20 10:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/12 04:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual RC Pro
[2011/04/23 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2013/07/18 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WarThunder
[2011/05/01 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WOP
[2014/06/20 23:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zoom Player
[2012/09/21 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AC3Filter
[2011/04/03 11:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ACD Systems
[2013/06/24 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Audacity
[2011/04/03 13:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG10
[2013/04/12 22:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\AVG2013
[2011/05/04 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BID
[2011/04/06 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BitSpirit
[2011/04/09 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\BlackBean
[2013/10/31 22:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Canneverbe Limited
[2012/12/17 16:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DAEMON Tools Lite
[2012/06/10 17:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\DDMSettings
[2011/04/05 08:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Disney Interactive Studios
[2011/05/20 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Downloadr
[2013/11/27 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Dropbox
[2011/04/20 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ECSoftware
[2012/11/07 19:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\eMule
[2011/04/06 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\flightgear.org
[2011/04/06 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\fltk.org
[2011/04/06 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\InterVideo
[2012/09/13 09:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\IObit
[2011/04/03 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\johnsadventures.com
[2011/04/03 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Kensington
[2012/09/04 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Leadertech
[2011/06/15 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Machete Lite
[2014/04/17 02:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Milestone
[2014/02/23 20:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Notepad++
[2011/07/16 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\OpenDNS Updater
[2013/06/20 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Photobucket
[2014/04/28 01:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Simraceway
[2013/10/31 22:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\StartMenuX
[2013/04/12 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\TuneUp Software
[2014/06/20 09:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\ViberPC
[2012/09/28 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\VideoRipper
[2014/05/27 09:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\Vso
[2011/05/05 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon Kunkel\Application Data\WinWay

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report ># AdwCleaner v3.212 - Report created 21/06/2014 at 07:57:50
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jon Kunkel - ASROCK_WINXP
# Running from : C:\Documents and Settings\Jon Kunkel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\File Type Helper
Folder Deleted : C:\Program Files\MediaViewerV1
Folder Deleted : C:\Program Files\MediaViewV1
Folder Deleted : C:\Program Files\VideoPlayerV3
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\goforfiles
Folder Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\TEMP\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\TEMP\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\StumbleUpon
[!] Folder Deleted : C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\qone8.xml
File Deleted : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\Jon Kunkel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\GoforFilesUpdate.job

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\Jon Kunkel\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Bing Maps 3D.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Internet\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Documents and Settings\Jon Kunkel\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Documents and Settings\Jon Kunkel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MediaBuzzV1
Key Deleted : HKLM\Software\MediaWatchV1
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hsd30nv7.default\prefs.js ]

[ File : C:\Documents and Settings\Jon Kunkel\Application Data\Mozilla\Firefox\Profiles\2k73xokm.default-1366299320296\prefs.js ]

[ File : C:\Documents and Settings\UpdatusUser.ASROCK_WINXP\Application Data\Mozilla\Firefox\Profiles\hsd30nv7.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

*************************

AdwCleaner[R0].txt - [11411 octets] - [21/06/2014 07:56:46]
AdwCleaner[S0].txt - [10542 octets] - [21/06/2014 07:57:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10603 octets] ##########

#6
jlk69

Posted 21 June 2014 - 09:37 AM

Member

Topic Starter
Member
97 posts

Computer seams to be running great (no pop up or ads!)

#7
Essexboy

Posted 21 June 2014 - 10:17 AM

GeekU Moderator

Retired Staff
69,964 posts

Grand, you need to update to IE 8 as it is integral to windows, however, MS no longer has it available for download but I did find Tucows still has a copy http://www.tucows.co...plorer-8-For-XP. However, I am not sure whether they have something bundled with it, to that end I would recommend that you install this small programme first to stop and "additions" . It is fire and forget, once installed there is nothing you need to do

A small tool that may help when you download programmes

http://unchecky.com/

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder

Right click on the Unchecky_setup

or folder and choose to Run as Administrator

Once open click the Install button.

Then click on Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked

Before I tidy up are there any outstanding problems ?

#8
jlk69

Posted 23 June 2014 - 02:02 AM

Member

Topic Starter
Member
97 posts

Well went and installed unchecky then downloaded Internet Explorer 8. Went to install and got a message saying that I needed Internet Explorer 7 before i could install 8. Never use IE I use Firefox. IE 6 is my version of IE.

#9
Essexboy

Posted 23 June 2014 - 07:02 AM

GeekU Moderator

Retired Staff
69,964 posts

Ahh I was hoping that 8 would go on top of 7.... As you have IE6 then your security is compromised, IE is integral to windows

There is a link for IE7 here http://filehippo.com...plorer_xp/3282/

Obviously at the end of the day the choice is yours as to whether you should upgrade but I would highly recommend it

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#10
Essexboy

Posted 25 June 2014 - 09:15 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.