Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What Trojan/Virus sends e-mails to all your contacts?


  • Please log in to reply

#1
oldrailroadgeek

oldrailroadgeek

    Member

  • Member
  • PipPip
  • 83 posts
I received an e-mail from one of my contacts 11/18/2013 with the message: "
[color=rgb(0,][color=rgb(34,][color="black"]Hello,
Please view the document i uploaded for you using Google docs.VIEW HERE just sign in with your email to view the document its very important.
[/color]
[color="black"] Regards,
[/color]
[/color]
[/color]As I was expecting a document template from this person, I clicked on the attachment. It sent me to a Google identified page that requested my email address and password. The logo on the page was definitely Google, so I foolishly supplied the required data to open the document. It of course did not open to anything, just returned me to my Yahoo email. Within 2 minutes I got a second message from this same contact, that her email had been hacked and not to open any attachments from her. At 6:00am on 11/20/2013 I ran a scan with Malwarebytes/Antimalware Pro . The results were no objects found in all categorys. At 4:36pm 11/20/2013 my computer sent emails with this same message to everyone of my contacts. What is the Trojan/Virus that causes this and what can I use to find and destroy it?
Oldrailroadgeek
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi oldrailroadgeek

change your password immediately.


See more http://www.onlinethr...ing-email-scam/

Edited by zep516, 20 November 2013 - 09:12 PM.

  • 0

#3
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Zeb516
Is Virus removal tool by PCT { iexplore http://www.pctuneup.org/fix } ok to use as shown in the link you directed me to? I have already changed Yahoo password.
I have already run scan thru Malwarebytes/Anti-Malware (Pro version) and it detected no objects in all categorys.
oldrailroadgeek
  • 0

#4
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Zeb516
As { iexplore http://www.pctuneup.org/fix } leads to Spyhunter 4 , would running Malwarebytes Pro Anti-Rootkit do the same thing? I have just completed a scan through OTL, and have the OTL.txt report on hand. My primary AV program is ZoneAlarm but it didn't catch this trojan/virus as my browzer is Firefox25 and they are not fully compatible.
oldrailroadgeek

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi oldrailroadgeek,

You don't have a trojan/virus. This was simply an "E-Mail scam" called phishing

phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information.


The only action you need to take is to change your password, because you entered your information at Google docks page.

Don't download any tools from anywhere.

If you feel more comfortable posting the OTL.txt log. I'll look at it for you, there should be another log to called Extra's .txt too

Thanks
Joe :)

Edited by zep516, 20 November 2013 - 11:43 PM.

  • 0

#6
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
Since the event of the e-mail/phishing my internet has been acting up. It takes as much as 2 minutes for pages to load. I have recently cleaned my PC of Malwarebytes/Anti-Malwarebytes Pro and installed new copy and updated. I ran a scan and it resulted in no objects detected. I ran OTL 11/20/13 and Autoruns & MiniToolKit 11/22/13. I failed to do the Extras, I guess I forgot a step in running OTL. I can rerun it.
Oldrailroadgeek Sid

Attached Files

  • Attached File  OTL.Txt   92.81KB   28 downloads

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi oldrailroadgeek,

No need to "attach" logs, paste them directly to the forum. I'm pasting yours directly to the forum so everything is in one place saves a few steps. I'll take a look and get back to you. At a quick glance there is no malware in your log just a few left overs, and certainly nothing to do with any E-Mail and or virus...

Re-run OTL once more so we can re-create the Extras .txt log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be minimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

I'm in training and will need to report to my instructor before any file movement is conducted, so a small delay in response is possible.

OTL logfile created on: 11/20/2013 9:30:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 43.93% Memory free
5.22 Gb Paging File | 4.37 Gb Available in Paging File | 83.70% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 112.49 Gb Free Space | 80.90% Space Free | Partition Type: NTFS

Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/07 15:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/09/06 12:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/08/27 16:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/03 12:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 12:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 12:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 16:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2010/03/11 11:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 11:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/17 05:33:48 | 000,065,936 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
MOD - [2013/10/10 02:37:14 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 02:34:14 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
MOD - [2013/10/10 02:11:12 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/09/22 02:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 02:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 02:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 02:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 02:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 02:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 02:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 02:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 02:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 02:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 02:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 02:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 02:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/08/15 02:32:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:32:25 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/15 02:21:14 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 02:20:20 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/08/15 02:05:00 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/13 02:14:20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/11/19 19:15:22 | 000,074,928 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 10:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/11/19 20:50:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/30 09:39:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/17 16:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/10 22:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/17 02:02:10 | 000,144,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stop_Pending] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013/07/17 02:02:08 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/15 21:06:08 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/11/15 21:06:06 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/11/02 13:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/17 16:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 16:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 16:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/02/03 10:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/01/29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 20:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/11/30 18:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/19 16:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2013/11/06 11:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions
[2013/11/06 11:08:37 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions\[email protected]
[2013/03/21 02:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/30 09:39:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (no name) - {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/18 23:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/17 19:08:12 | 000,360,775 | ---- | C] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\FSS.exe
[2013/11/17 10:52:57 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\MiniToolBox.exe
[2013/11/15 12:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/11/15 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/11/15 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/11/15 11:12:57 | 005,647,256 | ---- | C] (Auslogics Labs Pty Ltd ) -- C:\Documents and Settings\Sid Bailey\Desktop\disk-defrag-setup.exe
[2013/11/15 11:11:47 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Sid Bailey\Desktop\ATF-Cleaner.exe
[2013/11/14 15:18:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2013/11/14 15:18:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/11/14 15:18:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2013/11/14 15:18:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2013/11/14 15:18:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2013/11/14 15:18:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2013/11/14 15:18:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2013/11/14 15:18:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2013/11/14 15:18:01 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2013/11/13 22:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns
[2013/11/11 10:56:44 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\TFC.exe
[2013/11/10 18:46:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/11/10 18:42:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/10 18:34:48 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
[2013/11/07 15:22:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
[2013/11/06 10:50:10 | 000,144,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kneps.sys
[2013/11/06 10:50:08 | 000,043,608 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kltdi.sys
[2013/11/06 10:49:53 | 000,035,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klim5.sys
[2013/11/06 10:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2013/10/30 09:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/29 23:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\Copy of Downloads
[2013/10/29 22:45:26 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\WINDOWS\System32\IDrLocale.dll
[2013/10/29 22:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\ZoneAlarmBackup
[2013/10/29 22:45:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2013/10/29 22:45:21 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\WINDOWS\System32\ZABackupService.dll
[2013/10/29 22:45:21 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\WINDOWS\System32\LogMail.dll
[2013/10/29 22:45:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2013/10/29 22:45:21 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2013/10/29 22:45:20 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVBVM60.DLL
[2013/10/29 22:45:20 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2013/10/29 22:45:20 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCTL32.OCX
[2013/10/29 22:45:20 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2013/10/29 22:45:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2013/10/29 22:45:20 | 000,086,016 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBwinUtil.ocx
[2013/10/29 22:45:20 | 000,026,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20ENU.DLL
[2013/10/29 22:45:20 | 000,024,576 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBcalendarser.ocx
[2013/10/29 22:45:19 | 001,129,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL
[2013/10/29 22:45:19 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\WINDOWS\System32\HLButton.ocx
[2013/10/29 22:45:19 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\WINDOWS\System32\Disable_X.ocx
[2013/10/29 22:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmBackup
[2013/10/25 23:07:48 | 000,529,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

========== Files - Modified Within 30 Days ==========

[2013/11/20 22:03:10 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/20 20:40:08 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/11/20 19:49:38 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2013/11/20 14:00:07 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/11/20 12:02:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/11/20 10:10:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/11/20 08:46:47 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2013/11/19 20:50:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/19 20:50:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/19 13:48:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-11.xlr
[2013/11/19 13:48:28 | 000,013,834 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2013/11/18 23:54:44 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/18 23:54:44 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/18 23:50:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/18 23:50:17 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/18 23:41:22 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/18 23:41:21 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/11/18 20:00:07 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Orders.wps
[2013/11/18 15:42:44 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-10.xlr
[2013/11/18 01:06:12 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2013/11/17 19:08:13 | 000,360,775 | ---- | M] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\FSS.exe
[2013/11/17 10:52:57 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\MiniToolBox.exe
[2013/11/16 10:52:28 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Blood Press.xlr
[2013/11/15 12:27:42 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Auslogics DiskDefrag.lnk
[2013/11/15 11:12:59 | 005,647,256 | ---- | M] (Auslogics Labs Pty Ltd ) -- C:\Documents and Settings\Sid Bailey\Desktop\disk-defrag-setup.exe
[2013/11/15 11:11:47 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Sid Bailey\Desktop\ATF-Cleaner.exe
[2013/11/14 20:46:41 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-17-2013.wps
[2013/11/13 22:16:19 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to autoruns.exe.lnk
[2013/11/13 22:06:18 | 000,073,732 | ---- | M] () -- C:\WINDOWS\System32\perfmon.msc
[2013/11/13 21:58:23 | 000,550,371 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns.zip
[2013/11/13 03:05:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 21:15:15 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Beginning of Iaeger.wps
[2013/11/12 08:31:25 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\TFC.exe
[2013/11/10 18:38:29 | 001,073,262 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
[2013/11/10 18:34:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
[2013/11/10 13:20:50 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to JavaRa.lnk
[2013/11/08 12:32:29 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2013/11/08 10:54:59 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-10-2013.wps
[2013/11/07 16:19:44 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\checkup.lnk
[2013/11/07 15:29:00 | 000,891,184 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\SecurityCheck.exe
[2013/11/07 15:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
[2013/11/06 10:57:21 | 000,418,108 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/11/06 10:48:51 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2013/11/01 13:53:10 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.wdb
[2013/11/01 08:26:50 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-03-2013.wps
[2013/10/29 22:45:24 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2013/10/29 22:45:24 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2013/10/29 22:45:24 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2013/10/29 22:30:55 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Default.rdp
[2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2013/10/24 12:18:18 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 10-27-2013.wps
[2013/10/24 10:49:04 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Reg 10-2013.xlr
[2013/10/24 10:47:48 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Collect Report 11-2013.xlr
[2013/10/24 10:09:57 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Collect Report 10-13.xlr
[2013/10/22 22:16:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD 1956-1957 T1.xlr
[2013/10/22 21:23:46 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD1954-1955 T1.xlr
[2013/10/22 21:23:14 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD 1954-1955 T2.xlr
[2013/10/22 21:20:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD 1954-1955.xlr
[2013/10/22 20:45:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2013/11/18 19:48:43 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Orders.wps
[2013/11/16 11:08:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-11.xlr
[2013/11/15 12:27:41 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Auslogics DiskDefrag.lnk
[2013/11/14 20:42:47 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-17-2013.wps
[2013/11/13 22:16:19 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to autoruns.exe.lnk
[2013/11/13 21:58:20 | 000,550,371 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns.zip
[2013/11/11 01:05:56 | 000,000,018 | ---- | C] () -- C:\UserName.ini
[2013/11/10 18:38:28 | 001,073,262 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
[2013/11/10 13:20:50 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to JavaRa.lnk
[2013/11/08 10:43:09 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-10-2013.wps
[2013/11/07 16:19:44 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\checkup.lnk
[2013/11/07 15:29:00 | 000,891,184 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\SecurityCheck.exe
[2013/11/06 22:44:37 | 1474,809,856 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/01 13:39:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.wdb
[2013/10/30 10:39:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-03-2013.wps
[2013/10/29 22:45:24 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2013/10/29 22:45:24 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2013/10/29 22:45:24 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2013/10/29 22:45:23 | 000,569,368 | ---- | C] () -- C:\WINDOWS\System32\olelib.tlb
[2013/10/29 22:45:23 | 000,022,212 | ---- | C] () -- C:\WINDOWS\System32\olelib2.tlb
[2013/10/29 22:45:23 | 000,003,841 | ---- | C] () -- C:\WINDOWS\System32\server.pem
[2013/10/29 22:45:21 | 000,147,130 | ---- | C] () -- C:\WINDOWS\System32\CRYPT32.LIB
[2013/10/29 22:45:21 | 000,117,982 | ---- | C] () -- C:\WINDOWS\System32\ADVAPI32.LIB
[2013/10/29 22:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 22:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 22:45:21 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterZABackupDll.bat
[2013/10/29 22:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/10/29 22:45:20 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\rootcert.pem
[2013/10/29 22:45:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IBColIml.ocx
[2013/10/29 22:30:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Default.rdp
[2013/10/24 10:53:18 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 10-27-2013.wps
[2013/10/24 10:47:48 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Collect Report 11-2013.xlr
[2013/10/24 10:31:16 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Reg 10-2013.xlr
[2013/10/24 10:09:57 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Collect Report 10-13.xlr
[2013/10/22 21:29:31 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD 1956-1957 T1.xlr
[2013/10/22 21:23:45 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD1954-1955 T1.xlr
[2013/10/22 21:23:14 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD 1954-1955 T2.xlr
[2013/10/22 21:20:38 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\CD 1954-1955.xlr
[2013/09/07 18:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 02:24:20 | 000,308,815 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 02:24:13 | 000,149,430 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 18:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 11:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 11:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 00:38:54 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 14:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 08:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 11:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 14:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 17:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/04/24 18:16:15 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/15 18:31:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 18:26:30 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/02/11 12:12:54 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2012/02/11 12:12:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2012/02/11 12:12:54 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2012/01/31 10:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/25 10:49:50 | 000,000,159 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2012/01/24 15:07:00 | 000,000,974 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2012/01/17 17:28:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2012/01/17 17:22:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/01/17 17:22:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/01/17 17:22:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/01/17 17:22:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/01/17 17:22:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/01/17 17:22:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/01/17 17:22:15 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/01/17 17:22:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/01/17 17:21:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/01/17 17:21:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2012/01/17 16:33:30 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/17 16:33:30 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/17 16:33:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/17 16:21:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/01/17 16:15:05 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/01/17 16:07:06 | 000,013,834 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2005/01/09 20:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/12 09:54:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 1

#8
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
I'll run OTL again and post results tomorrow
Oldrailroadgeek
  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Thanks for that.

See you on Saturday....:)
  • 0

#10
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
Here is the Extras.txt
Sid
OTL Extras logfile created on: 11/22/2013 11:17:49 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 40.99% Memory free
5.22 Gb Paging File | 4.33 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 112.20 Gb Free Space | 80.70% Space Free | Partition Type: NTFS

Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Reconnect To Technician] -- cmd.exe /c start iexplore.exe logmein123.com (Microsoft Corporation)
Directory [Start Team Viewer] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)
"C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 1000 J110 series) -- (Hewlett-Packard Co.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series" = Canon MG2200 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C511D4D-FBD5-4748-822C-4E51BC0CC87E}" = ZoneAlarm DataLock
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}" = HP Deskjet 1000 J110 series Basic Device Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{BBA8F374-46CC-4C97-A630-30DB52BB93F9}" = HP Deskjet 1000 J110 series Product Improvement Study
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MG2200 series On-screen Manual" = Canon MG2200 series On-screen Manual
"Canon MG2200 series User Registration" = Canon MG2200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Card Games for Windows" = Card Games for Windows
"FreeFileViewer_is1" = Free File Viewer 2012
"HP Photo Creations" = HP Photo Creations
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Tune-Up" = PC Tune-Up
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2013 10:43:18 AM | Computer Name = YOUR-0C81E70C58 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 10/22/2013 9:42:13 PM | Computer Name = YOUR-0C81E70C58 | Source = SonicMCEBurnEngine | ID = 0
Description = Exception occurred: excp'n type: Microsoft.MediaCenter.AddIn.DiscWriter.NoMediaListMakerException

excp'n msg: CanProceed found no media No stack trace available.

Error - 10/28/2013 5:00:09 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/28/2013 5:00:09 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/9/2013 8:31:22 PM | Computer Name = YOUR-0C81E70C58 | Source = MsiInstaller | ID = 11706
Description = Product: Playalot Games -- Error 1706. An installation package for
the product Playalot Games cannot be found. Try the installation again using a
valid copy of the installation package 'setup.msi'.

Error - 11/10/2013 2:25:58 PM | Computer Name = YOUR-0C81E70C58 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001ddc.

Error - 11/10/2013 2:26:06 PM | Computer Name = YOUR-0C81E70C58 | Source = Application Error | ID = 1001
Description = Fault bucket 1998465276.

Error - 11/11/2013 4:57:14 PM | Computer Name = YOUR-0C81E70C58 | Source = MsiInstaller | ID = 11706
Description = Product: Playalot Games -- Error 1706. An installation package for
the product Playalot Games cannot be found. Try the installation again using a
valid copy of the installation package 'setup.msi'.

Error - 11/14/2013 4:23:47 PM | Computer Name = YOUR-0C81E70C58 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 11/14/2013 4:32:04 PM | Computer Name = YOUR-0C81E70C58 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

[ System Events ]
Error - 11/15/2013 1:19:09 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Privacy Service service failed to start due to the following
error: %%1053

Error - 11/18/2013 4:40:59 PM | Computer Name = YOUR-0C81E70C58 | Source = Print | ID = 6161
Description = The document mob check 2013-10.xlr owned by Sid Bailey failed to print
on printer Canon MG2200 series Printer. Data type: NT EMF 1.008. Size of the spool
file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document:
0. Number of pages printed: 0. Client machine: \\YOUR-0C81E70C58. Win32 error code
returned by the print processor: 259 (0x103).

Error - 11/19/2013 12:52:04 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
iaStor
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 11/21/2013 8:19:53 AM | Computer Name = YOUR-0C81E70C58 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.7 on
the Network Card with network address 001D72BA841F.

Error - 11/21/2013 8:19:55 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 11/21/2013 4:02:42 PM | Computer Name = YOUR-0C81E70C58 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.7 on
the Network Card with network address 001D72BA841F.

Error - 11/21/2013 4:02:53 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WSWNA3100 service.

Error - 11/21/2013 9:03:14 PM | Computer Name = YOUR-0C81E70C58 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.7 on
the Network Card with network address 001D72BA841F.

Error - 11/21/2013 9:52:21 PM | Computer Name = YOUR-0C81E70C58 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 11/22/2013 8:46:38 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.


< End of report >
  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi oldrailroadgeek,

Just a few things to remove. It appears you had Kaspersky Anti Virus installed. I see "left over" Driver files that we should remove. There included in my fix.

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ISW] File not found
    DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2013/07/17 02:02:10 | 000,144,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stop_Pending] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
    DRV - [2013/07/17 02:02:08 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
    DRV - [2012/11/15 21:06:08 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
    DRV - [2012/11/15 21:06:06 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    FF - user.js - File not found
    O2 - BHO: (no name) - {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)


Please post the following logs in your next reply:

  • C:\_OTL\Moved Files
  • OTL.txt
  • AdwCleaner[R0].txt
  • Eset log

Thanks
Joe :)
  • 1

#12
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Joe,
When I open OTL, there is no action bar showing File, Edit, View, etc. How do I paste the commands into the Custom Scan/Fixes box?
Sid
  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi Sid,

Hi Joe,
When I open OTL, there is no action bar showing File, Edit, View, etc. How do I paste the commands into the Custom Scan/Fixes box?
Sid


Sorry you're having trouble :(

Here's an example of where to paste the script into OTL. Just copy the lines in the code box, and paste them directly into the empty box under Custom Scans/Fixes box at the bottom.

Example below
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following code I gave you.
    Posted Image



  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Edited by zep516, 24 November 2013 - 05:43 PM.

  • 0

#14
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Joe,
Finally got my act together and got everything run properly and the logs are attached. On the eset program, there was no prompt for me to allow for the the Add-On/ Active X to install.

Sid [Oldrailroadgeek]

OTL Moved Files
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
Error: Unable to stop service KLIF!
Unable to delete service\driver key KLIF.
File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.
Error: Unable to stop service kneps!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kneps deleted successfully.
C:\WINDOWS\system32\drivers\kneps.sys moved successfully.
Error: Unable to stop service KL1!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KL1 deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\kl1.sys scheduled to be moved on reboot.
Error: Unable to stop service kltdi!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kltdi deleted successfully.
C:\WINDOWS\system32\drivers\kltdi.sys moved successfully.
Error: Unable to stop service klim5!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klim5 deleted successfully.
C:\WINDOWS\system32\drivers\klim5.sys moved successfully.
Error: Unable to stop service kl2!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kl2 deleted successfully.
C:\WINDOWS\system32\drivers\kl2.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sid Bailey\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sid Bailey\Desktop\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 18499811 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66576 bytes
->Temporary Internet Files folder emptied: 9906258 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sid Bailey
->Temp folder emptied: 105139936 bytes
->Temporary Internet Files folder emptied: 199985 bytes
->FireFox cache emptied: 314762831 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 840 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10374540 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 365735560 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 76312 bytes

Total Files Cleaned = 787.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11252013_103913

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\kl1.sys scheduled to be moved on reboot.
C:\Documents and Settings\Sid Bailey\Local Settings\Temp\~DF6FA9.tmp moved successfully.
C:\WINDOWS\temp\ZLT01a5f.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL.txt
OTL logfile created on: 11/25/2013 10:53:47 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 36.17% Memory free
5.23 Gb Paging File | 4.44 Gb Available in Paging File | 84.96% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 112.63 Gb Free Space | 81.01% Space Free | Partition Type: NTFS

Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/24 18:16:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/09/06 12:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/08/27 16:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/03 12:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 12:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 12:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 16:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2010/03/11 11:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 11:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 02:37:14 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 02:34:14 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
MOD - [2013/09/22 02:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 02:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 02:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 02:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 02:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 02:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 02:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 02:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 02:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 02:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 02:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 02:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 02:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/08/15 02:32:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:32:25 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/15 02:21:14 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 02:05:00 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/13 02:14:20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/11/19 19:15:22 | 000,074,928 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 10:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/11/19 20:50:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/12 22:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/17 16:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/10 22:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/02 13:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/17 16:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 16:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 16:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/02/03 10:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/01/29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 20:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/11/30 18:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/19 16:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2013/11/06 11:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions
[2013/11/06 11:08:37 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions\[email protected]
[2013/03/21 02:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2013/11/25 13:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/25 13:51:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/25 13:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/11/25 10:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Desktop\11252013_103913
[2013/11/25 10:39:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/21 21:19:05 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/21 20:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\Malwarebytes
[2013/11/21 20:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/21 20:53:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/21 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/18 23:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/17 19:08:12 | 000,360,775 | ---- | C] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\FSS.exe
[2013/11/17 10:52:57 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\MiniToolBox.exe
[2013/11/15 12:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/11/15 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/11/15 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/11/15 11:12:57 | 005,647,256 | ---- | C] (Auslogics Labs Pty Ltd ) -- C:\Documents and Settings\Sid Bailey\Desktop\disk-defrag-setup.exe
[2013/11/13 22:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns
[2013/11/11 10:56:44 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\TFC.exe
[2013/11/10 18:46:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/11/10 18:42:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/10 18:34:48 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
[2013/11/07 15:22:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
[2013/11/06 10:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2013/10/30 09:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/29 23:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\Copy of Downloads
[2013/10/29 22:45:26 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\WINDOWS\System32\IDrLocale.dll
[2013/10/29 22:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\ZoneAlarmBackup
[2013/10/29 22:45:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2013/10/29 22:45:21 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\WINDOWS\System32\ZABackupService.dll
[2013/10/29 22:45:21 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\WINDOWS\System32\LogMail.dll
[2013/10/29 22:45:20 | 000,086,016 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBwinUtil.ocx
[2013/10/29 22:45:20 | 000,024,576 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBcalendarser.ocx
[2013/10/29 22:45:19 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\WINDOWS\System32\HLButton.ocx
[2013/10/29 22:45:19 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\WINDOWS\System32\Disable_X.ocx
[2013/10/29 22:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmBackup

========== Files - Modified Within 30 Days ==========

[2013/11/25 22:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/25 13:51:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/25 13:51:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/11/25 13:44:05 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/25 13:44:05 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/25 13:39:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/25 13:39:50 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/24 23:05:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2013/11/24 18:16:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
[2013/11/22 21:51:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to Search Results.lnk
[2013/11/22 20:40:17 | 001,705,212 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\AutoRuns 11-22-13.arn
[2013/11/22 19:46:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/22 11:56:57 | 000,014,172 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2013/11/22 11:56:57 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 10-31-13.xlr
[2013/11/22 10:54:21 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-24-2013.wps
[2013/11/22 08:30:39 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2013/11/21 21:23:42 | 000,047,064 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/21 20:53:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/19 13:48:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-11.xlr
[2013/11/18 23:41:22 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/18 23:41:21 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/11/18 20:00:07 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Orders.wps
[2013/11/18 15:42:44 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-10.xlr
[2013/11/18 01:06:12 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2013/11/17 19:08:13 | 000,360,775 | ---- | M] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\FSS.exe
[2013/11/17 10:52:57 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\MiniToolBox.exe
[2013/11/16 10:52:28 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Blood Press.xlr
[2013/11/15 12:27:42 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Auslogics DiskDefrag.lnk
[2013/11/15 11:12:59 | 005,647,256 | ---- | M] (Auslogics Labs Pty Ltd ) -- C:\Documents and Settings\Sid Bailey\Desktop\disk-defrag-setup.exe
[2013/11/14 20:46:41 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-17-2013.wps
[2013/11/13 22:16:19 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to autoruns.exe.lnk
[2013/11/13 22:06:18 | 000,073,732 | ---- | M] () -- C:\WINDOWS\System32\perfmon.msc
[2013/11/13 21:58:23 | 000,550,371 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns.zip
[2013/11/13 03:05:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 21:15:15 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Beginning of Iaeger.wps
[2013/11/12 08:31:25 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\TFC.exe
[2013/11/10 18:38:29 | 001,073,262 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
[2013/11/10 18:34:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
[2013/11/10 13:20:50 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to JavaRa.lnk
[2013/11/08 12:32:29 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2013/11/08 10:54:59 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-10-2013.wps
[2013/11/07 16:19:44 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\checkup.lnk
[2013/11/07 15:29:00 | 000,891,184 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\SecurityCheck.exe
[2013/11/06 10:57:21 | 000,418,108 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/11/06 10:48:51 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2013/11/01 13:53:10 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.wdb
[2013/11/01 08:26:50 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-03-2013.wps
[2013/10/29 22:45:24 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2013/10/29 22:45:24 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2013/10/29 22:45:24 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2013/10/29 22:30:55 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Default.rdp

========== Files Created - No Company Name ==========

[2013/11/25 13:51:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/25 13:51:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/25 13:51:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/11/22 21:51:01 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to Search Results.lnk
[2013/11/22 20:40:14 | 001,705,212 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\AutoRuns 11-22-13.arn
[2013/11/22 11:42:05 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 10-31-13.xlr
[2013/11/22 10:54:21 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-24-2013.wps
[2013/11/21 20:53:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/18 19:48:43 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Orders.wps
[2013/11/16 11:08:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-11.xlr
[2013/11/15 12:27:41 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Auslogics DiskDefrag.lnk
[2013/11/14 20:42:47 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-17-2013.wps
[2013/11/13 22:16:19 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to autoruns.exe.lnk
[2013/11/13 21:58:20 | 000,550,371 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns.zip
[2013/11/11 01:05:56 | 000,000,018 | ---- | C] () -- C:\UserName.ini
[2013/11/10 18:38:28 | 001,073,262 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
[2013/11/10 13:20:50 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to JavaRa.lnk
[2013/11/08 10:43:09 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-10-2013.wps
[2013/11/07 16:19:44 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\checkup.lnk
[2013/11/07 15:29:00 | 000,891,184 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\SecurityCheck.exe
[2013/11/06 22:44:37 | 1474,809,856 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/01 13:39:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.wdb
[2013/10/30 10:39:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-03-2013.wps
[2013/10/29 22:45:24 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2013/10/29 22:45:24 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2013/10/29 22:45:24 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2013/10/29 22:45:23 | 000,569,368 | ---- | C] () -- C:\WINDOWS\System32\olelib.tlb
[2013/10/29 22:45:23 | 000,022,212 | ---- | C] () -- C:\WINDOWS\System32\olelib2.tlb
[2013/10/29 22:45:23 | 000,003,841 | ---- | C] () -- C:\WINDOWS\System32\server.pem
[2013/10/29 22:45:21 | 000,147,130 | ---- | C] () -- C:\WINDOWS\System32\CRYPT32.LIB
[2013/10/29 22:45:21 | 000,117,982 | ---- | C] () -- C:\WINDOWS\System32\ADVAPI32.LIB
[2013/10/29 22:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 22:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 22:45:21 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterZABackupDll.bat
[2013/10/29 22:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/10/29 22:45:20 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\rootcert.pem
[2013/10/29 22:45:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IBColIml.ocx
[2013/10/29 22:30:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Default.rdp
[2013/09/07 18:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 02:24:20 | 000,308,815 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 02:24:13 | 000,149,430 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 18:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 11:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 11:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 00:38:54 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 14:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 08:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 11:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 14:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 17:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/04/24 18:16:15 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/15 18:31:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 18:26:30 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/02/11 12:12:54 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2012/02/11 12:12:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2012/02/11 12:12:54 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2012/01/31 10:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/25 10:49:50 | 000,000,159 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2012/01/24 15:07:00 | 000,000,974 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2012/01/17 17:28:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2012/01/17 17:22:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/01/17 17:22:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/01/17 17:22:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/01/17 17:22:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/01/17 17:22:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/01/17 17:22:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/01/17 17:22:15 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/01/17 17:22:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/01/17 17:21:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/01/17 17:21:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2012/01/17 16:33:30 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/17 16:33:30 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/17 16:33:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/17 16:21:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/01/17 16:15:05 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/01/17 16:07:06 | 000,014,172 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2005/01/09 20:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/12 09:54:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/15 12:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2012/04/16 20:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2012/02/11 14:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/08/14 18:06:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/08/14 18:51:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/08/19 10:32:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMIG
[2013/09/22 21:26:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/11/01 08:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2013/09/01 16:32:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2013/08/16 14:45:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013/08/14 18:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/02/11 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/17 16:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/16 20:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Expert PDF 7
[2012/04/16 20:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Expert PDF Jobs
[2013/03/28 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/02/11 14:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 16:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/07/29 11:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/09/18 21:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2013/03/29 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/30 19:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\AVG
[2013/08/21 18:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\canon
[2013/11/06 10:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Check Point Software Technologies LTD
[2013/11/12 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\CheckPoint
[2012/04/05 14:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\DVDVideoSoft
[2013/07/24 22:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\EurekaLog
[2012/04/16 20:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Expert PDF 7
[2013/02/15 10:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\FreeFileViewer
[2013/09/18 19:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MailFrontier
[2012/05/22 18:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MusicOasis
[2013/03/18 10:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\SmartPCFix
[2012/01/20 21:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Special K Software
[2012/02/01 09:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe:SummaryInformation

< End of report >

ADWCleaner [RO].txt

# AdwCleaner v3.011 - Report created 25/11/2013 at 13:37:17
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Sid Bailey - YOUR-0C81E70C58
# Running from : C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [2306 octets] - [12/11/2013 13:15:25]
AdwCleaner[R3].txt - [1301 octets] - [25/11/2013 13:26:28]
AdwCleaner[R4].txt - [1101 octets] - [25/11/2013 13:37:17]
AdwCleaner[S1].txt - [3989 octets] - [10/11/2013 23:36:37]
AdwCleaner[S2].txt - [2389 octets] - [12/11/2013 13:17:41]
AdwCleaner[S3].txt - [1362 octets] - [25/11/2013 13:31:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1341 octets] ##########

ESET log

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9aac695cd73e945bd4bdf92f819fedd
# engine=16033
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-26 05:00:01
# local_time=2013-11-26 12:00:01 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=9217 16776893 100 13 0 1803141 0 0
# scanned=43789
# found=12
# cleaned=0
# scan_time=5606
sh=E3B0AD8E36223E77C83D97FE3C9898538C10F95E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Sid Bailey\Application Data\AVG\Rescue\PC Tuneup 2011\120130195851359.rsc"
sh=9CB411B941E5D981AD03F20A235A9B12AA9E2500 ft=1 fh=c34c8922cff978a7 vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll"
sh=A1A1FB734C06F94A4DDB04F9DDF6B2CC4544A3EF ft=1 fh=ad770adcb4fd8b40 vn="probably a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll"
sh=88D9903025D0B7ACEB71F20A9F0072A817EB0F4B ft=1 fh=28d3aba9dd98986a vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe"
sh=4D8009A1CD88C57ABBD0DAF4CA65FD5AB642466A ft=1 fh=efbe008d77ca4685 vn="a variant of Win32/Toolbar.Montiera.F application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll"
sh=FBA4A75CEB214265D5B00C8804BEBC47B19677A8 ft=1 fh=7fc2e3cfe141dcc9 vn="a variant of Win32/Toolbar.Escort.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll"
sh=7D88383C44FDAA38E0D29B63F997635CDE9BF1DC ft=1 fh=c71c00111b20784d vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll"
sh=BC1E722817649F418D69AC649F876A51678080AD ft=1 fh=c71c0011931c2410 vn="probably a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll"
sh=218D826DF7CEFCE7B428F53A7ACDF10F50F026C2 ft=1 fh=8db84d6f75cab766 vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe"
sh=839C7BD3E480D2B2E52EBB7784DA99FBEF0BE1B3 ft=1 fh=087cc1d5e496e287 vn="a variant of Win32/Toolbar.Montiera.F application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll"
sh=7A219354FC60B0CF6ED52E610C3140CE704CC656 ft=1 fh=83737b1a97540dba vn="a variant of Win32/Toolbar.Escort.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll"
sh=28F81FA9CC2F237BB3DCB5F2D9E43DBB64E6CB34 ft=1 fh=51b4fcd41bbc33f1 vn="multiple threats" ac=I fn="C:\Program Files\CheckPoint\Install\zatb.exe"


Check Point Software Technologies is the producer of Zone Alarm which is my Anti-Virus system. This Anti Virus was disabled during the ESET Scan
Sid

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Very well done !

I shall review and post further instruction.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP