Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What Trojan/Virus sends e-mails to all your contacts?


  • Please log in to reply

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hi oldrailroadgeek,

YOUR COMPUTER LOOKS IN VERY WELL CONDITION!! :)

"ESET" On-Line Scanner--- Does not like Zone Alarm toolbar, that's why it flagged the entries in Zone Alarm. This is nothing to worry about.


Just a few left over things to remove using OTL again

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    FF - user.js - File not found
    
    :Commands
    [reboot]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.


Next

Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
    This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

In your next reply post:
  • C:\_OTL\Moved Files
  • OTL.txt
  • AdwCleaner.txt

Let me know how the computer is running

Thanks
Joe :)
  • 1

Advertisements


#17
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
Sorry about delay in reply; but here is result of OTL [run fix]. I have not run ADWcleaner yet as OTL removal failed.
Oldrailroadgeek

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: Unable to stop service KLIF!
Unable to delete service\driver key KLIF.
File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12032013_000601

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
NOTE!!
Zone Alarm firewall and antivirus were turned off during OTL RunFix!!
  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hi oldrailroadgeek,
Wild and Wonderful W.Va. :)

RE:
File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be MOVED on reboot.


When you get time Run adwcleaner
Post the log from it.

Then

Post fresh OTL LOG

Thanks
Joe :)

Edited by zep516, 02 December 2013 - 11:30 PM.

  • 0

#19
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
Here are the results from the ADWClean and the latest OTL run. OTL is first the Extras and then ADW
Oldrairoadgeek

OTL
OTL logfile created on: 12/3/2013 10:26:36 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 53.23% Memory free
5.23 Gb Paging File | 4.66 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 112.29 Gb Free Space | 80.76% Space Free | Partition Type: NTFS

Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/24 18:16:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/08/27 16:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/03 12:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 12:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 12:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 16:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/03/11 11:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 11:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 02:37:14 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 02:34:14 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
MOD - [2013/09/22 02:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 02:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 02:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 02:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 02:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 02:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 02:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 02:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 02:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 02:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 02:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 02:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 02:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/08/15 02:32:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:32:25 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/15 02:21:14 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 02:05:00 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/13 02:14:20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/11/19 19:15:22 | 000,074,928 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 10:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/11/19 20:50:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/12 22:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/17 16:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 17:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/10 22:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/02 13:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/17 16:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 16:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 16:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/02/03 10:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/01/29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 20:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/11/30 18:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/19 16:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2013/11/06 11:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions
[2013/11/06 11:08:37 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions\[email protected]
[2013/03/21 02:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2013/10/30 09:38:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2013/11/25 13:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/25 13:51:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/02 20:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Desktop\12022013_202332
[2013/11/25 13:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/11/25 10:39:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/21 21:19:05 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/21 20:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\Malwarebytes
[2013/11/21 20:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/21 20:53:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/21 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/17 19:08:12 | 000,360,775 | ---- | C] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\FSS.exe
[2013/11/17 10:52:57 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\MiniToolBox.exe
[2013/11/15 12:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/11/15 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/11/15 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/11/15 11:12:57 | 005,647,256 | ---- | C] (Auslogics Labs Pty Ltd ) -- C:\Documents and Settings\Sid Bailey\Desktop\disk-defrag-setup.exe
[2013/11/15 11:11:47 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Sid Bailey\Desktop\ATF-Cleaner.exe
[2013/11/14 15:18:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2013/11/14 15:18:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/11/14 15:18:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2013/11/14 15:18:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2013/11/14 15:18:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2013/11/14 15:18:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2013/11/14 15:18:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2013/11/14 15:18:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2013/11/14 15:18:01 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2013/11/13 22:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns
[2013/11/11 10:56:44 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\TFC.exe
[2013/11/10 18:46:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/11/10 18:42:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/10 18:34:48 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
[2013/11/07 15:22:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
[2013/11/06 10:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point

========== Files - Modified Within 30 Days ==========

[2013/12/03 10:27:47 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/03 10:27:47 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/03 10:23:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/03 10:23:19 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 10:12:50 | 001,110,034 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
[2013/12/03 10:03:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/02 20:11:21 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2013/12/01 14:03:39 | 000,372,046 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0006.jpg
[2013/12/01 14:03:35 | 000,811,237 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0005.jpg
[2013/12/01 14:00:25 | 001,023,646 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0004.jpg
[2013/12/01 13:57:28 | 000,478,944 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0003_NEW.pdf
[2013/12/01 13:55:29 | 000,487,364 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0003.pdf
[2013/12/01 13:53:56 | 000,174,888 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0002_NEW_0001.pdf
[2013/12/01 13:52:57 | 000,174,888 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0002_NEW.pdf
[2013/12/01 13:48:36 | 000,183,590 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0002.pdf
[2013/12/01 13:48:00 | 000,163,042 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0001.pdf
[2013/12/01 13:29:22 | 000,014,328 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2013/11/29 11:53:53 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 12-1-2013.wps
[2013/11/26 08:16:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/25 13:51:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/25 13:51:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/11/24 18:16:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe
[2013/11/22 21:51:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to Search Results.lnk
[2013/11/22 20:40:17 | 001,705,212 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\AutoRuns 11-22-13.arn
[2013/11/22 11:56:57 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 10-31-13.xlr
[2013/11/22 10:54:21 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-24-2013.wps
[2013/11/22 08:30:39 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2013/11/21 21:23:42 | 000,047,064 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/21 20:53:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/19 20:50:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/19 20:50:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/19 13:48:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-11.xlr
[2013/11/18 20:00:07 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Orders.wps
[2013/11/18 15:42:44 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-10.xlr
[2013/11/18 01:06:12 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2013/11/17 19:08:13 | 000,360,775 | ---- | M] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\FSS.exe
[2013/11/17 10:52:57 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Sid Bailey\Desktop\MiniToolBox.exe
[2013/11/16 10:52:28 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Blood Press.xlr
[2013/11/15 12:27:42 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Auslogics DiskDefrag.lnk
[2013/11/15 11:12:59 | 005,647,256 | ---- | M] (Auslogics Labs Pty Ltd ) -- C:\Documents and Settings\Sid Bailey\Desktop\disk-defrag-setup.exe
[2013/11/15 11:11:47 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Sid Bailey\Desktop\ATF-Cleaner.exe
[2013/11/14 20:46:41 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-17-2013.wps
[2013/11/13 22:16:19 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to autoruns.exe.lnk
[2013/11/13 22:06:18 | 000,073,732 | ---- | M] () -- C:\WINDOWS\System32\perfmon.msc
[2013/11/13 21:58:23 | 000,550,371 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns.zip
[2013/11/13 03:05:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 21:15:15 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Beginning of Iaeger.wps
[2013/11/12 08:31:25 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\Desktop\TFC.exe
[2013/11/10 18:34:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
[2013/11/10 13:20:50 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to JavaRa.lnk
[2013/11/08 12:32:29 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2013/11/08 10:54:59 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-10-2013.wps
[2013/11/07 16:19:44 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\checkup.lnk
[2013/11/07 15:29:00 | 000,891,184 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\SecurityCheck.exe
[2013/11/06 10:57:21 | 000,418,108 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/11/06 10:48:51 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk

========== Files Created - No Company Name ==========

[2013/12/03 10:12:50 | 001,110,034 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
[2013/12/01 14:03:39 | 000,372,046 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0006.jpg
[2013/12/01 14:03:35 | 000,811,237 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0005.jpg
[2013/12/01 14:00:25 | 001,023,646 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0004.jpg
[2013/12/01 13:57:01 | 000,478,944 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0003_NEW.pdf
[2013/12/01 13:55:23 | 000,487,364 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0003.pdf
[2013/12/01 13:53:37 | 000,174,888 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0002_NEW_0001.pdf
[2013/12/01 13:52:30 | 000,174,888 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0002_NEW.pdf
[2013/12/01 13:48:27 | 000,183,590 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0002.pdf
[2013/12/01 13:47:43 | 000,163,042 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IMG_20131201_0001.pdf
[2013/11/29 11:48:19 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 12-1-2013.wps
[2013/11/25 13:51:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/25 13:51:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/25 13:51:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/11/22 21:51:01 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to Search Results.lnk
[2013/11/22 20:40:14 | 001,705,212 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\AutoRuns 11-22-13.arn
[2013/11/22 11:42:05 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 10-31-13.xlr
[2013/11/22 10:54:21 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-24-2013.wps
[2013/11/21 20:53:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/18 19:48:43 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Orders.wps
[2013/11/16 11:08:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\mob check 2013-11.xlr
[2013/11/15 12:27:41 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Auslogics DiskDefrag.lnk
[2013/11/14 20:42:47 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-17-2013.wps
[2013/11/13 22:16:19 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to autoruns.exe.lnk
[2013/11/13 21:58:20 | 000,550,371 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Autoruns.zip
[2013/11/11 01:05:56 | 000,000,018 | ---- | C] () -- C:\UserName.ini
[2013/11/10 13:20:50 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to JavaRa.lnk
[2013/11/08 10:43:09 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 11-10-2013.wps
[2013/11/07 16:19:44 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\checkup.lnk
[2013/11/07 15:29:00 | 000,891,184 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\SecurityCheck.exe
[2013/11/06 22:44:37 | 1474,809,856 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/29 22:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 22:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 22:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/09/07 18:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 02:24:20 | 000,308,815 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 02:24:13 | 000,149,430 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 18:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 11:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 11:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 00:38:54 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 14:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 08:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 11:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 14:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 17:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/04/24 18:16:15 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/15 18:31:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 18:26:30 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/02/11 12:12:54 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2012/02/11 12:12:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2012/02/11 12:12:54 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2012/01/31 10:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/25 10:49:50 | 000,000,159 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2012/01/24 15:07:00 | 000,000,974 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2012/01/17 17:28:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2012/01/17 17:22:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/01/17 17:22:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/01/17 17:22:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/01/17 17:22:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/01/17 17:22:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/01/17 17:22:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/01/17 17:22:15 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/01/17 17:22:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/01/17 17:21:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/01/17 17:21:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2012/01/17 16:33:30 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/17 16:33:30 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/17 16:33:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/17 16:21:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/01/17 16:15:05 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/01/17 16:07:06 | 000,014,328 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2005/01/09 20:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/12 09:54:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/15 12:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2012/04/16 20:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2012/02/11 14:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/08/14 18:06:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/08/14 18:51:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/08/19 10:32:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMIG
[2013/09/22 21:26:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/12/02 20:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2013/09/01 16:32:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2013/08/16 14:45:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013/08/14 18:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/02/11 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/17 16:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/16 20:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Expert PDF 7
[2012/04/16 20:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Expert PDF Jobs
[2013/03/28 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/02/11 14:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 16:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/07/29 11:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/09/18 21:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2013/03/29 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/30 19:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\AVG
[2013/08/21 18:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\canon
[2013/11/06 10:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Check Point Software Technologies LTD
[2013/11/12 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\CheckPoint
[2012/04/05 14:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\DVDVideoSoft
[2013/07/24 22:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\EurekaLog
[2012/04/16 20:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Expert PDF 7
[2013/02/15 10:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\FreeFileViewer
[2013/09/18 19:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MailFrontier
[2012/05/22 18:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MusicOasis
[2013/03/18 10:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\SmartPCFix
[2012/01/20 21:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Special K Software
[2012/02/01 09:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sid Bailey\Desktop\OTL.exe:SummaryInformation

< End of report >

OTL Extras logfile created on: 12/3/2013 10:26:36 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 53.23% Memory free
5.23 Gb Paging File | 4.66 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 112.29 Gb Free Space | 80.76% Space Free | Partition Type: NTFS

Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Reconnect To Technician] -- cmd.exe /c start iexplore.exe logmein123.com (Microsoft Corporation)
Directory [Start Team Viewer] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)
"C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 1000 J110 series) -- (Hewlett-Packard Co.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series" = Canon MG2200 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C511D4D-FBD5-4748-822C-4E51BC0CC87E}" = ZoneAlarm DataLock
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}" = HP Deskjet 1000 J110 series Basic Device Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{BBA8F374-46CC-4C97-A630-30DB52BB93F9}" = HP Deskjet 1000 J110 series Product Improvement Study
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MG2200 series On-screen Manual" = Canon MG2200 series On-screen Manual
"Canon MG2200 series User Registration" = Canon MG2200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Card Games for Windows" = Card Games for Windows
"FreeFileViewer_is1" = Free File Viewer 2012
"HP Photo Creations" = HP Photo Creations
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Tune-Up" = PC Tune-Up
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2013 3:31:40 AM | Computer Name = YOUR-0C81E70C58 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 10/14/2013 10:43:18 AM | Computer Name = YOUR-0C81E70C58 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 10/22/2013 9:42:13 PM | Computer Name = YOUR-0C81E70C58 | Source = SonicMCEBurnEngine | ID = 0
Description = Exception occurred: excp'n type: Microsoft.MediaCenter.AddIn.DiscWriter.NoMediaListMakerException

excp'n msg: CanProceed found no media No stack trace available.

Error - 10/28/2013 5:00:09 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/28/2013 5:00:09 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/9/2013 8:31:22 PM | Computer Name = YOUR-0C81E70C58 | Source = MsiInstaller | ID = 11706
Description = Product: Playalot Games -- Error 1706. An installation package for
the product Playalot Games cannot be found. Try the installation again using a
valid copy of the installation package 'setup.msi'.

Error - 11/10/2013 2:25:58 PM | Computer Name = YOUR-0C81E70C58 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001ddc.

Error - 11/10/2013 2:26:06 PM | Computer Name = YOUR-0C81E70C58 | Source = Application Error | ID = 1001
Description = Fault bucket 1998465276.

Error - 11/11/2013 4:57:14 PM | Computer Name = YOUR-0C81E70C58 | Source = MsiInstaller | ID = 11706
Description = Product: Playalot Games -- Error 1706. An installation package for
the product Playalot Games cannot be found. Try the installation again using a
valid copy of the installation package 'setup.msi'.

Error - 11/14/2013 4:23:47 PM | Computer Name = YOUR-0C81E70C58 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

[ System Events ]
Error - 11/25/2013 11:39:51 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7031
Description = The WSWNA3100 service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 11/25/2013 11:39:52 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The ZoneAlarmBackup Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/25/2013 1:02:38 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/25/2013 1:02:57 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 11/25/2013 1:41:38 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the crd service to connect.

Error - 11/25/2013 1:41:38 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7000
Description = The crd service failed to start due to the following error: %%1053

Error - 11/25/2013 1:42:06 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the crd service to connect.

Error - 11/25/2013 1:42:06 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7000
Description = The crd service failed to start due to the following error: %%1053

Error - 11/25/2013 2:35:28 PM | Computer Name = YOUR-0C81E70C58 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 11/30/2013 12:46:15 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >

# AdwCleaner v3.014 - Report created 03/12/2013 at 10:21:44
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Sid Bailey - YOUR-0C81E70C58
# Running from : C:\Documents and Settings\Sid Bailey\Desktop\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\filetypeassistant

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\x8d4t8u3.default-1381283562814\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [2306 octets] - [12/11/2013 13:15:25]
AdwCleaner[R3].txt - [1301 octets] - [25/11/2013 13:26:28]
AdwCleaner[R5].txt - [1605 octets] - [03/12/2013 10:17:32]
AdwCleaner[S1].txt - [3989 octets] - [10/11/2013 23:36:37]
AdwCleaner[S2].txt - [2389 octets] - [12/11/2013 13:17:41]
AdwCleaner[S3].txt - [1362 octets] - [25/11/2013 13:31:59]
AdwCleaner[S5].txt - [1535 octets] - [03/12/2013 10:21:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1595 octets] ##########
:confused:
  • 0

#20
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
In reply as to how my PC was doing after all the machinations we have gone through; the speed of action has improved significantly, not as fast as out of the box new, but close to the original. Downloading from the net is nearly instantaneous, Yahoo e-mail loads faster & sends faster, web sites I visit daily load instantly. Off line performance has not been much affected, however I have lost some 200 documents from my Windows/Works program which were stored as .wps documents (hopefully recoverable through my back-up program) and my Cannon printer is acting funny which I think I can correct through uninstalling and reinstalling with the CD. I am reasonably pleased with the end result, I just wish I had a deeper knowledge of the whole system, so that I could catch problems before they caused so much terror. I really appreciate all your help!!:thumbsup:
Sid
  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hi oldrailroadgeek,

Congratulations! You now appear clean!

Lets remove our tools and clean up a bit.



  • Double-click OTL Posted Image to start the program.
  • Copy and paste the following text below into the Custom Scans/Fixes box at the bottom of OTL.

    :Commands
    [ClearAllRestorePoints]

  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the Posted Image button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new, clean one as well as uninstalling the tools used in this process including OTL itself.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Next

  • Right click the JRT Icon select delete
  • Remove any log files from the desktop
  • Empty recycle bin.


I post this for everone. There prevention steps

Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place

Best wishes!

Joe :)
  • 1

#22
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Joe,
I've cleaned-up following your above listed instructions. I've downloaded Win Patrol and will install after I send this reply. My windows XP is set for automatic updates, Malwarebytes Anti-malware Pro [the paid for version] is already installed on my system and it updates daily. I will read the two recommended articles tomorrow. Thanks for all your help. :thumbsup:
Have a Merry Christmas and a Happy New Year.
Sid [Oldrailroadgeek]
  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
You're are very welcome Sid......

Have a Merry Christmas and a Happy New Year to you too

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP