Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trouble with laptop

Started by John Aukerman , Apr 16 2014 08:32 PM

  • Please log in to reply

#1
John Aukerman
Posted 16 April 2014 - 08:32 PM

John Aukerman

    Member

  • Member
  • PipPipPip
  • 284 posts

windows xp has worked fine until today. now it takes long time to boot up. screen will freeze for 10 minutes then suddenly unfreeze. ran otl quickscan:

 

OTL logfile created on: 4/16/2014 10:01:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\jhaukerman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.90% Memory free
3.33 Gb Paging File | 2.54 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 62.20 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
 
Computer Name: JHAUKERMAN07 | User Name: jhaukerman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 22:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhaukerman\Desktop\OTL.exe
PRC - [2014/04/02 16:31:07 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/04/01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/22 10:05:32 | 000,720,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/10/03 08:01:24 | 000,348,160 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\Asset Management\Bin\cclient.exe
PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/08/10 01:40:22 | 000,049,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe
PRC - [2005/08/04 16:08:04 | 000,112,128 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
PRC - [2005/08/01 15:01:44 | 000,149,024 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
PRC - [2005/08/01 15:01:44 | 000,012,224 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2005/07/11 11:33:32 | 000,163,840 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2005/01/10 13:36:52 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\Novell\xtagent.exe
PRC - [2004/05/17 13:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2002/03/12 09:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/16 20:42:26 | 001,157,120 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\_ssl.pyd
MOD - [2014/04/16 20:42:26 | 000,805,888 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._gdi_.pyd
MOD - [2014/04/16 20:42:26 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\PyWinTypes27.dll
MOD - [2014/04/16 20:42:26 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\_multiprocessing.pyd
MOD - [2014/04/16 20:42:25 | 000,811,008 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._windows_.pyd
MOD - [2014/04/16 20:42:25 | 000,712,192 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\_hashlib.pyd
MOD - [2014/04/16 20:42:24 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\_ctypes.pyd
MOD - [2014/04/16 20:42:24 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._html2.pyd
MOD - [2014/04/16 20:42:24 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32inet.pyd
MOD - [2014/04/16 20:42:24 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32process.pyd
MOD - [2014/04/16 20:42:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32pdh.pyd
MOD - [2014/04/16 20:42:24 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32pipe.pyd
MOD - [2014/04/16 20:42:23 | 001,062,400 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._controls_.pyd
MOD - [2014/04/16 20:42:22 | 000,686,080 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\unicodedata.pyd
MOD - [2014/04/16 20:42:22 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\pyexpat.pyd
MOD - [2014/04/16 20:42:22 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32event.pyd
MOD - [2014/04/16 20:42:22 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\select.pyd
MOD - [2014/04/16 20:42:21 | 000,525,640 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/16 20:42:21 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\_elementtree.pyd
MOD - [2014/04/16 20:42:21 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32file.pyd
MOD - [2014/04/16 20:42:21 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32security.pyd
MOD - [2014/04/16 20:42:21 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\_socket.pyd
MOD - [2014/04/16 20:42:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32profile.pyd
MOD - [2014/04/16 20:42:20 | 001,175,040 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._core_.pyd
MOD - [2014/04/16 20:42:20 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\pysqlite2._sqlite.pyd
MOD - [2014/04/16 20:42:20 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32com.shell.shell.pyd
MOD - [2014/04/16 20:42:20 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32api.pyd
MOD - [2014/04/16 20:42:20 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32ts.pyd
MOD - [2014/04/16 20:42:19 | 000,735,232 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._misc_.pyd
MOD - [2014/04/16 20:42:19 | 000,364,544 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\pythoncom27.dll
MOD - [2014/04/16 20:42:19 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\wx._wizard.pyd
MOD - [2014/04/16 20:42:19 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Temp\_MEI34162\win32crypt.pyd
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:58:02 | 013,691,720 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/08/27 12:23:52 | 000,262,227 | ---- | M] () -- C:\WINDOWS\system32\nwshlxnt.dll
MOD - [2008/08/27 12:23:52 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\nls\english\nwshlxnr.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
MOD - [2007/04/03 16:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005/03/30 16:12:58 | 001,051,648 | ---- | M] () -- C:\Program Files\Novell\ZENworks\nls\english\NalUIRes.dll
MOD - [2005/03/30 15:14:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Novell\ZENworks\nls\english\NalRes.dll
MOD - [2003/12/11 09:08:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\Novell\novdhcp.dll
MOD - [2002/04/17 14:21:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\XMLPARSE.DLL
MOD - [2001/07/31 07:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2014/03/22 17:59:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/08/04 16:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/10 01:40:22 | 000,049,152 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe -- (TSCensus Collection Client)
SRV - [2005/08/04 16:08:04 | 000,112,128 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2005/08/01 15:01:44 | 000,149,024 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2005/07/11 11:33:32 | 000,163,840 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)
SRV - [2005/01/10 13:36:52 | 000,061,440 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\WINDOWS\system32\Novell\xtagent.exe -- (XTAgent)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JHAUKE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2014/04/16 20:43:33 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6EFF6ADB-78F2-45C7-862F-1692FB6C1E8F}\MpKsl20b3f461.sys -- (MpKsl20b3f461)
DRV - [2008/08/28 16:00:14 | 000,553,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/04 18:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2008/08/04 18:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/21 15:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 14:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008/07/21 14:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2008/04/04 16:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2008/01/08 11:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2007/12/31 16:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/10/25 08:56:29 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2007/09/26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/07/17 01:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007/06/28 15:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/02/27 09:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/22 18:40:08 | 000,140,680 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/06/29 17:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/13 16:17:40 | 000,025,300 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\niffltr.sys -- (NifFltr)
DRV - [2005/12/09 01:00:02 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2005/12/09 01:00:02 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2005/11/22 11:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 14:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 14:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2005/05/23 14:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr)
DRV - [2005/05/23 14:11:14 | 000,002,773 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Darpan.sys -- (Darpan)
DRV - [2003/02/26 13:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2001/03/20 10:55:42 | 000,009,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WNTHW.SYS -- (WNTHW)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = http://search.burn4f...rc=search-field
IE - HKCU\..\SearchScopes\{5C8701CA-239F-49BC-82CA-AA89CF22FABE}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F212F037-6AE7-49E0-91C7-A6BEE6128211}&mid=2b36cc06a16f47d08b25d1530d873ef9-f262536b1640d940e0a4dad28910a329d4e3f29c&lang=en&ds=ft011&pr=sa&d=2012-03-16 06:47:13&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{E599925B-04AE-40D3-85EC-E805CC93A3AA}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...03-16 06:47:13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: avg@toolbar:10.2.0.3
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:13&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\jhaukerman\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\jhaukerman\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\jhaukerman\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\jhaukerman\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/28 12:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/10 21:40:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\jhaukerman\Application Data\Mozilla\Firefox\Profiles/ru6juk0b.default\extensions\[email protected] [2012/04/29 16:21:47 | 000,000,000 | ---D | M]
 
[2009/02/05 11:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jhaukerman\Application Data\Mozilla\Extensions
[2014/01/06 11:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jhaukerman\Application Data\Mozilla\Firefox\Profiles\ru6juk0b.default\extensions
[2010/06/05 08:34:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jhaukerman\Application Data\Mozilla\Firefox\Profiles\ru6juk0b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/29 16:21:47 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Documents and Settings\jhaukerman\Application Data\Mozilla\Firefox\Profiles\ru6juk0b.default\extensions\[email protected]
[2014/01/28 12:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/01 05:33:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/03 06:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 10:55:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/02 15:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/04 18:49:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013/08/07 08:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/07/02 16:51:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/02 13:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/01 19:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/01 05:33:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/29 13:55:00 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\jhaukerman\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\jhaukerman\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin230.lnk = C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
O4 - Startup: C:\Documents and Settings\jhaukerman\Start Menu\Programs\Startup\Google Chrome.lnk = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.radio...5A&n=2011082000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Documents and Settings\jhaukerman\Local Settings\Application Data\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Documents and Settings\jhaukerman\Local Settings\Application Data\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40AE2658-21A9-46A8-9BEF-A3A4A6A2DD47}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/JHAUKE~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/19 14:35:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1c567d4b-58fe-11df-a6a0-001a4b63d70a}\Shell - "" = AutoRun
O33 - MountPoints2\{1c567d4b-58fe-11df-a6a0-001a4b63d70a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c567d4b-58fe-11df-a6a0-001a4b63d70a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{383de34e-cf84-11de-a608-001a4b63d70a}\Shell - "" = AutoRun
O33 - MountPoints2\{383de34e-cf84-11de-a608-001a4b63d70a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{383de34e-cf84-11de-a608-001a4b63d70a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5ef26e91-e6f0-11dd-a4f3-001a4b63d70a}\Shell\AutoRun\command - "" = E:\WDSetup.exe
O33 - MountPoints2\{750b412b-996c-11df-a6fe-001a4b63d70a}\Shell - "" = AutoRun
O33 - MountPoints2\{750b412b-996c-11df-a6fe-001a4b63d70a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{750b412b-996c-11df-a6fe-001a4b63d70a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{7f2fc618-932c-11de-a5cb-001a4b63d70a}\Shell - "" = AutoRun
O33 - MountPoints2\{7f2fc618-932c-11de-a5cb-001a4b63d70a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f2fc618-932c-11de-a5cb-001a4b63d70a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{92de0a8e-ad23-11dd-a4c0-001a4b63d70a}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{92de0a8e-ad23-11dd-a4c0-001a4b63d70a}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{92de0a8e-ad23-11dd-a4c0-001a4b63d70a}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{92de0a8e-ad23-11dd-a4c0-001a4b63d70a}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O33 - MountPoints2\{d563a175-01e1-11df-a62c-001a4b63d70a}\Shell - "" = AutoRun
O33 - MountPoints2\{d563a175-01e1-11df-a62c-001a4b63d70a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d563a175-01e1-11df-a62c-001a4b63d70a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d9924724-7436-11dd-a48c-001a4b63d70a}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{ebc2f532-625f-11de-a581-0013e86e71e5}\Shell - "" = AutoRun
O33 - MountPoints2\{ebc2f532-625f-11de-a581-0013e86e71e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebc2f532-625f-11de-a581-0013e86e71e5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/16 22:00:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jhaukerman\Desktop\OTL.exe
[2014/04/16 21:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/12/31 11:08:22 | 009,331,400 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\jhaukerman\Application Data\*.tmp files -> C:\Documents and Settings\jhaukerman\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/16 22:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhaukerman\Desktop\OTL.exe
[2014/04/16 21:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/16 21:48:28 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 21:47:59 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/16 21:36:37 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1042173953-856385936-1506814864-1011UA.job
[2014/04/16 21:36:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/16 20:45:57 | 000,445,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/16 20:45:57 | 000,073,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/16 20:42:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/16 20:41:23 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/16 20:41:22 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/04/16 20:41:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2014/04/16 20:28:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/16 20:28:55 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/13 16:36:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1042173953-856385936-1506814864-1011Core.job
[2014/04/13 14:13:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/04/12 08:29:25 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2010.lnk
[2014/04/11 21:41:14 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\jhaukerman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/08 22:25:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/04 14:02:44 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/03 00:42:43 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/23 03:26:02 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\jhaukerman\Application Data\*.tmp files -> C:\Documents and Settings\jhaukerman\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/04 14:10:57 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/02 15:48:35 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/02 15:48:34 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/01/14 19:32:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PUTTY.RND
[2013/01/05 16:56:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PUTTY.RND
[2012/01/04 09:34:25 | 000,161,720 | ---- | C] () -- C:\Program Files\4jres.dll
[2010/08/26 14:19:35 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\jhaukerman\Application Data\567ce0119fb0e2066ef2cde44e33730c44f8e763
[2010/08/26 14:19:35 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\567ce0119fb0e2066ef2cde44e33730c44f8e763
[2010/02/18 12:50:08 | 000,000,300 | -H-- | C] () -- C:\Documents and Settings\jhaukerman\Application Data\135a3498fe3022564d1bebf59360bcd658fdd177
[2010/02/18 12:50:08 | 000,000,300 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\135a3498fe3022564d1bebf59360bcd658fdd177
[2009/03/12 15:31:24 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\jhaukerman\g2mdlhlpx.exe
[2007/10/08 18:47:53 | 000,138,752 | ---- | C] () -- C:\Documents and Settings\jhaukerman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2007/09/21 16:28:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/05/15 08:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2012/05/15 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/03/16 06:44:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/03 14:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2013/11/01 05:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2009/01/15 12:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Libronix DLS
[2007/10/09 12:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/08/10 16:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2010/11/10 08:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/02/16 09:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/18 08:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/03/13 08:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Articulate
[2007/12/19 09:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Audio Record Edit Toolbox
[2009/06/16 09:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/08/08 07:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\CPS Labs
[2011/12/30 22:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Dropbox
[2012/04/29 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\eType
[2010/03/12 07:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Facebook
[2012/06/03 14:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Garmin
[2007/10/09 06:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Gradekeeper
[2007/11/26 08:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\InterVideo
[2010/08/26 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\iSpring Solutions
[2009/01/15 12:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Libronix DLS
[2012/02/21 08:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\NCH Swift Sound
[2014/01/28 11:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Oracle
[2012/04/30 06:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\PerformerSoft
[2007/10/09 12:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhaukerman\Application Data\Recordpad
 
========== Purity Check ==========
 
 
 
< End of report >
 

OTL Extras logfile created on: 4/16/2014 10:01:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\jhaukerman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.90% Memory free
3.33 Gb Paging File | 2.54 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 62.20 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
 
Computer Name: JHAUKERMAN07 | User Name: jhaukerman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE" = C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint
"C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office12\WINWORD.EXE:*:Enabled:Microsoft Office Word
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" = C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent -- (Philips Consumer Electronics)
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office14\WINWORD.EXE:*:Enabled:Microsoft Word -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\jhaukerman\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\jhaukerman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office14\EXCEL.EXE:*:Enabled:Microsoft Excel -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E16D716-ECAC-4881-ABB5-5017ACBDB2D7}" = Video Resource Driver
"{17ABBB0D-F2B1-4C78-A64F-2DC1C1E7A4DE}" = ZENworks Desktop Management Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}" = HP PCMCIA Smart Card Reader
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = LibronixUpdate
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{76A35397-115C-46EC-AE2C-71262B682E0F}" = Articulate Studio '09 Pro
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8047D5E6-13C9-44F1-B5E6-8D741220D75A}" = iSpring Free 5
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89C36E60-0260-11D5-8D7C-0020182B76CB}" = Novell iFolder 2.1.7
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{33615B00-3ABF-4657-8429-542921E479C6}" = 
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{A0EFB06D-0C7C-4A85-B1D3-65AF82536A7B}" = Sentence Diagramming
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}" = AuthenTec Fingerprint Sensor Minimum Install
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{FFE62AAA-60EC-71CF-0505-740B8E797647}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Bi-Tech OpenLink 5.1 ODBC Driver" = Bi-Tech OpenLink 5.1 ODBC Driver
"BTDll" = SunGard Bi-Tech PC Products v7.6
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"Doxillion" = Doxillion Document Converter
"ExpressZip" = Express Zip
"FormatFactory" = FormatFactory 2.60
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Libronix DLS" = Libronix Digital Library System
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Product_Name" = Gradekeeper
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The NIV Study Bible Complete Library" = The NIV Study Bible Complete Library
"TSCensus Client Apps" = ZENworks Asset Management - Client Apps
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zondervan STEP Reader" = Zondervan STEP Reader
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"LastPass" = LastPass (uninstall only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/3/2014 12:59:18 PM | Computer Name = JHAUKERMAN07 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: The data is invalid.  
 
Error - 3/3/2014 12:59:18 PM | Computer Name = JHAUKERMAN07 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: The data is invalid.  
 
Error - 4/15/2014 7:57:24 PM | Computer Name = JHAUKERMAN07 | Source = ESENT | ID = 485
Description = wuauclt (428) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The delete file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 4/15/2014 7:57:24 PM | Computer Name = JHAUKERMAN07 | Source = ESENT | ID = 485
Description = wuauclt (428) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The delete file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 4/16/2014 7:01:22 PM | Computer Name = JHAUKERMAN07 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
 mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
 
Error - 4/16/2014 7:17:39 PM | Computer Name = JHAUKERMAN07 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 4/16/2014 7:17:42 PM | Computer Name = JHAUKERMAN07 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
 mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
 
Error - 4/16/2014 7:17:42 PM | Computer Name = JHAUKERMAN07 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.5.216.0, P3 timeout, P4 1.1.10501.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 4/16/2014 9:26:03 PM | Computer Name = JHAUKERMAN07 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
 mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
 
Error - 4/16/2014 9:48:00 PM | Computer Name = JHAUKERMAN07 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
[ OSession Events ]
Error - 9/8/2009 8:21:19 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/8/2009 8:21:27 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/8/2009 8:21:34 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/8/2009 8:21:42 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/17/2009 7:23:48 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/17/2009 7:24:06 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/17/2009 7:29:08 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 9/17/2009 7:29:17 AM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 8/9/2010 2:09:54 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
Error - 8/24/2010 12:18:44 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = 
 
[ System Events ]
Error - 4/16/2014 9:25:57 PM | Computer Name = JHAUKERMAN07 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MsMpSvc service.
 
Error - 4/16/2014 9:25:57 PM | Computer Name = JHAUKERMAN07 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MsMpSvc service.
 
Error - 4/16/2014 9:25:57 PM | Computer Name = JHAUKERMAN07 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MsMpSvc service.
 
Error - 4/16/2014 9:25:58 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%834     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%838
 
Error - 4/16/2014 9:26:06 PM | Computer Name = JHAUKERMAN07 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 2 time(s).  The following corrective action will be taken in 
15000 milliseconds: Restart the service.
 
Error - 4/16/2014 9:26:25 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 4/16/2014 9:36:23 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 4/16/2014 9:36:26 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 4/16/2014 9:47:59 PM | Computer Name = JHAUKERMAN07 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%834     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%838
 
Error - 4/16/2014 9:48:01 PM | Computer Name = JHAUKERMAN07 | Source = Service Control Manager | ID = 7034
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 3 time(s).
 
 
< End of report >
 
 
 

  • 0

Advertisements

#2
JSntgRvr
Posted 16 April 2014 - 08:54 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

:welcome:
 
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
  • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

  • 0

#3
John Aukerman
Posted 17 April 2014 - 12:02 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts
ComboFix 14-04-12.01 - jhaukerman 04/17/2014  13:38:31.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1457 [GMT -4:00]
Running from: c:\documents and settings\jhaukerman\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\_ctypes.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\_elementtree.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\_hashlib.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\_multiprocessing.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\_socket.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\_ssl.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\pyexpat.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\pysqlite2._sqlite.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\python27.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\pythoncom27.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\PyWinTypes27.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\select.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\unicodedata.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32api.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32com.shell.shell.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32crypt.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32event.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32file.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32inet.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32pdh.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32pipe.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32process.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32profile.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32security.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\win32ts.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\windows._lib_cacheinvalidation.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._controls_.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._core_.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._gdi_.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._html2.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._misc_.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._windows_.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wx._wizard.pyd
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wxbase294u_net_vc90.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wxbase294u_vc90.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wxmsw294u_adv_vc90.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wxmsw294u_core_vc90.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wxmsw294u_html_vc90.dll
c:\docume~1\JHAUKE~1\LOCALS~1\Temp\_MEI26442\wxmsw294u_webview_vc90.dll
c:\documents and settings\All Users\Application Data\135a3498fe3022564d1bebf59360bcd658fdd177
c:\documents and settings\All Users\Application Data\567ce0119fb0e2066ef2cde44e33730c44f8e763
c:\documents and settings\All Users\Application Data\AudioDecoderFilterGraph.txt
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\jhaukerman\Application Data\135a3498fe3022564d1bebf59360bcd658fdd177
c:\documents and settings\jhaukerman\Application Data\567ce0119fb0e2066ef2cde44e33730c44f8e763
c:\documents and settings\jhaukerman\Application Data\isfree3_0.tmp
c:\documents and settings\jhaukerman\Application Data\isfree3_1.tmp
c:\documents and settings\jhaukerman\Application Data\isfree4_0.tmp
c:\documents and settings\jhaukerman\Application Data\isfree4_1.tmp
c:\documents and settings\jhaukerman\Application Data\ispro4_0.tmp
c:\documents and settings\jhaukerman\g2mdlhlpx.exe
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\_ctypes.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\_elementtree.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\_hashlib.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\_multiprocessing.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\_socket.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\_ssl.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\pyexpat.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\pysqlite2._sqlite.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\python27.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\pythoncom27.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\PyWinTypes27.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\select.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\unicodedata.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32api.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32com.shell.shell.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32crypt.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32event.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32file.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32inet.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32pdh.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32pipe.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32process.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32profile.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32security.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\win32ts.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\windows._lib_cacheinvalidation.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._controls_.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._core_.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._gdi_.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._html2.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._misc_.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._windows_.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wx._wizard.pyd
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wxbase294u_net_vc90.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wxbase294u_vc90.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wxmsw294u_adv_vc90.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wxmsw294u_core_vc90.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wxmsw294u_html_vc90.dll
c:\documents and settings\jhaukerman\Local Settings\Temp\_MEI26442\wxmsw294u_webview_vc90.dll
c:\program files\RadioRage_4j
c:\program files\RadioRage_4j\bar\Message\COMMON\8_step1.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\index.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\rebut4b.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\shield.png
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\66dd0fd079d1bd8d.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-17 to 2014-04-17  )))))))))))))))))))))))))))))))
.
.
2014-04-17 17:49 . 2014-04-17 17:49 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2014-04-17 17:49 . 2014-04-17 17:49 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2014-04-17 17:49 . 2014-04-17 17:49 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2014-04-17 17:49 . 2014-04-17 17:49 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2014-04-17 17:49 . 2014-04-17 17:49 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2014-04-17 17:49 . 2014-04-17 17:49 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2014-04-17 17:49 . 2014-04-17 17:49 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2014-04-17 17:49 . 2014-04-17 17:49 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2014-04-17 17:48 . 2014-04-17 17:48 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2014-04-17 17:48 . 2014-04-17 17:48 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2014-04-17 17:48 . 2014-04-17 17:48 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2014-04-17 17:48 . 2014-04-17 17:48 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2014-04-17 17:48 . 2014-04-17 17:48 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2014-04-17 17:48 . 2014-04-17 17:48 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2014-04-17 17:48 . 2014-04-17 17:48 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2014-04-17 17:48 . 2014-04-17 17:48 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-04-17 01:48 . 2014-04-17 01:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2014-04-15 23:59 . 2014-04-01 02:32 8049928 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6EFF6ADB-78F2-45C7-862F-1692FB6C1E8F}\mpengine.dll
2014-04-13 16:56 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-01 00:37 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-04-01 00:37 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-22 20:59 . 2014-03-22 21:59 5777288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-22 21:59 . 2012-04-27 10:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-22 21:59 . 2011-08-14 16:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:59 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2004-08-04 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-25 05:19 . 2010-03-26 02:30 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2010-11-10 12:55 231584 ------w- c:\windows\system32\MpSigStub.exe
2011-08-20 04:07 . 2012-01-04 13:34 161720 ----a-w- c:\program files\4jres.dll
2011-04-10 19:46 . 2010-12-31 15:08 9331400 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\jhaukerman\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\jhaukerman\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\jhaukerman\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\jhaukerman\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-24 68856]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-19 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-19 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-19 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2013-03-06 520424]
.
c:\documents and settings\administrator\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2010-12-31 9331400]
.
c:\documents and settings\its\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2010-12-31 9331400]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2010-12-31 9331400]
.
c:\documents and settings\jhaukerman\Start Menu\Programs\Startup\
Google Chrome.lnk - c:\documents and settings\jhaukerman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2011-12-30 841032]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Application Explorer.lnk - c:\program files\Novell\ZENworks\NalView.exe [2005-8-1 35840]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-21 192512]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-8-10 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-04 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 17:36 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE"=
"c:\\Documents and Settings\\jhaukerman\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\jhaukerman\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R0 NifFltr;NifFltr;c:\windows\system32\drivers\niffltr.sys [9/21/2007 4:46 PM 25300]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 2:47 PM 6899]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [7/11/2005 11:33 AM 163840]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe [10/3/2007 8:01 AM 49152]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [10/3/2007 8:01 AM 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [1/10/2005 1:36 PM 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 2:11 PM 2773]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\JHAUKE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\JHAUKE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [7/17/2007 1:24 AM 35072]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [8/10/2009 4:51 PM 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [8/10/2009 4:51 PM 461056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-26 21:59]
.
2014-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-04-30 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-04-05 11:24]
.
2014-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 22:53]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 10:58]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 10:58]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1042173953-856385936-1506814864-1011Core.job
- c:\documents and settings\jhaukerman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 23:00]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1042173953-856385936-1506814864-1011UA.job
- c:\documents and settings\jhaukerman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 23:00]
.
2014-04-17 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 14:13]
.
2014-04-17 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-01 01:59]
.
2014-04-04 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-01 01:59]
.
2014-04-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2014-04-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: LastPass - file://c:\documents and settings\jhaukerman\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\jhaukerman\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\jhaukerman\Application Data\Mozilla\Firefox\Profiles\ru6juk0b.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bc164267d-38af-4f22-ad9d-246b3a04201b%7D&mid=2b36cc06a16f47d08b25d1530d873ef9-f262536b1640d940e0a4dad28910a329d4e3f29c&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-03-16%2006%3A47%3A13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc164267d-38af-4f22-ad9d-246b3a04201b%7D&mid=2b36cc06a16f47d08b25d1530d873ef9-f262536b1640d940e0a4dad28910a329d4e3f29c&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-03-16%2006%3A47%3A13&sap=ku&q=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-17 13:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\NETWIN32.DLL
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
.
- - - - - - - > 'Explorer.exe'(2760)
c:\windows\system32\WININET.dll
c:\documents and settings\jhaukerman\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\program files\Novell\ZENworks\Asset Management\bin\CClient.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Novell\ZENworks\wm.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\NWTRAY.EXE
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\program files\Novell\ZENworks\NalAgent.exe
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
.
**************************************************************************
.
Completion time: 2014-04-17  13:58:44 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-17 17:58
.
Pre-Run: 66,535,088,128 bytes free
Post-Run: 82,878,021,632 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CDD0C23A3F05CF5E58EECDA879EB2FB7
8F558EB6672622401DA993E1E865C861

  • 0

#4
JSntgRvr
Posted 17 April 2014 - 08:39 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg
Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


  • 0

#5
John Aukerman
Posted 18 April 2014 - 05:21 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by jhaukerman on Fri 04/18/2014 at  6:26:40.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CA41198F-C3C5-47D8-99E1-1AB199E81723}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsnr labs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\radiorage_4j
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\radiorage_4j
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Program Files\4jres.dll
Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ibupdaterservice"
Successfully deleted: [Folder] "C:\Documents and Settings\jhaukerman\Application Data\etype"
Successfully deleted: [Folder] "C:\Documents and Settings\jhaukerman\Application Data\performersoft"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Documents and Settings\jhaukerman\Application Data\mozilla\firefox\profiles\ru6juk0b.default\extensions\[email protected]
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted the following from C:\Documents and Settings\jhaukerman\Application Data\mozilla\firefox\profiles\ru6juk0b.default\prefs.js
 
user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7Bc164267d-38af-4f22-ad9d-246b3a04201b%7D&mid=2b36cc06a16f47d08b25d1530d873ef9-f262536b1640d940e0a4dad28910a
user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc164267d-38af-4f22-ad9d-246b3a04201b%7D&mid=2b36cc06a16f47d08b25d1530d873ef9-f262536b1640d940e0a4dad28910a329d4e
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/18/2014 at  6:30:33.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
# AdwCleaner v3.023 - Report created 18/04/2014 at 06:37:49
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : jhaukerman - JHAUKERMAN07
# Running from : C:\Documents and Settings\jhaukerman\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v3.6.6 (en-US)
 
[ File : C:\Documents and Settings\jhaukerman\Application Data\Mozilla\Firefox\Profiles\ru6juk0b.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\jhaukerman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2661 octets] - [18/04/2014 06:35:32]
AdwCleaner[S0].txt - [2616 octets] - [18/04/2014 06:37:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2676 octets] ##########
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/18/2014
Scan Time: 7:18:21 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: jhaukerman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325030
Time Elapsed: 33 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
JSntgRvr
Posted 18 April 2014 - 08:44 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

How is the computer doing?


  • 0

#7
John Aukerman
Posted 19 April 2014 - 04:40 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

It is somewhat better. Thanks for your help.

 

But it still takes too long to load a program, like Windows Chrome. A couple minutes load time. Any suggestions?


  • 0

#8
JSntgRvr
Posted 19 April 2014 - 09:48 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Reset Chrome to defaults:
 

On the latest version of Google Chrome, click on the Customize and control Google Chrome button  (Three horizontal lines on the upper right corner)> Settings.

  1. Click on Advanced Settings.
  2. Scroll down to the bottom of the page, until you reached the "Reset browser settings" section.
  3. Click on Reset browser settings.

Please run a free online scan with the ESET Online Scanner
 

  • Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
  • Note: This scan works with Internet Explorer or Mozilla FireFox.
  • If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Usethen click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#9
John Aukerman
Posted 20 April 2014 - 11:04 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts
C:\Program Files\NCH Software\Doxillion\doxillion.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Doxillion\doxillionsetup_v1.13.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Doxillion\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\ExpressZip\expresszip.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\ExpressZip\expresszipsetup_v2.15.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\RECYCLER\S-1-5-21-1042173953-856385936-1506814864-1011\Dc16.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{2987C41A-5492-4F11-AFD5-3ED44486AEAC}\RP1451\A0719077.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application deleted - quarantined

  • 0

#10
JSntgRvr
Posted 20 April 2014 - 05:17 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Any improvement?


  • 0

#11
John Aukerman
Posted 20 April 2014 - 07:37 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Yes, a lot. I think we have licked this thing. Thank you very much for your help.


  • 0

#12
JSntgRvr
Posted 21 April 2014 - 05:57 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Congratulations.
 
We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

Manually remove any other tool left.
 

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article   by Miekiemoes.
 
Best wishes! icon_hello.gif


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP