Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirects, Popups and Adds

Started by Falcor2 , May 05 2014 05:46 PM

Please log in to reply

#1
Falcor2

Posted 05 May 2014 - 05:46 PM

Member

Member
59 posts

Hi G2G

This computer is my wife's, she uses it for work. It is a Dell D630 Latitude with Windows XP Professional Sp3. I realize XP is no longer serviced, but it is all we have at this time. The computer seems to work offline ok, but online it has a lot of redirects,popups, adds and seems to lockup at times. Thanks in advance for any and all help, OTL and Extras Txt to follow.

Thanks

Falcor2

OTL, Txt

===========================================

OTL logfile created on: 5/5/2014 5:52:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Front Desk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.87% Memory free
3.33 Gb Paging File | 2.27 Gb Available in Paging File | 68.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 78.04 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive D: | 175.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEANNE | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/05 17:40:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
PRC - [2014/05/05 17:01:43 | 000,316,704 | ---- | M] () -- C:\Program Files\Swift Browse\updateSwiftBrowse.exe
PRC - [2014/05/05 16:28:22 | 000,316,704 | ---- | M] () -- C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe
PRC - [2014/05/01 18:28:30 | 000,095,520 | ---- | M] () -- C:\Program Files\Swift Browse\bin\SwiftBrowse.BrowserAdapter.exe
PRC - [2014/04/30 20:54:42 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/24 12:17:54 | 000,239,392 | ---- | M] () -- C:\Program Files\Swift Browse\bin\SwiftBrowse.PurBrowse.exe
PRC - [2014/04/18 08:27:13 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/04/18 08:26:58 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2014/03/12 04:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\n360.exe
PRC - [2013/06/05 08:27:44 | 001,253,912 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
PRC - [2013/03/20 12:12:17 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/12/14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:25:10 | 000,129,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/12/12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/07/28 09:06:44 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/05/14 14:07:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 15:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/19 00:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/05 17:01:43 | 000,316,704 | ---- | M] () -- C:\Program Files\Swift Browse\updateSwiftBrowse.exe
MOD - [2014/05/05 16:28:22 | 000,316,704 | ---- | M] () -- C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe
MOD - [2014/05/02 15:57:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/05/02 15:56:38 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/05/02 15:53:25 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/05/02 15:43:45 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/05/02 15:43:39 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/05/02 15:43:26 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/05/02 15:42:14 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/05/02 15:42:06 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/05/02 13:53:32 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2014/05/02 13:53:30 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2014/05/02 13:53:22 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014/05/02 13:53:17 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/05/02 13:53:16 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2014/05/01 18:28:30 | 000,095,520 | ---- | M] () -- C:\Program Files\Swift Browse\bin\SwiftBrowse.BrowserAdapter.exe
MOD - [2014/04/24 12:17:54 | 000,239,392 | ---- | M] () -- C:\Program Files\Swift Browse\bin\SwiftBrowse.PurBrowse.exe
MOD - [2010/05/13 23:47:42 | 000,169,472 | ---- | M] () -- C:\WINDOWS\system32\ZLhp1020.DLL
MOD - [2010/05/13 23:47:28 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PPhp1020.DLL
MOD - [2007/01/30 16:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 16:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2003/08/29 05:23:49 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Services (SafeList) ==========

SRV - [2014/05/05 17:01:43 | 000,316,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Swift Browse\updateSwiftBrowse.exe -- (Update Swift Browse)
SRV - [2014/05/05 16:28:22 | 000,316,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe -- (Util Swift Browse)
SRV - [2014/04/30 20:56:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/30 20:54:42 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/18 08:27:13 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/04/18 08:26:58 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/12 04:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe -- (N360)
SRV - [2013/12/27 15:59:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/24 08:40:17 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service)
SRV - [2013/03/20 12:12:17 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/20 13:26:25 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\UtilityChest_49\bar\1.bin\49barsvc.exe -- (UtilityChest_49Service)
SRV - [2012/07/28 09:06:44 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/05/14 14:07:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 19:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/05/14 15:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/19 00:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 22:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/04/24 20:47:30 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140505.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/04/24 20:47:30 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140505.001\NAVENG.SYS -- (NAVENG)
DRV - [2014/04/24 12:17:58 | 000,055,232 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t.sys -- ({2b4fc5ce-fd26-493c-97d3-e808aab73013}t)
DRV - [2014/04/18 08:26:59 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2014/03/26 09:39:19 | 000,383,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140502.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2014/03/18 21:24:12 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/03/04 00:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\symefa.sys -- (SymEFA)
DRV - [2014/02/17 21:32:41 | 000,423,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\symtdi.sys -- (SYMTDI)
DRV - [2014/02/12 21:59:49 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\srtsp.sys -- (SRTSP)
DRV - [2014/01/13 07:14:20 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/02 10:10:59 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/12/02 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/26 22:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 22:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 22:47:42 | 000,047,960 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2013/09/09 22:47:42 | 000,047,960 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2013/09/09 22:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\symds.sys -- (SymDS)
DRV - [2013/09/09 21:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\srtspx.sys -- (SRTSPX)
DRV - [2013/05/24 08:32:05 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/12/05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/12 16:36:38 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/13 00:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 00:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 07:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 19:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 19:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 19:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 18:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/28 16:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {DD259C95-6D0C-4027-9478-CEB509D0DDE3}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKCU\..\SearchScopes\{DD259C95-6D0C-4027-9478-CEB509D0DDE3}: "URL" = http://search.yahoo....tf-8&fr=att-ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/17 17:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/05/05 17:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com: C:\Program Files\UtilityChest_49\bar\1.bin [2013/02/20 13:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/02 10:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/17 17:33:06 | 000,000,000 | ---D | M]

[2013/11/13 18:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Extensions
[2013/12/02 11:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\extensions
[2013/11/25 16:50:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\extensions\[email protected]
[2013/11/13 18:02:08 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\searchplugins\amazon.xml
[2014/04/30 20:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/04/30 20:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/27 15:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/27 15:59:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Assistant BHO) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Utility Chest) - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (My Scrap Nook) - {FE6F06FB-0FC0-4499-828F-EE48088F504F} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: audible.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: flaglerhospital.org ([images] https in Trusted sites)
O15 - HKCU\..Trusted Domains: radmd.com ([www] https in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/Scripts/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.flaglerh...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} https://images.docto...l/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa10)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://www.flaglerho...vpn/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1078 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2239EF8C-819A-4115-AC14-D60C944FE5A9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{319CB493-C1AA-42CD-89B4-2AE44929C51E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9479C24B-3DD6-4ED9-AA95-D0D78551B73E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - http://mail.yimg.com..._0_2/js/msgr.js
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/22 09:34:58 | 000,000,053 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8387be65-826c-11dc-a510-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8387be65-826c-11dc-a510-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8387be65-826c-11dc-a510-806d6172696f}\Shell\AutoRun\command - "" = D:\sorna.exe -- [2010/04/22 09:35:00 | 004,865,161 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/05 17:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2014/05/05 17:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/05/02 15:16:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/05/02 15:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/05/02 15:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/05/02 15:16:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/05/02 14:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/04/30 20:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\Sun
[2014/04/30 20:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/04/30 20:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Application Data\Oracle
[2014/04/24 22:04:55 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t.sys
[2014/04/16 10:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\Reviewer
[2014/04/16 10:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sorna
[2014/04/16 10:16:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2014/04/16 10:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2014/04/16 10:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\Xenocode
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/05 17:54:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/05 17:45:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/05 17:44:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/05 17:44:02 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
[2014/05/05 17:42:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/05 17:42:37 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/05 17:40:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2014/05/05 16:24:34 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 18:25:14 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Microsoft Office Word 2007.lnk
[2014/05/02 18:21:36 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Automated MD - User Login.url
[2014/05/02 18:19:17 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\ALLSCRIPTS FLAGLER.url
[2014/05/02 15:48:57 | 000,483,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/05/02 15:48:57 | 000,080,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/05/02 15:45:06 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/05/02 15:09:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/05/02 14:20:49 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/05/02 14:00:26 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2014/05/02 14:00:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2014/05/02 14:00:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/05/02 12:29:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2014/05/02 11:50:06 | 002,004,653 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2014/05/02 10:10:28 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2014/05/02 10:10:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2014/05/02 10:10:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/05/02 08:37:25 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2014/04/30 20:40:26 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2014/04/30 20:40:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2014/04/30 20:40:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/04/30 20:30:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2014/04/28 08:51:21 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Adobe Reader X.lnk
[2014/04/24 12:17:58 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t.sys
[2014/04/18 08:28:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/04/18 08:26:59 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2014/04/18 08:26:58 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2014/04/18 08:26:58 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2014/04/16 14:11:33 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\St. Augustine Imaging Electronic Order.url
[2014/04/11 08:24:35 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2014/04/11 08:24:33 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/05 17:42:37 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/02 10:02:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/05/02 10:02:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/04/03 09:22:05 | 000,064,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/02/20 18:08:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2013/05/10 08:31:22 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/05/08 17:30:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\XREXImageViewerLite.INI
[2013/02/06 18:10:38 | 000,906,654 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2007805527-2214855839-2415389009-1005-0.dat
[2013/01/17 18:04:36 | 000,226,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/08 10:24:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/09/04 13:28:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2012/08/29 11:59:00 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Front Desk\g2mdlhlpx.exe
[2012/08/18 14:36:42 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2012/08/18 14:30:50 | 000,178,446 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2012/08/18 14:30:50 | 000,002,428 | R--- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2012/07/28 09:38:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2012/07/28 09:38:43 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2012/07/28 09:38:42 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2012/07/28 00:01:23 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/07/28 00:01:23 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/07/28 00:00:49 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012/07/27 23:57:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2012/07/27 23:57:15 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/07/27 23:57:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/07/27 23:57:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/07/27 23:56:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2012/07/27 23:51:35 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2012/07/27 23:25:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPWMA.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPSBEXT.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPFIDRV.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPFBASE.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPAUDRV.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XMCIPSPWA.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XMCIPSPCT.INI
[2012/07/16 11:20:38 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\XPSPWAVE.INI
[2012/07/16 11:20:38 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\PSPUSBLB.INI
[2012/07/16 11:20:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\XPSPMP3.INI
[2012/07/16 11:20:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\XPSPDSS.INI
[2012/07/16 11:20:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\XPSPDDI.INI
[2012/07/03 19:05:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/05 12:55:39 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\ZLhp1020.DLL
[2012/06/05 12:55:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2012/06/05 12:55:36 | 000,365,568 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2012/06/05 09:04:59 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\zshp1020s.dll
[2011/07/28 09:24:26 | 000,015,842 | -HS- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
[2011/07/28 09:24:26 | 000,015,842 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
[2008/06/19 17:00:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/05 11:11:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Front Desk\Application Data\PFP110JPR.{PB
[2007/11/05 11:11:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Front Desk\Application Data\PFP110JCM.{PB

========== ZeroAccess Check ==========

[2012/07/28 11:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/03 11:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2013/01/03 10:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/07/19 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/08/20 10:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/01/09 18:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2013/05/24 08:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/06/23 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2014/05/05 16:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/18 15:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2007/10/09 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2012/07/27 23:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2008/05/15 10:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/27 23:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/04/16 10:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sorna
[2012/07/28 08:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/10/08 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/10/09 02:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2013/07/05 15:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/03/13 15:13:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Front Desk\Application Data\.#
[2013/05/24 08:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\0F0C1V0C1T1I1P1G1Q1T1C
[2013/03/21 09:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\com.adobe.air.aaos.Code-X2013
[2014/03/07 09:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\com.adobe.air.aaos.Code-X2014
[2013/06/19 15:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\DatCard Systems, Inc
[2013/01/09 18:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ICAClient
[2011/06/23 15:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Juniper Networks
[2014/02/19 14:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\LaunchPad
[2014/04/30 20:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Oracle
[2013/01/03 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\PCCUStubInstaller
[2014/03/07 09:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Roaming
[2012/09/06 15:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ScanSoft
[2009/06/22 11:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Stamps.com Internet Postage
[2013/06/07 08:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\UtilityChest_49
[2014/04/24 17:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Wave Systems Corp
[2012/09/20 11:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\webex
[2013/07/05 15:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\WildTangent

========== Purity Check ==========

< End of report >

Extras, Txt

=====================================

OTL Extras logfile created on: 5/5/2014 5:52:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Front Desk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.87% Memory free
3.33 Gb Paging File | 2.27 Gb Available in Paging File | 68.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 78.04 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive D: | 175.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEANNE | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\MEDITECH\Print\VMagicPPII.exe" = C:\Program Files\MEDITECH\Print\VMagicPPII.exe:*:Enabled:Document Spooling Service -- (Medical Information Technology, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Brother\Brmfl08g\FAXRX.exe" = C:\Program Files\Brother\Brmfl08g\FAXRX.exe:*:Enabled:FAXRX.EXE -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Disabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1349710499\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1349710499\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}" = Brother MFL-Pro Suite MFC-6490CW
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0E8DC723-F1CD-424A-96CC-12428E7A1B4B}" = Citrix Receiver (HDX Flash Redirection)
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{20EF792C-4CCA-1320-B9F0-8B783680BD99}" = Code-X 2013
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3068513C-3AAC-410B-BAE7-C7837FFF8DEB}" = Citrix Receiver(USB)
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{59B3CA48-E92D-4D08-862D-1E43B17112FF}" = RVue
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63112888-EAEA-4C7C-B567-617C2F16584A}" = Windows Media Player 9 Series SDK
"{6319890B-22D5-44C2-ADC3-028226CACF67}" = Brother HL-2040
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{79ACC31A-87EA-472A-853E-5AC6A97CE569}" = HP Officejet Pro 8600 Product Improvement Study
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{98BCB68E-274F-11D4-B2FA-00105AA9021A}" = DR Systems Web Ambassador
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D431014-9F90-4335-A58E-8A14B0BD77F1}" = Citrix Receiver Inside
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A29C4047-4731-4F0D-86B8-FA6A301BFDD6}" = Centricity Enterprise Web 3.0 Client (SPa10)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B89BD8D8-14B4-08AC-8BCA-63C0DB91A9AF}" = Code-X 2014
"{B92051A3-3ABB-4A26-A615-2298BE7CBC28}" = Citrix Authentication Manager
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D29DDA9B-FE05-48F1-A9D1-F6346A0A301A}" = Citrix Receiver(DV)
"{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A60962-B768-4EA3-B0B6-DA671276B81A}" = Citrix Receiver(Aero)
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E684F384-1C66-4BFE-86D3-80C4C777538E}" = Philips Device Control Center
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}" = Self-service Plug-in
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.air.aaos.Code-X2013" = Code-X 2013
"com.adobe.air.aaos.Code-X2014" = Code-X 2014
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HP-LaserJet 1020 series" = LaserJet 1020 series
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"N360" = Norton 360
"Norton PC Checkup_is1" = Norton PC Checkup
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"Swift Browse" = Swift Browse 2013.11.07.203600
"Tweaks MyCalendar" = MyCalendar
"UtilityChest_49bar Uninstall" = Utility Chest Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"Workstation4.x" = MEDITECH Workstation4.x
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Calendar Packages" = Calendar Packages
"GoToMeeting" = GoToMeeting 6.0.0.1259
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2014 4:15:24 PM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/28/2014 4:37:26 PM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/31/2014 4:19:14 PM | Computer Name = JEANNE | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 3/31/2014 4:20:29 PM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/4/2014 4:44:03 PM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/24/2014 5:00:31 PM | Computer Name = JEANNE | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 4/24/2014 5:02:06 PM | Computer Name = JEANNE | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 4/30/2014 9:38:29 PM | Computer Name = JEANNE | Source = Application Error | ID = 1000
Description = Faulting application swiftbrowse.browseradapter.exe, version 0.0.0.0,
faulting module unknown, version 0.0.0.0, fault address 0x90fda875.

Error - 5/2/2014 4:14:47 PM | Computer Name = JEANNE | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 5/5/2014 5:04:00 PM | Computer Name = JEANNE | Source = Application Error | ID = 1000
Description = Faulting application swiftbrowse.browseradapter.exe, version 0.0.0.0,
faulting module ole32.dll, version 5.1.2600.6435, fault address 0x0002b479.

[ Cisco AnyConnect VPN Client Events ]
Error - 11/5/2013 3:30:04 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
connection was forcibly closed by the remote host.

Error - 11/5/2013 3:30:04 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 11/5/2013 3:30:08 PM | Computer Name = JEANNE | Source = vpndownloader | ID = 67108866
Description = Function: CExceptionHandlerEx::GenerateMiniDump File: ..\Common\Utility\Win\Minidump.cpp
Line:
427 Invoked Function: UNHANDLED EXCEPTION Return Code: -1073741819 (0xC0000005) Description:
WINDOWS_ERROR_CODE ACCESS_VIOLATION. A mindump file is located at: C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\vpndownloader.exe_2.4.1012_20131105143008.mdmp

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchRemoteDownloader File: .\ConnectMgr.cpp
Line:
5180 Invoked Function: ProcessApi :: WaitForProcess Return Code: -1073741819 (0xC0000005)
Description:
Downloader terminated abnormally

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
An existing connection was forcibly closed by the remote host.

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 997 (0x000003E5) Description:
Overlapped I/O operation is in progress.

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
connection was forcibly closed by the remote host.

Error - 11/5/2013 3:30:11 PM | Computer Name = JEANNE | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

[ OSession Events ]
Error - 7/19/2012 4:09:34 PM | Computer Name = JEANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3277
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 8/23/2012 9:44:02 AM | Computer Name = JEANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3389
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 12/3/2013 12:34:57 PM | Computer Name = JEANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10718
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 2/27/2014 1:42:27 PM | Computer Name = JEANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14225
seconds with 7020 seconds of active time. This session ended with a crash.

Error - 2/27/2014 1:51:07 PM | Computer Name = JEANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 484
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/2/2014 9:52:56 AM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC
Backup) service to connect.

Error - 5/2/2014 9:52:56 AM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error:   %%1053

Error - 5/2/2014 4:14:47 PM | Computer Name = JEANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service COMSysApp with
arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}

Error - 5/2/2014 4:14:51 PM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ System Application
service to connect.

Error - 5/2/2014 4:14:51 PM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7000
Description = The COM+ System Application service failed to start due to the following
error:   %%1053

Error - 5/2/2014 4:14:51 PM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7034
Description = The Wave UCSPlus service terminated unexpectedly. It has done this
1 time(s).

Error - 5/2/2014 6:09:29 PM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7034
Description = The Computer Backup (MyPC Backup) service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/5/2014 5:22:38 PM | Computer Name = JEANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2014 5:23:14 PM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   APPDRV BHDrvx86 ccSet_N360 ctxusbm eeCtrl Fips intelppm SRTSP SRTSPX SymIRON SYMTDI

Error - 5/5/2014 5:41:19 PM | Computer Name = JEANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

#2
zep516

Posted 05 May 2014 - 07:36 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

First remove these programs from you add/remove list. Click > start > controlpanel > Add / remove.

1- Viewpoint Media Player
2- SearchAssist
3- My Scrap Nook Toolbar
4- Java 6 Update 33

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post:

1- Adwcleaner [SO].txt

2 JRT.txt

Thanks
Joe

#3
Falcor2

Posted 06 May 2014 - 11:35 AM

Member

Topic Starter
Member
59 posts

Hi zep516

Wow, I can get online now without a lockup sofar! I had to use a flash drive and another computer to load all the programs and about 6 tries to post the first topic. But, now I can go right in to G2G with no problems sofar. The Adwcleaner [SO].txt and JRT. txt to follow.

Thanks

Falcor2

Adwcleaner [SO].txt

===================================

# AdwCleaner v3.207 - Report created 06/05/2014 at 12:14:54
# Updated 05/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Front Desk - JEANNE
# Running from : C:\Documents and Settings\Front Desk\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Swift Browse
[#] Service Deleted : Util Swift Browse
[#] Service Deleted : UtilityChest_49Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\MyPC Backup
[!] Folder Deleted : C:\Program Files\Swift Browse
Folder Deleted : C:\Program Files\UtilityChest_49
Folder Deleted : C:\Documents and Settings\Front Desk\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Front Desk\Application Data\pccustubinstaller
Folder Deleted : C:\Documents and Settings\Front Desk\Application Data\UtilityChest_49

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23699B0B-C14D-4054-A545-FC0927BB0879}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BB3E614-F616-42DD-A99A-69C1FC268741}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35274ADF-B8DE-4909-80D1-A26269216903}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F2F1B3C-EDA7-46EC-A1CA-12A67CD00A82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BBF357E-EA8C-48BF-83CA-DE279FB83BBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AAFD84D-5F7F-42E5-9FB4-157925C3ED2F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83CE5D73-E3DE-4DC5-82C2-3B65DFD0A849}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929825DF-A1B4-40C9-8F3C-6DA06BADC150}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C86BFADB-406F-47C7-A8D8-FAA37B39089F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D92EDE9A-70A4-469F-AF8F-38C3F278B0A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8E1BDAB-F48F-46F9-8693-4EECB83D1AD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8EFEE482-37BC-4F3D-83E6-CB5BBE077E43}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A55CBB2-2B2E-4A41-9DE1-6AC5D2C2BE0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3B5C47E-61F7-4D81-AF06-461FC86686CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7A55CBB2-2B2E-4A41-9DE1-6AC5D2C2BE0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B3B5C47E-61F7-4D81-AF06-461FC86686CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{992177A5-DF3C-4EC2-B779-6A5F94704CCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFBAF9B2-2093-4D16-9D1F-348AE68408E4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Swift Browse
Key Deleted : HKCU\Software\UtilityChest_49
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Swift Browse
Key Deleted : HKLM\Software\UtilityChest_49
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Swift Browse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UtilityChest_49bar Uninstall

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [14708 octets] - [06/05/2014 12:09:19]
AdwCleaner[S0].txt - [14970 octets] - [06/05/2014 12:14:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15031 octets] ##########

JRT.txt

====================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Front Desk on Tue 05/06/2014 at 12:28:45.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/06/2014 at 12:50:55.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4
zep516

Posted 06 May 2014 - 12:53 PM

Trusted Helper

Malware Removal
8,090 posts

Next

We need to do a fix to delete some files using OTL

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2014/05/05 17:01:43 | 000,316,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Swift Browse\updateSwiftBrowse.exe -- (Update Swift Browse)
SRV - [2014/05/05 16:28:22 | 000,316,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe -- (Util Swift Browse)
SRV - [2013/05/24 08:40:17 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service)
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
[2014/04/30 20:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Utility Chest) - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (My Scrap Nook) - {FE6F06FB-0FC0-4499-828F-EE48088F504F} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O4 - HKLM..\Run: []  File not found
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2014/05/05 17:44:02 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 

:Files

ipconfig /flushdns /c
C:\Program Files\Swift Browse\updateSwiftBrowse.exe
C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe
C:\Program Files\Swift Browse\bin\SwiftBrowse.BrowserAdapter.exe
C:\Program Files\Swift Browse\bin\SwiftBrowse.PurBrowse.exe
C:\Windows\tasks\At*.job

:Commands

[emptytemp]
[resethosts]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

In your next reply please post:

1-The OTL Fix log located here-->C:\_OTL\Moved Files

2- A new OTL Log after quick scan was ran.

3- Tell me how things are?

Thanks
Joe

#5
Falcor2

Posted 06 May 2014 - 02:21 PM

Member

Topic Starter
Member
59 posts

Hi zep516

In your next reply please post:

1-The OTL Fix log located here-->C:\_OTL\Moved Files

2- A new OTL Log after quick scan was ran.

Logs to Follow

3- Tell me how things are?

To me, the computer seems to work very well both online and offline. When my wife gets home later, i'll have her check her work programs and let you know.

Thanks

Falcor2

OTL Fix Log

====================================

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Update Swift Browse was found to stop!
Service\Driver key Update Swift Browse not found.
File C:\Program Files\Swift Browse\updateSwiftBrowse.exe not found.
Error: No service named Util Swift Browse was found to stop!
Service\Driver key Util Swift Browse not found.
File C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe not found.
Error: No service named MyScrapNook_12Service was found to stop!
Service\Driver key MyScrapNook_12Service not found.
File C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}\ not found.
File C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fe6f06fb-0fc0-4499-828f-ee48088f504f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\ not found.
File C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CF67755F-9265-449C-87CF-B945519E073B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF67755F-9265-449C-87CF-B945519E073B}\ not found.
File C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6F06FB-0FC0-4499-828F-EE48088F504F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE6F06FB-0FC0-4499-828F-EE48088F504F}\ not found.
File C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
C:\WINDOWS\002932_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Front Desk\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Front Desk\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Swift Browse\updateSwiftBrowse.exe not found.
File\Folder C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe not found.
C:\Program Files\Swift Browse\bin\SwiftBrowse.BrowserAdapter.exe moved successfully.
File\Folder C:\Program Files\Swift Browse\bin\SwiftBrowse.PurBrowse.exe not found.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 43 bytes

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 57472 bytes

User: dub_cm_auto

User: Front Desk
->Temp folder emptied: 62763 bytes
->Temporary Internet Files folder emptied: 6286344 bytes
->Java cache emptied: 3189349 bytes
->FireFox cache emptied: 4679507 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 58130 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Flash cache emptied: 574 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56502 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11577620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4891 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 440685020 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 78875472 bytes
RecycleBin emptied: 324441 bytes

Total Files Cleaned = 521.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05062014_151905

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Quick scan

========================================

OTL logfile created on: 5/6/2014 3:31:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Front Desk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.01% Memory free
3.33 Gb Paging File | 2.64 Gb Available in Paging File | 79.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 79.29 Gb Free Space | 70.97% Space Free | Partition Type: NTFS
Drive D: | 175.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.84 Gb Total Space | 3.84 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: JEANNE | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/05 17:40:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
PRC - [2014/04/30 20:54:42 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/18 08:27:13 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/04/18 08:26:58 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2014/03/12 04:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\n360.exe
PRC - [2013/03/20 12:12:17 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/12/14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:25:10 | 000,129,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/12/12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/07/28 09:06:44 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/05/14 14:07:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 15:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/19 00:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/02 15:57:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/05/02 15:43:39 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/05/02 15:43:26 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/05/02 15:42:14 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/05/02 15:42:06 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2010/05/13 23:47:42 | 000,169,472 | ---- | M] () -- C:\WINDOWS\system32\ZLhp1020.DLL
MOD - [2010/05/13 23:47:28 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PPhp1020.DLL
MOD - [2007/01/30 16:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 16:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2003/08/29 05:23:49 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Services (SafeList) ==========

SRV - [2014/04/30 20:56:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/30 20:54:42 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/18 08:27:13 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/04/18 08:26:58 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/12 04:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe -- (N360)
SRV - [2013/12/27 15:59:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/20 12:12:17 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/28 09:06:44 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/05/14 14:07:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 19:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/05/14 15:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/19 00:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 22:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/04/24 20:47:30 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140506.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/04/24 20:47:30 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140506.001\NAVENG.SYS -- (NAVENG)
DRV - [2014/04/24 12:17:58 | 000,055,232 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t.sys -- ({2b4fc5ce-fd26-493c-97d3-e808aab73013}t)
DRV - [2014/04/18 08:26:59 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2014/03/26 09:39:19 | 000,383,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140505.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2014/03/18 21:24:12 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/03/04 00:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\symefa.sys -- (SymEFA)
DRV - [2014/02/17 21:32:41 | 000,423,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\symtdi.sys -- (SYMTDI)
DRV - [2014/02/12 21:59:49 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\srtsp.sys -- (SRTSP)
DRV - [2014/01/13 07:14:20 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/02 10:10:59 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/12/02 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/26 22:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 22:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 22:47:42 | 000,047,960 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2013/09/09 22:47:42 | 000,047,960 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2013/09/09 22:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\symds.sys -- (SymDS)
DRV - [2013/09/09 21:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1502000.026\srtspx.sys -- (SRTSPX)
DRV - [2013/05/24 08:32:05 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/12/05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/12 16:36:38 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/13 00:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 00:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 07:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 19:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 19:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 19:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 18:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/28 16:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {DD259C95-6D0C-4027-9478-CEB509D0DDE3}
IE - HKCU\..\SearchScopes\{DD259C95-6D0C-4027-9478-CEB509D0DDE3}: "URL" = http://search.yahoo....tf-8&fr=att-ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/17 17:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/05/06 15:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/02 10:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/17 17:33:06 | 000,000,000 | ---D | M]

[2013/11/13 18:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Extensions
[2013/12/02 11:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\extensions
[2013/11/25 16:50:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\extensions\[email protected]
[2013/11/13 18:02:08 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\6w0wk1wa.default\searchplugins\amazon.xml
[2014/05/06 11:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/27 15:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/27 15:59:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: true
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....sa&d=2013-10-22 09:38:56&v=15.6.1.2&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1
CHR - homepage:

O1 HOSTS File: ([2014/05/06 15:20:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: audible.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: flaglerhospital.org ([images] https in Trusted sites)
O15 - HKCU\..Trusted Domains: radmd.com ([www] https in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/Scripts/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.flaglerh...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} https://images.docto...l/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa10)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://www.flaglerho...vpn/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1078 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2239EF8C-819A-4115-AC14-D60C944FE5A9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{319CB493-C1AA-42CD-89B4-2AE44929C51E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9479C24B-3DD6-4ED9-AA95-D0D78551B73E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - http://mail.yimg.com..._0_2/js/msgr.js
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/22 09:34:58 | 000,000,053 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/06 15:19:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/06 12:28:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/06 12:09:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/06 12:09:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/06 12:00:24 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Front Desk\Desktop\JRT.exe
[2014/05/05 17:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2014/05/05 17:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/05/02 15:16:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/05/02 15:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/05/02 15:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/05/02 15:16:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/05/02 14:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/04/30 20:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\Sun
[2014/04/30 20:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/04/30 20:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Application Data\Oracle
[2014/04/24 22:04:55 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t.sys
[2014/04/16 10:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\Reviewer
[2014/04/16 10:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sorna
[2014/04/16 10:16:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2014/04/16 10:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2014/04/16 10:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\Xenocode

========== Files - Modified Within 30 Days ==========

[2014/05/06 15:24:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/06 15:23:10 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/06 15:22:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/06 15:22:07 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/06 15:20:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/05/06 14:54:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/06 14:22:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/06 12:00:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Front Desk\Desktop\JRT.exe
[2014/05/06 11:56:18 | 001,316,991 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\adwcleaner.exe
[2014/05/05 17:40:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2014/05/02 18:25:14 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Microsoft Office Word 2007.lnk
[2014/05/02 18:21:36 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Automated MD - User Login.url
[2014/05/02 18:19:17 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\ALLSCRIPTS FLAGLER.url
[2014/05/02 15:48:57 | 000,483,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/05/02 15:48:57 | 000,080,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/05/02 15:45:06 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/05/02 14:20:49 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/05/02 11:50:06 | 002,004,653 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2014/04/30 20:30:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2014/04/28 08:51:21 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Adobe Reader X.lnk
[2014/04/24 12:17:58 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t.sys
[2014/04/18 08:28:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/04/18 08:26:59 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2014/04/18 08:26:58 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2014/04/18 08:26:58 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2014/04/16 14:11:33 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\St. Augustine Imaging Electronic Order.url
[2014/04/11 08:24:35 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2014/04/11 08:24:33 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak

========== Files Created - No Company Name ==========

[2014/05/06 11:57:17 | 001,316,991 | ---- | C] () -- C:\Documents and Settings\Front Desk\Desktop\adwcleaner.exe
[2014/05/05 17:42:37 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/02 10:02:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/05/02 10:02:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/04/03 09:22:05 | 000,064,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/02/20 18:08:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2013/05/10 08:31:22 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/05/08 17:30:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\XREXImageViewerLite.INI
[2013/02/06 18:10:38 | 000,906,654 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2007805527-2214855839-2415389009-1005-0.dat
[2013/01/17 18:04:36 | 000,226,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/08 10:24:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/09/04 13:28:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2012/08/29 11:59:00 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Front Desk\g2mdlhlpx.exe
[2012/08/18 14:36:42 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2012/08/18 14:30:50 | 000,178,446 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2012/08/18 14:30:50 | 000,002,428 | R--- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2012/07/28 09:38:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2012/07/28 09:38:43 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2012/07/28 09:38:42 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2012/07/28 00:01:23 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/07/28 00:01:23 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/07/28 00:00:49 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012/07/27 23:57:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2012/07/27 23:57:15 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/07/27 23:57:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/07/27 23:57:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/07/27 23:56:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2012/07/27 23:51:35 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2012/07/27 23:25:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPWMA.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPSBEXT.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPFIDRV.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPFBASE.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XPSPAUDRV.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XMCIPSPWA.INI
[2012/07/16 11:20:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\XMCIPSPCT.INI
[2012/07/16 11:20:38 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\XPSPWAVE.INI
[2012/07/16 11:20:38 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\PSPUSBLB.INI
[2012/07/16 11:20:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\XPSPMP3.INI
[2012/07/16 11:20:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\XPSPDSS.INI
[2012/07/16 11:20:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\XPSPDDI.INI
[2012/07/03 19:05:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/05 12:55:39 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\ZLhp1020.DLL
[2012/06/05 12:55:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2012/06/05 12:55:36 | 000,365,568 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2012/06/05 09:04:59 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\zshp1020s.dll
[2011/07/28 09:24:26 | 000,015,842 | -HS- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
[2011/07/28 09:24:26 | 000,015,842 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
[2008/06/19 17:00:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/05 11:11:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Front Desk\Application Data\PFP110JPR.{PB
[2007/11/05 11:11:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Front Desk\Application Data\PFP110JCM.{PB

========== ZeroAccess Check ==========

[2012/07/28 11:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/03 11:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2013/01/03 10:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/07/19 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/08/20 10:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/01/09 18:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2013/05/24 08:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/06/23 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2014/05/06 10:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/18 15:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2007/10/09 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2012/07/27 23:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2008/05/15 10:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/27 23:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/04/16 10:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sorna
[2012/07/28 08:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2007/10/09 02:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2013/07/05 15:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/03/13 15:13:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Front Desk\Application Data\.#
[2013/05/24 08:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\0F0C1V0C1T1I1P1G1Q1T1C
[2013/03/21 09:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\com.adobe.air.aaos.Code-X2013
[2014/03/07 09:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\com.adobe.air.aaos.Code-X2014
[2013/06/19 15:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\DatCard Systems, Inc
[2013/01/09 18:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ICAClient
[2011/06/23 15:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Juniper Networks
[2014/02/19 14:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\LaunchPad
[2014/04/30 20:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Oracle
[2014/03/07 09:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Roaming
[2012/09/06 15:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ScanSoft
[2009/06/22 11:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Stamps.com Internet Postage
[2014/04/24 17:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\Wave Systems Corp
[2012/09/20 11:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\webex
[2013/07/05 15:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\WildTangent

========== Purity Check ==========

< End of report >

#6
Falcor2

Posted 06 May 2014 - 07:53 PM

Member

Topic Starter
Member
59 posts

Hi zep516

When my wife got home, she tested her work programs and said they work great online and offline.

Thanks

Falcor2

#7
zep516

Posted 06 May 2014 - 08:24 PM

Trusted Helper

Malware Removal
8,090 posts

Hello Falcor2,

That's fine. There's a few things to do yet to finalize the exercise. Run Malwarebytes and ESET. You don't need to do it tonite, when you get time, I'd like to see those logs.

Next

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
Enable free trial of Malwarebytes Anti-Malware Premium
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Then

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

1- Post the Malwarebytes log

2- Post the ESET On-Line scan report.

Thanks
Joe

#8
Falcor2

Posted 07 May 2014 - 05:04 PM

Member

Topic Starter
Member
59 posts

Hi zep516

I finally got ESET to run, as no start button was there and the screen was cutoff.

Both logs to follow

Thanks

Falcor2

Malwarebytes log

=======================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/7/2014
Scan Time: 2:36:42 PM
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.07.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Front Desk

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331163
Time Elapsed: 24 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@UtilityChest_49.com/Plugin, Quarantined, [5e3486c8b8c355e18083b5c5ed156d93],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[6c2668e69fdca98d34abbe7a33d19f61]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESET On-Line scan report

==============================================

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b46b764dd7135a4ba3464345d67850d5
# engine=18174
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-07 10:29:05
# local_time=2014-05-07 06:29:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3592 16777213 100 90 0 150077841 0 0
# scanned=39413
# found=35
# cleaned=0
# scan_time=2447
sh=9F9F4B6D321A863D0BA11861B2EBCA6A8DCEB530 ft=1 fh=a5b54f28a1d8bf1c vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\updateSwiftBrowse.exe.vir"
sh=27932F1ED071B3F684C2795CCF671C91B9EA1471 ft=1 fh=052cdc8b04f6d8cb vn="a variant of Win32/BrowseFox.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\SwiftBrowse.BrowserAdapter.exe.vir"
sh=599752128E13599B64487B60475F9B4362FBEC93 ft=1 fh=e33097500c5f45c7 vn="a variant of Win32/BrowseFox.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\SwiftBrowse.PurBrowse.exe.vir"
sh=1ADA06EE2E2151D4838836965B90A8D750BDB542 ft=1 fh=71ff3b7208298ad3 vn="a variant of Win32/BrowseFox.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\SwiftBrowseBAApp.dll.vir"
sh=9F9F4B6D321A863D0BA11861B2EBCA6A8DCEB530 ft=1 fh=a5b54f28a1d8bf1c vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\utilSwiftBrowse.exe.vir"
sh=A4F36C6BA6362FA17643F2F066978EB5D66DFB63 ft=1 fh=d65e9a0743b3a920 vn="a variant of Win32/BrowseFox.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\{2b4fc5ce-fd26-493c-97d3-e808aab73013}.dll.vir"
sh=D6E63BC7DB79BFB327568352D292BD4604C5B7E8 ft=1 fh=6b288e71d3560914 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.16.dll.vir"
sh=95B40E0498701771B6818F9CE08D15D0F3A816EE ft=1 fh=1241d95367a02cb0 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.Bromon.dll.vir"
sh=741B0C5260170E9FBF2B4AA818EADC240B55D8E0 ft=1 fh=4cf0d0a164b63092 vn="probably a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.BrowserAdapterS.dll.vir"
sh=CE4171EEAA19ED907F5735864341C92DFE468074 ft=1 fh=c7d8e468dbfc8dcd vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.BrowserFilterG.dll.vir"
sh=198F42C08313CD835989C339315BCB4D252548F0 ft=1 fh=6418360a5c96ea00 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.CompatibilityChecker.dll.vir"
sh=8D9969FEA18357373D2F8180B9B6072609A072A2 ft=1 fh=38ba74412a64e41a vn="a variant of MSIL/BrowseFox.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.FFUpdate.dll.vir"
sh=8219E70BA398E5DB1FE60DAFFCEC28F4F75B1D2B ft=1 fh=db300a5cb111239a vn="a variant of MSIL/BrowseFox.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.GCUpdate.dll.vir"
sh=A817EC7555E79B37C195130BE30C88732D45A48D ft=1 fh=19b13b424643ef7c vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.IEUpdate.dll.vir"
sh=5E79D05ED65EBCB08B2A888BB343EE3B3E503E3F ft=1 fh=fa178772df801860 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Swift Browse\bin\plugins\SwiftBrowse.PurBrowse.dll.vir"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49auxstb.dll.vir"
sh=023614C5AD02AA589BB785CA5CF50DCF194C7AA8 ft=1 fh=38e3c675fc09b45d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49bar.dll.vir"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49barsvc.exe.vir"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49datact.dll.vir"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49htmlmu.dll.vir"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49ieovr.dll.vir"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49impipe.exe.vir"
sh=A62045168FE92EC16E7764ECD96F592D2D63BB7C ft=1 fh=681e62fc23c41c6e vn="probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49Plugin.dll.vir"
sh=C9C4AAE19A349C578399BAC5A5D780ED8BE3AB00 ft=1 fh=b136be0af2d0d6fc vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49reghk.dll.vir"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49skin.dll.vir"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49skplay.exe.vir"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\49SrchMn.exe.vir"
sh=1A9718003447798445400B9F6D232AF3077D2A93 ft=1 fh=900c8fac5a4df2da vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\CREXT.DLL.vir"
sh=3A657ACEB92289972EFA3565B6FEDD7238C3A4B1 ft=1 fh=bc1ec2ace187a07a vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\CrExtP49.exe.vir"
sh=D6B224CF714FD8B35D9FD260E35F9C726B404BB1 ft=1 fh=cee8a51c68142fa4 vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll.vir"
sh=A8B583E2BFA2B7E04C3719FF000CCF7151AEEA7F ft=1 fh=c7c54f98ed54b65c vn="probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\T8HTML.DLL.vir"
sh=6299F84C0BE27BB9FA1F8ED7823B2CCD27F090B5 ft=1 fh=b986eb091e1005cc vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\UtilityChest_49\bar\1.bin\T8TICKER.DLL.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Documents and Settings\Front Desk\Application Data\0F0C1V0C1T1I1P1G1Q1T1C\Calendar Packages\uninstaller.exe"
sh=3E72DC19E224B8C9EEC2549065CF3762481CDD43 ft=1 fh=b8967b787a4ff3ec vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Documents and Settings\Front Desk\My Documents\E. DAVID RISCH, M.D.,PA\BUSINESS\MASTERCARD\MyCalendar_V1.1.exe"

#9
zep516

Posted 07 May 2014 - 06:31 PM

Trusted Helper

Malware Removal
8,090 posts

Hello falcor2,
Use the computer for a few days an see how things are, I'll leave the thread open in case. In the mean time lets clean up the tools we used.

AdwCleaner has Quarantined everything listed in the ESET Scan, by following the next steps that Quarantine folder will be deleted along with all the contents.

Please follow through:

Double-click OTL to start the program.
Copy and paste the following text below into the Custom Scans/Fixes box at the bottom of OTL.

:Commands
[ClearAllRestorePoints]
Then click the Run Fix button.
Let the program run unhindered. When finished click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the button.
Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new, clean one as well as uninstalling the tools used in this process including OTL itself.

Next

Double-click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe